Categories:
.NET (961)
C (387)
C++ (185)
CSS (84)
DBA (8)
General (31)
HTML (48)
Java (641)
JavaScript (220)
JSP (109)
JUnit (31)
MySQL (297)
Networking (10)
Oracle (562)
Perl (48)
Perl (9)
PHP (259)
PL/SQL (140)
RSS (51)
Software QA (28)
SQL Server (5)
Struts (20)
Unix (2)
Windows (3)
XHTML (199)
XML (59)
Other Resources:
Can you explain in brief how the ASP.NET authentication process works
Can you explain in brief how the ASP.NET authentication process works?
✍: Guest
ASP.NET does not run by itself, it runs inside the process of IIS. So there are two
authentication layers which exist in ASP.NET system. First authentication happens at
the IIS level and then at the ASP.NET level depending on the WEB.CONFIG file.
Below is how the whole process works:-
IIS first checks to make sure the incoming request comes from an IP address
that is allowed access to the domain. If not it denies the request.
Next IIS performs its own user authentication if it is configured to do so. By
default IIS allows anonymous access, so requests are automatically
authenticated, but you can change this default on a per C application basis
with in IIS.
If the request is passed to ASP.net with an authenticated user, ASP.net checks
to see whether impersonation is enabled. If impersonation is enabled, ASP.net
acts as though it were the authenticated user. If not ASP.net acts with its own
configured account.
Finally the identity from step 3 is used to request resources from the operating
system. If ASP.net authentication can obtain all the necessary resources it
grants the users request otherwise it is denied. Resources can include much
more than just the ASP.net page itself you can also use .Nets code accesssecurity
features to extend this authorization step to disk files, Registry keys
and other resources.
2007-10-24, 6139👍, 0💬
Popular Posts:
Can we get a strongly typed resource class rather than using resource manager? In the previous quest...
How do we get the current culture of the environment in windows and ASP.NET?
How to measure functional software requirement specification (SRS) documents? Well, we need to defin...
What are unadjusted function points and how is it calculated? Unadjusted function points = ILF + EIF...
What is application domain? Explain. An application domain is the CLR equivalent of an operation sys...