January 2018 : Instructor-led Online Course in ASP.NET Core 2.0. Conducted by Bipin Joshi. Read more...
Registration for January 2018 batch of ASP.NET Core 2.0 instructor-led online course has already started. Conducted by Bipin Joshi. Register today ! Click here for more details.

Windows Authentication in ASP.NET

Introduction

Security is an important consideration in your web applications. Securing a web application consists of two steps :

  • Authenticating the user accessing the page
  • Authorizing the user to access the page

Authentication is a process of determining whether a user is the one who he claims to be. Typically this will be determined with the help of user id and password.

Authorization is a process in which you decide whether an authenticated user is allowed to access certain page or resource. For example, operators may not be allowed to view certain confidential financial information that managers can view.

ASP.NET offers various ways to authenticate and authorize users of your web site. They are :

  • Windows authentication
  • Forms authentication (cookie authentication)
  • Passport authentication

In this code sample (which is Part - I of the three part series) we will see how to implement windows authentication.

Windows Authentication

Windows authentication scheme uses traditional mechanisms of Basic, NTLM/Kerberose and Digest authentication. Here IIS uses the credentials of logged in user are used to authenticate web requests. In case integrated windows authentication is turned off a typical gray colored dialog pops up asking for user id and password.

Steps involved in implementing windows authentication and authorization

  • Create a ASP.NET web application
  • Modify web.config to set authentication mode to windows
  • Modify web.config to deny access to anonymous users
  • Authorize users based on their NT user groups (roles)

The sample application available for download shows you how to implement this scheme in ASP.NET web applications.

<% displaydownloadlink "Download Sample Application","winauth.zip" %>

Bipin Joshi is a software consultant, an author and a yoga mentor having 22+ years of experience in software development. He also conducts online courses in ASP.NET MVC / Core and Design Patterns. He is a published author and has authored or co-authored books for Apress and Wrox press. Having embraced the Yoga way of life he also teaches Meditation and Mindfulness to interested individuals. To know more about him click here.

Get connected : Twitter  Facebook  Google+  LinkedIn

Posted On : 24 September 2001


Tags : ASP.NET Web Forms Security Configuration