Recall that in user -based security, the authentication question centers on the identity of the user. Credentials are used to prove who the user is. A credential might be a password, a smart card, or a biometric device. Credentials are verified by some security authority, such as Windows or ASP.NET. In certain cases it may be justifiable to provide unverified access to certain resources. This is known as anonymous access, which is often used for public access to ASP.NET resources. In user-based security, the authorization question centers on whether or not the identity can perform the attempted action. The principal is then compared to a list of rights to determine whether the access is permitted. For example, at the file-system level, when you access a file, the username is compared against an ACL for the desired action to determine whether the file access is granted. In a multitier architecture, the identity under which the server executes is often very powerful, and you want to restrict the ability of the client that makes requests to some subset of privileges that the server has. In this case the server can impersonate the client, effectively reducing the privileges to a safer level. In the case of anonymous access, the server does not even know who the actual client is. In this case it makes sense to use a specially devised user account for anonymous access, with special care taken in the determination of rights assigned to the anonymous user. Network CredentialsCredentials can be obtained from an authentication service over the network. The ICredentials interface, which is defined in the System.Net namespace, has one method named GetCredential , which is used for this purpose. The GetCredential method takes a first parameter containing a URI that specifies the location of an authentication service on the network. The second parameter is a string that provides the type of authentication that is desired. The GetCredential method returns a NetworkCredential instance that contains the credentials associated with the specified URI and authorization scheme. When no credentials are available, the GetCredential method returns a null reference. NetworkCredential GetCredential( Uri uri, string authType ); There are only two classes that implement the ICredentials interface: CredentialCache and NetworkCredential. CredentialCache provides storage for a set of multiple credentials. [16] NetworkCredential provides credentials for password-based authentication schemes such as NTLM and Kerberos. The following code snippet gives a general idea of how this technique works.
NetworkCredential nc = new NetworkCredential( "JoeUser","MyPassword","SomeDomain"); CredentialCache cc = new CredentialCache(); cc.Add(new Uri("www.xyz.com"), "Basic", nc); WebRequest wr = WebRequest.Create("www.xyz.com"); wr.Credentials = cc; |