This post is continuation of post Authentication in Asp.Net. Please visit following link before reading this post.
Authentication in Asp.Net - Anonymous Authentication
With the using of windows authentication, identifies and authorizes users based on the server's user list.
Access to resources on the server is then granted or denied based on the use account's privileges.
Windows authentication is best suited for Intranet web application.
The advantage of windows authentication is that, the web application can use the exact same security scheme that applies to your corporate network.
User names,passwords, and permissions are the same for network resources and web applications.
IF both, anonymous and windows authentication are enabled in IIS, and , if we don't have a deny entry for anonymous users in web.config file, then the resources on the web server are accessed using anonymous authentication.
Anonymous authentication can be disabled in IIS and Web.config file.
<authorization>
<deny users="?"/>
</authorization>
? indicates anonymous users
* indicates all users
If you want to have the application code execute using the logged in user identity, then enable impersonation.
If Impersonation is enabled, the application executes using the permission found in your user account. So, if the logged in user has access to a specific network resource, only then he be able to access that resource through the application.
Allowing and denying access to specific users:
<authorization>
<allow users="Logicsmaze_PC\User1, Logicsmaze_PC\User2"/>
<deny users="*"/>
</authorization>
User1 and User2 are the users of Logicsmaze_PC, above setting will only allow user1 and user2 to access the site. None other user can access the server resources.
Using windows roles to control access :
Instead of providing access to each user we can provide access on behalf of roles.So all the users having allowed role can access the server resources.
<authorization>
<allow roles="Administrators"/>
<deny users="*"/>
</authorization>
Related Post :
Other authentication mode in Asp.net is Forms Authentication.Please visit following link for Forms Authentication.
http://logicsmaze.blogspot.in/2015/07/authentication-in-aspnet-forms.html
Authentication in Asp.Net - Anonymous Authentication
With the using of windows authentication, identifies and authorizes users based on the server's user list.
Access to resources on the server is then granted or denied based on the use account's privileges.
Windows authentication is best suited for Intranet web application.
The advantage of windows authentication is that, the web application can use the exact same security scheme that applies to your corporate network.
User names,passwords, and permissions are the same for network resources and web applications.
IF both, anonymous and windows authentication are enabled in IIS, and , if we don't have a deny entry for anonymous users in web.config file, then the resources on the web server are accessed using anonymous authentication.
Anonymous authentication can be disabled in IIS and Web.config file.
<authorization>
<deny users="?"/>
</authorization>
? indicates anonymous users
* indicates all users
If you want to have the application code execute using the logged in user identity, then enable impersonation.
If Impersonation is enabled, the application executes using the permission found in your user account. So, if the logged in user has access to a specific network resource, only then he be able to access that resource through the application.
Allowing and denying access to specific users:
<authorization>
<allow users="Logicsmaze_PC\User1, Logicsmaze_PC\User2"/>
<deny users="*"/>
</authorization>
User1 and User2 are the users of Logicsmaze_PC, above setting will only allow user1 and user2 to access the site. None other user can access the server resources.
Using windows roles to control access :
Instead of providing access to each user we can provide access on behalf of roles.So all the users having allowed role can access the server resources.
<authorization>
<allow roles="Administrators"/>
<deny users="*"/>
</authorization>
Related Post :
Other authentication mode in Asp.net is Forms Authentication.Please visit following link for Forms Authentication.
http://logicsmaze.blogspot.in/2015/07/authentication-in-aspnet-forms.html
No comments:
Post a Comment