Authentication and Authorization

Previous page
Table of content
Next page

For Web sites open to the public, where everyone is allowed to visit all pages, security doesn't require much work. However, it's often the case that parts of a Web site contain sensitive information, which only certain people should see. Some Web sites control access to content so that they can charge a fee. Web security ensures that only authorized people are allowed to view controlled material.

Other reasons for controlling access to a Web site are motivated by marketing. Many sites collect demographic information when people first log in. Subsequent visits are tracked to see what the person is interested in. A perfect example of this is Amazon.com, where they show books and other merchandise based on visitors' viewing preferences. Because a visitor is already a member, they have a permanent record allowing a site to personalize their experience.

To assist in Web site security, ASP.NET has a feature known as Forms-Based Authentication. When users visit a site, they must be authenticated. In other words, the site must be able to ascertain that visitors are who they say they are. Forms-Based Authentication helps manage the authentication process for a Web site. After a user is authenticated, access to parts of the site must be controlled, which is the authorization process. It is important to make sure that users have access to the right locations as well as preventing them from gaining unauthorized access to sensitive content. Forms-Based Authentication helps with both authentication and authorization.

Other forms of authentication that may be used with ASP.NET include Windows Authentication and Passport Authentication. Windows Authentication is a platform-specific security solution. It may have attractive application in an intranet scenario where all participating systems run the Windows operating system, but it is not practical for general Internet deployment. Passport is another Microsoft authentication technology that has the benefit of being able to log in to multiple sites with the same credentials. Because Forms-Based Authentication is a solution that is ready out-of-the-box and has very good general applicability, it is the type of authentication discussed in this chapter.

SITE CREDENTIALS MAY NOT BE SECURE

With Forms-Based Authentication, default credential transfer is in the clear. For better security, a site using Forms-Based Authentication should complement authentication with SSL. Refer to your Web server documentation for configuring SSL as it is implementation-dependent.

Although authentication and authorization are not unique to C#Builder, they are a part of ASP.NET and they will be something you need. With C#Builder, adding authentication to your Web site is easy because all files you need to modify are available via the Project Manager. When an ASP.NET application is created, through a wizard, it creates a Web.config and Global.asax file along with other required files. During the process of building authentication into your site, you will work with Web.config and Global.asax to set up authentication and authorization for your site.


Previous page
Table of content
Next page
C# Builder KickStart
C# Builder KickStart
ISBN: 672325896
EAN: N/A
Year: 2003
Pages: 165
BUY ON AMAZON
High-Speed Signal Propagation[c] Advanced Black Magic
WebLogic: The Definitive Guide
Snort Cookbook
Systematic Software Testing (Artech House Computer Library)
Service-Oriented Architecture (SOA): Concepts, Technology, and Design
After Effects and Photoshop: Animation and Production Effects for DV and Film, Second Edition
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy