尊敬的 微信汇率:1円 ≈ 0.046166 元 支付宝汇率:1円 ≈ 0.046257元 [退出登录]
SlideShare a Scribd company logo

Authentication and Authorization in Asp.Net

Download as PPTX, PDF
Shivanand Arur
Shivanand Arur

This presentation gives a little information about Why Security is important, then moving towards understanding about Authentication and Authorization and its various ways 1. Forms Authentication 2. Windows Authentication 3. Passport Authentication

Technology
1 of 20
Topics – Authentication and Authorization 1. INTRODUCTION  Why Security is important in today’s world?  Different Ways to secure your Website / Application 2. What is IIS? and How to install and host an ASP.NET Website? 3. What is Authentication? 4. What is Authorization? 5. What is an Identity Object? 6. What is a Principal Object?
Topics – Authentication and Authorization • Different ways of Authentication :  Forms Authentication.  Using Cookies  Cookieless  Windows Authentication.  Passport Authentication.
Introduction – Why Security is Important? 1. Security is one of the most important part of any Website or a Web Application. 2. Hackers are waiting out there for us and use various ways to exploit a website / web-application. 3. Hacker can attack in many ways.  Brute Force  Sniffers  Spoofing  Social Engineering  SQL Injection
Introduction - Different Ways to Secure your Application  Design your Application well.  Encrypting the Data while storing.  Input Validation.  Forcing Users for Strong Passwords.  Authentication and Authorization.
What is Internet Information Service(IIS)? • IIS is one of the most powerful Web Server developed by Microsoft to host ASP.NET Websites or Applications. • Its responsibility is to give a Response back to the Request sent by the Client. How does IIS work?
What is Authentication? • Dictionary meaning of “Authentication” is to “Check someone’s genuineness” • In ASP.NET – Authentication means the same. It is a process where you check a person’s credentials. • Example – Facebook, Yahoo, Gmail. What is Authorization? • Providing access to resource based on User’s role. • Authentication always preceeds Authorization
What is an Identity Object? • An Identity Object is an Object which stores information about an Authenticated User. • Contains 2 types of Objects “WindowsIdentity” and “GenericIdentity” What is a Principal Object? • A Principal Object is an Object that basically defines the roles of the Authenticated User. • Principal Object encapsulates the Identity Object.
Forms Authentication • Forms Authentication is nothing but a Cookie based Authentication where a Cookie is stored on the Client’s machine. • It makes use of a Custom Form to accept User’s Credentials. • Credentials are validated with the information stored in a specific source. • Advantage – – It is the simplest way of authenticating Users for websites and applications. – User does not have to login again and again to the same application.
Windows Authentication • Windows Authentication is used in Intranet Environment. • Users credentials are validated with the information stored in the Windows Users Group. • It is not available in Windows 7 Home - Premium, Basic and Starter Versions.
Types of Windows Authentication 1. Anonymous Authentication – It does not authenticates the User. 2. Basic Authentication – User is authenticated and information is sent in BASE-64 Encoded format. 3. Digest Authentication – Works like Basic Authentication, but sends information in an encrypted format. 4. Integrated Windows Authentication – It either uses the NTLM or Kerberos type for authentication.
Working process of NTLM – Also know as Challenge-Response Process
Authentication using Kerberos Mechanism Authentication using Kerberos, contains 3 main components.  Authentication Service (AS)  Validates the Username and Password and sends a simple ticket.  Ticket Granting Server (TGT)  The Client sends the Ticket to the TGT, which sends a Service Ticket.  Service Broker (SB)  The SB, generates the Connection and creates Session for the User to use the Application
2 1 1 2
Passport Authentication • User’s Credentials are authenticated using the Microsoft’s websites (Windows Live, Hotmail). • User’s are sent to the Microsoft’s Login page for authentication. • User is not authorized. • Developer does not require to create his own Custom Login Form. • For using the Passport Authentication service, you will have to download the .Net Passport SDK and will also need to register the Application using the .Net Service Manager.
THANK YOU

Recommended

Java Servlets
Java ServletsJava Servlets
Java Servlets
BG Java EE Course
 
Introduction to Spring Framework
Introduction to Spring Framework Introduction to Spring Framework
Introduction to Spring Framework
Serhat Can
 
Json
JsonJson
Json
krishnapriya Tadepalli
 
Web forms in ASP.net
Web forms in ASP.netWeb forms in ASP.net
Web forms in ASP.net
Madhuri Kavade
 
JSON Web Token
JSON Web TokenJSON Web Token
JSON Web Token
Deddy Setyadi
 
Java J2EE
Java J2EEJava J2EE
Java J2EE
Sandeep Rawat
 
Express js
Express jsExpress js
Express js
Manav Prasad
 
SignalR for ASP.NET Developers
SignalR for ASP.NET DevelopersSignalR for ASP.NET Developers
SignalR for ASP.NET Developers
Shivanand Arur
 

Recommended

Java Servlets
Java ServletsJava Servlets
Java Servlets
BG Java EE Course
 
Introduction to Spring Framework
Introduction to Spring Framework Introduction to Spring Framework
Introduction to Spring Framework
Serhat Can
 
Json
JsonJson
Json
krishnapriya Tadepalli
 
Web forms in ASP.net
Web forms in ASP.netWeb forms in ASP.net
Web forms in ASP.net
Madhuri Kavade
 
JSON Web Token
JSON Web TokenJSON Web Token
JSON Web Token
Deddy Setyadi
 
Java J2EE
Java J2EEJava J2EE
Java J2EE
Sandeep Rawat
 
Express js
Express jsExpress js
Express js
Manav Prasad
 
SignalR for ASP.NET Developers
SignalR for ASP.NET DevelopersSignalR for ASP.NET Developers
SignalR for ASP.NET Developers
Shivanand Arur
 
Angularjs PPT
Angularjs PPTAngularjs PPT
Angularjs PPT
Amit Baghel
 
Token Authentication in ASP.NET Core
Token Authentication in ASP.NET CoreToken Authentication in ASP.NET Core
Token Authentication in ASP.NET Core
Stormpath
 
ASP.NET Web API
ASP.NET Web APIASP.NET Web API
ASP.NET Web API
habib_786
 
Json web token
Json web tokenJson web token
Json web token
Mayank Patel
 
Introduction to Node.js
Introduction to Node.jsIntroduction to Node.js
Introduction to Node.js
Vikash Singh
 
Json Web Token - JWT
Json Web Token - JWTJson Web Token - JWT
Json Web Token - JWT
Prashant Walke
 
Asp.net state management
Asp.net state managementAsp.net state management
Asp.net state management
priya Nithya
 
Spring Security 5
Spring Security 5Spring Security 5
Spring Security 5
Jesus Perez Franco
 
Linq to sql
Linq to sqlLinq to sql
Linq to sql
Shivanand Arur
 
LINQ in C#
LINQ in C#LINQ in C#
LINQ in C#
Basant Medhat
 
Authentication vs authorization
Authentication vs authorizationAuthentication vs authorization
Authentication vs authorization
Frank Victory
 
Servlets
ServletsServlets
Servlets
ZainabNoorGul
 
Modern API Security with JSON Web Tokens
Modern API Security with JSON Web TokensModern API Security with JSON Web Tokens
Modern API Security with JSON Web Tokens
Jonathan LeBlanc
 
Introduction to ASP.NET
Introduction to ASP.NETIntroduction to ASP.NET
Introduction to ASP.NET
Rajkumarsoy
 
C#.NET
C#.NETC#.NET
C#.NET
gurchet
 
Jdbc ppt
Jdbc pptJdbc ppt
Jdbc ppt
sandeep54552
 
Introduction to c#
Introduction to c#Introduction to c#
Introduction to c#
OpenSource Technologies Pvt. Ltd.
 
Exception Handling in JAVA
Exception Handling in JAVAException Handling in JAVA
Exception Handling in JAVA
SURIT DATTA
 
OpenId Connect Protocol
OpenId Connect ProtocolOpenId Connect Protocol
OpenId Connect Protocol
Michael Furman
 
Web services SOAP
Web services SOAPWeb services SOAP
Web services SOAP
princeirfancivil
 
Authentication, authorization, accounting(aaa) slides
Authentication, authorization, accounting(aaa) slidesAuthentication, authorization, accounting(aaa) slides
Authentication, authorization, accounting(aaa) slides
rahul kundu
 
Difference between authentication and authorization in asp.net
Difference between authentication and authorization in asp.netDifference between authentication and authorization in asp.net
Difference between authentication and authorization in asp.net
Umar Ali
 

More Related Content

What's hot

Angularjs PPT
Angularjs PPTAngularjs PPT
Angularjs PPT
Amit Baghel
 
Token Authentication in ASP.NET Core
Token Authentication in ASP.NET CoreToken Authentication in ASP.NET Core
Token Authentication in ASP.NET Core
Stormpath
 
ASP.NET Web API
ASP.NET Web APIASP.NET Web API
ASP.NET Web API
habib_786
 
Json web token
Json web tokenJson web token
Json web token
Mayank Patel
 
Introduction to Node.js
Introduction to Node.jsIntroduction to Node.js
Introduction to Node.js
Vikash Singh
 
Json Web Token - JWT
Json Web Token - JWTJson Web Token - JWT
Json Web Token - JWT
Prashant Walke
 
Asp.net state management
Asp.net state managementAsp.net state management
Asp.net state management
priya Nithya
 
Spring Security 5
Spring Security 5Spring Security 5
Spring Security 5
Jesus Perez Franco
 
Linq to sql
Linq to sqlLinq to sql
Linq to sql
Shivanand Arur
 
LINQ in C#
LINQ in C#LINQ in C#
LINQ in C#
Basant Medhat
 
Authentication vs authorization
Authentication vs authorizationAuthentication vs authorization
Authentication vs authorization
Frank Victory
 
Servlets
ServletsServlets
Servlets
ZainabNoorGul
 
Modern API Security with JSON Web Tokens
Modern API Security with JSON Web TokensModern API Security with JSON Web Tokens
Modern API Security with JSON Web Tokens
Jonathan LeBlanc
 
Introduction to ASP.NET
Introduction to ASP.NETIntroduction to ASP.NET
Introduction to ASP.NET
Rajkumarsoy
 
C#.NET
C#.NETC#.NET
C#.NET
gurchet
 
Jdbc ppt
Jdbc pptJdbc ppt
Jdbc ppt
sandeep54552
 
Introduction to c#
Introduction to c#Introduction to c#
Introduction to c#
OpenSource Technologies Pvt. Ltd.
 
Exception Handling in JAVA
Exception Handling in JAVAException Handling in JAVA
Exception Handling in JAVA
SURIT DATTA
 
OpenId Connect Protocol
OpenId Connect ProtocolOpenId Connect Protocol
OpenId Connect Protocol
Michael Furman
 
Web services SOAP
Web services SOAPWeb services SOAP
Web services SOAP
princeirfancivil
 

What's hot (20)

Angularjs PPT
Angularjs PPTAngularjs PPT
Angularjs PPT
 
Token Authentication in ASP.NET Core
Token Authentication in ASP.NET CoreToken Authentication in ASP.NET Core
Token Authentication in ASP.NET Core
 
ASP.NET Web API
ASP.NET Web APIASP.NET Web API
ASP.NET Web API
 
Json web token
Json web tokenJson web token
Json web token
 
Introduction to Node.js
Introduction to Node.jsIntroduction to Node.js
Introduction to Node.js
 
Json Web Token - JWT
Json Web Token - JWTJson Web Token - JWT
Json Web Token - JWT
 
Asp.net state management
Asp.net state managementAsp.net state management
Asp.net state management
 
Spring Security 5
Spring Security 5Spring Security 5
Spring Security 5
 
Linq to sql
Linq to sqlLinq to sql
Linq to sql
 
LINQ in C#
LINQ in C#LINQ in C#
LINQ in C#
 
Authentication vs authorization
Authentication vs authorizationAuthentication vs authorization
Authentication vs authorization
 
Servlets
ServletsServlets
Servlets
 
Modern API Security with JSON Web Tokens
Modern API Security with JSON Web TokensModern API Security with JSON Web Tokens
Modern API Security with JSON Web Tokens
 
Introduction to ASP.NET
Introduction to ASP.NETIntroduction to ASP.NET
Introduction to ASP.NET
 
C#.NET
C#.NETC#.NET
C#.NET
 
Jdbc ppt
Jdbc pptJdbc ppt
Jdbc ppt
 
Introduction to c#
Introduction to c#Introduction to c#
Introduction to c#
 
Exception Handling in JAVA
Exception Handling in JAVAException Handling in JAVA
Exception Handling in JAVA
 
OpenId Connect Protocol
OpenId Connect ProtocolOpenId Connect Protocol
OpenId Connect Protocol
 
Web services SOAP
Web services SOAPWeb services SOAP
Web services SOAP
 

Viewers also liked

Authentication, authorization, accounting(aaa) slides
Authentication, authorization, accounting(aaa) slidesAuthentication, authorization, accounting(aaa) slides
Authentication, authorization, accounting(aaa) slides
rahul kundu
 
Difference between authentication and authorization in asp.net
Difference between authentication and authorization in asp.netDifference between authentication and authorization in asp.net
Difference between authentication and authorization in asp.net
Umar Ali
 
Authentication Technologies
Authentication TechnologiesAuthentication Technologies
Authentication Technologies
Nicholas Davis
 
RADIUS
RADIUSRADIUS
RADIUS
amogh_ubale
 
AAA in a nutshell
AAA in a nutshellAAA in a nutshell
AAA in a nutshell
Mohamed Daif
 
AAA & RADIUS Protocols
AAA & RADIUS ProtocolsAAA & RADIUS Protocols
AAA & RADIUS Protocols
Peter R. Egli
 
Authentication(pswrd,token,certificate,biometric)
Authentication(pswrd,token,certificate,biometric)Authentication(pswrd,token,certificate,biometric)
Authentication(pswrd,token,certificate,biometric)
Ali Raw
 
Layer 7: Fine Grained Authorization for Web Services
Layer 7: Fine Grained Authorization for Web ServicesLayer 7: Fine Grained Authorization for Web Services
Layer 7: Fine Grained Authorization for Web Services
CA API Management
 
Nevigation control in asp.net
Nevigation control in asp.netNevigation control in asp.net
Nevigation control in asp.net
parallelminder
 
Formbased authentication in asp.net
Formbased authentication in asp.netFormbased authentication in asp.net
Formbased authentication in asp.net
parallelminder
 
Restoring SharePoint Frontend server
Restoring SharePoint Frontend serverRestoring SharePoint Frontend server
Restoring SharePoint Frontend server
parallelminder
 
Asp.net membership anduserroles_ppt
Asp.net membership anduserroles_pptAsp.net membership anduserroles_ppt
Asp.net membership anduserroles_ppt
Shivanand Arur
 
Authentication and Authorization Architecture in the MEAN Stack
Authentication and Authorization Architecture in the MEAN StackAuthentication and Authorization Architecture in the MEAN Stack
Authentication and Authorization Architecture in the MEAN Stack
FITC
 
Master Pages In Asp.net
Master Pages In Asp.netMaster Pages In Asp.net
Master Pages In Asp.net
parallelminder
 
Asp Net Advance Topics
Asp Net Advance TopicsAsp Net Advance Topics
Asp Net Advance Topics
Ali Taki
 
The Three Musketeers (Authentication, Authorization, Accounting)
The Three Musketeers (Authentication, Authorization, Accounting)The Three Musketeers (Authentication, Authorization, Accounting)
The Three Musketeers (Authentication, Authorization, Accounting)
Sarah Conway
 
Ch3 server controls
Ch3 server controlsCh3 server controls
Ch3 server controls
Madhuri Kavade
 
Master pages ppt
Master pages pptMaster pages ppt
Master pages ppt
Iblesoft
 
Radius server,PAP and CHAP Protocols
Radius server,PAP and CHAP ProtocolsRadius server,PAP and CHAP Protocols
Radius server,PAP and CHAP Protocols
Dhananjay Aloorkar
 
Master pages
Master pagesMaster pages
Master pages
teach4uin
 

Viewers also liked (20)

Authentication, authorization, accounting(aaa) slides
Authentication, authorization, accounting(aaa) slidesAuthentication, authorization, accounting(aaa) slides
Authentication, authorization, accounting(aaa) slides
 
Difference between authentication and authorization in asp.net
Difference between authentication and authorization in asp.netDifference between authentication and authorization in asp.net
Difference between authentication and authorization in asp.net
 
Authentication Technologies
Authentication TechnologiesAuthentication Technologies
Authentication Technologies
 
RADIUS
RADIUSRADIUS
RADIUS
 
AAA in a nutshell
AAA in a nutshellAAA in a nutshell
AAA in a nutshell
 
AAA & RADIUS Protocols
AAA & RADIUS ProtocolsAAA & RADIUS Protocols
AAA & RADIUS Protocols
 
Authentication(pswrd,token,certificate,biometric)
Authentication(pswrd,token,certificate,biometric)Authentication(pswrd,token,certificate,biometric)
Authentication(pswrd,token,certificate,biometric)
 
Layer 7: Fine Grained Authorization for Web Services
Layer 7: Fine Grained Authorization for Web ServicesLayer 7: Fine Grained Authorization for Web Services
Layer 7: Fine Grained Authorization for Web Services
 
Nevigation control in asp.net
Nevigation control in asp.netNevigation control in asp.net
Nevigation control in asp.net
 
Formbased authentication in asp.net
Formbased authentication in asp.netFormbased authentication in asp.net
Formbased authentication in asp.net
 
Restoring SharePoint Frontend server
Restoring SharePoint Frontend serverRestoring SharePoint Frontend server
Restoring SharePoint Frontend server
 
Asp.net membership anduserroles_ppt
Asp.net membership anduserroles_pptAsp.net membership anduserroles_ppt
Asp.net membership anduserroles_ppt
 
Authentication and Authorization Architecture in the MEAN Stack
Authentication and Authorization Architecture in the MEAN StackAuthentication and Authorization Architecture in the MEAN Stack
Authentication and Authorization Architecture in the MEAN Stack
 
Master Pages In Asp.net
Master Pages In Asp.netMaster Pages In Asp.net
Master Pages In Asp.net
 
Asp Net Advance Topics
Asp Net Advance TopicsAsp Net Advance Topics
Asp Net Advance Topics
 
The Three Musketeers (Authentication, Authorization, Accounting)
The Three Musketeers (Authentication, Authorization, Accounting)The Three Musketeers (Authentication, Authorization, Accounting)
The Three Musketeers (Authentication, Authorization, Accounting)
 
Ch3 server controls
Ch3 server controlsCh3 server controls
Ch3 server controls
 
Master pages ppt
Master pages pptMaster pages ppt
Master pages ppt
 
Radius server,PAP and CHAP Protocols
Radius server,PAP and CHAP ProtocolsRadius server,PAP and CHAP Protocols
Radius server,PAP and CHAP Protocols
 
Master pages
Master pagesMaster pages
Master pages
 

Similar to Authentication and Authorization in Asp.Net

SharePoint Saturday The Conference DC - Are you who you say you are share poi...
SharePoint Saturday The Conference DC - Are you who you say you are share poi...SharePoint Saturday The Conference DC - Are you who you say you are share poi...
SharePoint Saturday The Conference DC - Are you who you say you are share poi...
Liam Cleary [MVP]
 
Y U No OAuth, Using Common Patterns to Secure Your Web Applications
Y U No OAuth, Using Common Patterns to Secure Your Web ApplicationsY U No OAuth, Using Common Patterns to Secure Your Web Applications
Y U No OAuth, Using Common Patterns to Secure Your Web Applications
Jason Robert
 
Claim based authentaication
Claim based authentaicationClaim based authentaication
Claim based authentaication
Sean Xiong
 
Y U No OAuth?!?
Y U No OAuth?!?Y U No OAuth?!?
Y U No OAuth?!?
Jason Robert
 
SharePoint Authentication And Authorization SPTechCon San Francisco
SharePoint Authentication And Authorization SPTechCon San FranciscoSharePoint Authentication And Authorization SPTechCon San Francisco
SharePoint Authentication And Authorization SPTechCon San Francisco
Liam Cleary [MVP]
 
Creating a Sign On with Open id connect
Creating a Sign On with Open id connectCreating a Sign On with Open id connect
Creating a Sign On with Open id connect
Derek Binkley
 
Securing SharePoint Apps with OAuth
Securing SharePoint Apps with OAuthSecuring SharePoint Apps with OAuth
Securing SharePoint Apps with OAuth
Kashif Imran
 
Authentication Models
Authentication ModelsAuthentication Models
Authentication Models
Raj Chanchal
 
Security asp.net application
Security asp.net applicationSecurity asp.net application
Security asp.net application
ZAIYAUL HAQUE
 
Introduction to Web Security
Introduction to Web SecurityIntroduction to Web Security
Introduction to Web Security
Kamil Lelonek
 
Kerberos-PKI-Federated identity
Kerberos-PKI-Federated identityKerberos-PKI-Federated identity
Kerberos-PKI-Federated identity
WAFAA AL SALMAN
 
AbedElilahElmahmoumP1.pptx
AbedElilahElmahmoumP1.pptxAbedElilahElmahmoumP1.pptx
AbedElilahElmahmoumP1.pptx
AbedElElahElMHMOOM
 
NIC 2014 Modern Authentication for the Cloud Era
NIC 2014 Modern Authentication for the Cloud EraNIC 2014 Modern Authentication for the Cloud Era
NIC 2014 Modern Authentication for the Cloud Era
Morgan Simonsen
 
SharePoint Saturday Austin - Share point authentication and authorization
SharePoint Saturday Austin - Share point authentication and authorizationSharePoint Saturday Austin - Share point authentication and authorization
SharePoint Saturday Austin - Share point authentication and authorization
Liam Cleary [MVP]
 
Combat Passwords on Post-Its with Multi-Factor Authentication for IBM i
Combat Passwords on Post-Its with Multi-Factor Authentication for IBM iCombat Passwords on Post-Its with Multi-Factor Authentication for IBM i
Combat Passwords on Post-Its with Multi-Factor Authentication for IBM i
Precisely
 
Microsoft Teams community call - February 2020
Microsoft Teams community call - February 2020Microsoft Teams community call - February 2020
Microsoft Teams community call - February 2020
Microsoft 365 Developer
 
Web security
Web securityWeb security
Web security
Padam Banthia
 
JDD2015: Security in the era of modern applications and services - Bolesław D...
JDD2015: Security in the era of modern applications and services - Bolesław D...JDD2015: Security in the era of modern applications and services - Bolesław D...
JDD2015: Security in the era of modern applications and services - Bolesław D...
PROIDEA
 
SCWCD : Secure web : CHAP : 7
SCWCD : Secure web : CHAP : 7SCWCD : Secure web : CHAP : 7
SCWCD : Secure web : CHAP : 7
Ben Abdallah Helmi
 
SCWCD : Secure web
SCWCD : Secure webSCWCD : Secure web
SCWCD : Secure web
Ben Abdallah Helmi
 

Similar to Authentication and Authorization in Asp.Net (20)

SharePoint Saturday The Conference DC - Are you who you say you are share poi...
SharePoint Saturday The Conference DC - Are you who you say you are share poi...SharePoint Saturday The Conference DC - Are you who you say you are share poi...
SharePoint Saturday The Conference DC - Are you who you say you are share poi...
 
Y U No OAuth, Using Common Patterns to Secure Your Web Applications
Y U No OAuth, Using Common Patterns to Secure Your Web ApplicationsY U No OAuth, Using Common Patterns to Secure Your Web Applications
Y U No OAuth, Using Common Patterns to Secure Your Web Applications
 
Claim based authentaication
Claim based authentaicationClaim based authentaication
Claim based authentaication
 
Y U No OAuth?!?
Y U No OAuth?!?Y U No OAuth?!?
Y U No OAuth?!?
 
SharePoint Authentication And Authorization SPTechCon San Francisco
SharePoint Authentication And Authorization SPTechCon San FranciscoSharePoint Authentication And Authorization SPTechCon San Francisco
SharePoint Authentication And Authorization SPTechCon San Francisco
 
Creating a Sign On with Open id connect
Creating a Sign On with Open id connectCreating a Sign On with Open id connect
Creating a Sign On with Open id connect
 
Securing SharePoint Apps with OAuth
Securing SharePoint Apps with OAuthSecuring SharePoint Apps with OAuth
Securing SharePoint Apps with OAuth
 
Authentication Models
Authentication ModelsAuthentication Models
Authentication Models
 
Security asp.net application
Security asp.net applicationSecurity asp.net application
Security asp.net application
 
Introduction to Web Security
Introduction to Web SecurityIntroduction to Web Security
Introduction to Web Security
 
Kerberos-PKI-Federated identity
Kerberos-PKI-Federated identityKerberos-PKI-Federated identity
Kerberos-PKI-Federated identity
 
AbedElilahElmahmoumP1.pptx
AbedElilahElmahmoumP1.pptxAbedElilahElmahmoumP1.pptx
AbedElilahElmahmoumP1.pptx
 
NIC 2014 Modern Authentication for the Cloud Era
NIC 2014 Modern Authentication for the Cloud EraNIC 2014 Modern Authentication for the Cloud Era
NIC 2014 Modern Authentication for the Cloud Era
 
SharePoint Saturday Austin - Share point authentication and authorization
SharePoint Saturday Austin - Share point authentication and authorizationSharePoint Saturday Austin - Share point authentication and authorization
SharePoint Saturday Austin - Share point authentication and authorization
 
Combat Passwords on Post-Its with Multi-Factor Authentication for IBM i
Combat Passwords on Post-Its with Multi-Factor Authentication for IBM iCombat Passwords on Post-Its with Multi-Factor Authentication for IBM i
Combat Passwords on Post-Its with Multi-Factor Authentication for IBM i
 
Microsoft Teams community call - February 2020
Microsoft Teams community call - February 2020Microsoft Teams community call - February 2020
Microsoft Teams community call - February 2020
 
Web security
Web securityWeb security
Web security
 
JDD2015: Security in the era of modern applications and services - Bolesław D...
JDD2015: Security in the era of modern applications and services - Bolesław D...JDD2015: Security in the era of modern applications and services - Bolesław D...
JDD2015: Security in the era of modern applications and services - Bolesław D...
 
SCWCD : Secure web : CHAP : 7
SCWCD : Secure web : CHAP : 7SCWCD : Secure web : CHAP : 7
SCWCD : Secure web : CHAP : 7
 
SCWCD : Secure web
SCWCD : Secure webSCWCD : Secure web
SCWCD : Secure web
 

Recently uploaded

Northern Engraving | Modern Metal Trim, Nameplates and Appliance Panels
Northern Engraving | Modern Metal Trim, Nameplates and Appliance PanelsNorthern Engraving | Modern Metal Trim, Nameplates and Appliance Panels
Northern Engraving | Modern Metal Trim, Nameplates and Appliance Panels
Northern Engraving
 
Communications Mining Series - Zero to Hero - Session 2
Communications Mining Series - Zero to Hero - Session 2Communications Mining Series - Zero to Hero - Session 2
Communications Mining Series - Zero to Hero - Session 2
DianaGray10
 
LF Energy Webinar: Carbon Data Specifications: Mechanisms to Improve Data Acc...
LF Energy Webinar: Carbon Data Specifications: Mechanisms to Improve Data Acc...LF Energy Webinar: Carbon Data Specifications: Mechanisms to Improve Data Acc...
LF Energy Webinar: Carbon Data Specifications: Mechanisms to Improve Data Acc...
DanBrown980551
 
MongoDB vs ScyllaDB: Tractian’s Experience with Real-Time ML
MongoDB vs ScyllaDB: Tractian’s Experience with Real-Time MLMongoDB vs ScyllaDB: Tractian’s Experience with Real-Time ML
MongoDB vs ScyllaDB: Tractian’s Experience with Real-Time ML
ScyllaDB
 
Real-Time Persisted Events at Supercell
Real-Time Persisted Events at SupercellReal-Time Persisted Events at Supercell
Real-Time Persisted Events at Supercell
ScyllaDB
 
Elasticity vs. State? Exploring Kafka Streams Cassandra State Store
Elasticity vs. State? Exploring Kafka Streams Cassandra State StoreElasticity vs. State? Exploring Kafka Streams Cassandra State Store
Elasticity vs. State? Exploring Kafka Streams Cassandra State Store
ScyllaDB
 
An All-Around Benchmark of the DBaaS Market
An All-Around Benchmark of the DBaaS MarketAn All-Around Benchmark of the DBaaS Market
An All-Around Benchmark of the DBaaS Market
ScyllaDB
 
Day 2 - Intro to UiPath Studio Fundamentals
Day 2 - Intro to UiPath Studio FundamentalsDay 2 - Intro to UiPath Studio Fundamentals
Day 2 - Intro to UiPath Studio Fundamentals
UiPathCommunity
 
Session 1 - Intro to Robotic Process Automation.pdf
Session 1 - Intro to Robotic Process Automation.pdfSession 1 - Intro to Robotic Process Automation.pdf
Session 1 - Intro to Robotic Process Automation.pdf
UiPathCommunity
 
ScyllaDB Leaps Forward with Dor Laor, CEO of ScyllaDB
ScyllaDB Leaps Forward with Dor Laor, CEO of ScyllaDBScyllaDB Leaps Forward with Dor Laor, CEO of ScyllaDB
ScyllaDB Leaps Forward with Dor Laor, CEO of ScyllaDB
ScyllaDB
 
Guidelines for Effective Data Visualization
Guidelines for Effective Data VisualizationGuidelines for Effective Data Visualization
Guidelines for Effective Data Visualization
UmmeSalmaM1
 
Lee Barnes - Path to Becoming an Effective Test Automation Engineer.pdf
Lee Barnes - Path to Becoming an Effective Test Automation Engineer.pdfLee Barnes - Path to Becoming an Effective Test Automation Engineer.pdf
Lee Barnes - Path to Becoming an Effective Test Automation Engineer.pdf
leebarnesutopia
 
New ThousandEyes Product Features and Release Highlights: June 2024
New ThousandEyes Product Features and Release Highlights: June 2024New ThousandEyes Product Features and Release Highlights: June 2024
New ThousandEyes Product Features and Release Highlights: June 2024
ThousandEyes
 
QR Secure: A Hybrid Approach Using Machine Learning and Security Validation F...
QR Secure: A Hybrid Approach Using Machine Learning and Security Validation F...QR Secure: A Hybrid Approach Using Machine Learning and Security Validation F...
QR Secure: A Hybrid Approach Using Machine Learning and Security Validation F...
AlexanderRichford
 
TrustArc Webinar - Your Guide for Smooth Cross-Border Data Transfers and Glob...
TrustArc Webinar - Your Guide for Smooth Cross-Border Data Transfers and Glob...TrustArc Webinar - Your Guide for Smooth Cross-Border Data Transfers and Glob...
TrustArc Webinar - Your Guide for Smooth Cross-Border Data Transfers and Glob...
TrustArc
 
intra-mart Accel series 2024 Spring updates_En
intra-mart Accel series 2024 Spring updates_Enintra-mart Accel series 2024 Spring updates_En
intra-mart Accel series 2024 Spring updates_En
NTTDATA INTRAMART
 
CTO Insights: Steering a High-Stakes Database Migration
CTO Insights: Steering a High-Stakes Database MigrationCTO Insights: Steering a High-Stakes Database Migration
CTO Insights: Steering a High-Stakes Database Migration
ScyllaDB
 
So You've Lost Quorum: Lessons From Accidental Downtime
So You've Lost Quorum: Lessons From Accidental DowntimeSo You've Lost Quorum: Lessons From Accidental Downtime
So You've Lost Quorum: Lessons From Accidental Downtime
ScyllaDB
 
CNSCon 2024 Lightning Talk: Don’t Make Me Impersonate My Identity
CNSCon 2024 Lightning Talk: Don’t Make Me Impersonate My IdentityCNSCon 2024 Lightning Talk: Don’t Make Me Impersonate My Identity
CNSCon 2024 Lightning Talk: Don’t Make Me Impersonate My Identity
Cynthia Thomas
 
Call Girls Chennai ☎️ +91-7426014248 😍 Chennai Call Girl Beauty Girls Chennai...
Call Girls Chennai ☎️ +91-7426014248 😍 Chennai Call Girl Beauty Girls Chennai...Call Girls Chennai ☎️ +91-7426014248 😍 Chennai Call Girl Beauty Girls Chennai...
Call Girls Chennai ☎️ +91-7426014248 😍 Chennai Call Girl Beauty Girls Chennai...
anilsa9823
 

Recently uploaded (20)

Northern Engraving | Modern Metal Trim, Nameplates and Appliance Panels
Northern Engraving | Modern Metal Trim, Nameplates and Appliance PanelsNorthern Engraving | Modern Metal Trim, Nameplates and Appliance Panels
Northern Engraving | Modern Metal Trim, Nameplates and Appliance Panels
 
Communications Mining Series - Zero to Hero - Session 2
Communications Mining Series - Zero to Hero - Session 2Communications Mining Series - Zero to Hero - Session 2
Communications Mining Series - Zero to Hero - Session 2
 
LF Energy Webinar: Carbon Data Specifications: Mechanisms to Improve Data Acc...
LF Energy Webinar: Carbon Data Specifications: Mechanisms to Improve Data Acc...LF Energy Webinar: Carbon Data Specifications: Mechanisms to Improve Data Acc...
LF Energy Webinar: Carbon Data Specifications: Mechanisms to Improve Data Acc...
 
MongoDB vs ScyllaDB: Tractian’s Experience with Real-Time ML
MongoDB vs ScyllaDB: Tractian’s Experience with Real-Time MLMongoDB vs ScyllaDB: Tractian’s Experience with Real-Time ML
MongoDB vs ScyllaDB: Tractian’s Experience with Real-Time ML
 
Real-Time Persisted Events at Supercell
Real-Time Persisted Events at SupercellReal-Time Persisted Events at Supercell
Real-Time Persisted Events at Supercell
 
Elasticity vs. State? Exploring Kafka Streams Cassandra State Store
Elasticity vs. State? Exploring Kafka Streams Cassandra State StoreElasticity vs. State? Exploring Kafka Streams Cassandra State Store
Elasticity vs. State? Exploring Kafka Streams Cassandra State Store
 
An All-Around Benchmark of the DBaaS Market
An All-Around Benchmark of the DBaaS MarketAn All-Around Benchmark of the DBaaS Market
An All-Around Benchmark of the DBaaS Market
 
Day 2 - Intro to UiPath Studio Fundamentals
Day 2 - Intro to UiPath Studio FundamentalsDay 2 - Intro to UiPath Studio Fundamentals
Day 2 - Intro to UiPath Studio Fundamentals
 
Session 1 - Intro to Robotic Process Automation.pdf
Session 1 - Intro to Robotic Process Automation.pdfSession 1 - Intro to Robotic Process Automation.pdf
Session 1 - Intro to Robotic Process Automation.pdf
 
ScyllaDB Leaps Forward with Dor Laor, CEO of ScyllaDB
ScyllaDB Leaps Forward with Dor Laor, CEO of ScyllaDBScyllaDB Leaps Forward with Dor Laor, CEO of ScyllaDB
ScyllaDB Leaps Forward with Dor Laor, CEO of ScyllaDB
 
Guidelines for Effective Data Visualization
Guidelines for Effective Data VisualizationGuidelines for Effective Data Visualization
Guidelines for Effective Data Visualization
 
Lee Barnes - Path to Becoming an Effective Test Automation Engineer.pdf
Lee Barnes - Path to Becoming an Effective Test Automation Engineer.pdfLee Barnes - Path to Becoming an Effective Test Automation Engineer.pdf
Lee Barnes - Path to Becoming an Effective Test Automation Engineer.pdf
 
New ThousandEyes Product Features and Release Highlights: June 2024
New ThousandEyes Product Features and Release Highlights: June 2024New ThousandEyes Product Features and Release Highlights: June 2024
New ThousandEyes Product Features and Release Highlights: June 2024
 
QR Secure: A Hybrid Approach Using Machine Learning and Security Validation F...
QR Secure: A Hybrid Approach Using Machine Learning and Security Validation F...QR Secure: A Hybrid Approach Using Machine Learning and Security Validation F...
QR Secure: A Hybrid Approach Using Machine Learning and Security Validation F...
 
TrustArc Webinar - Your Guide for Smooth Cross-Border Data Transfers and Glob...
TrustArc Webinar - Your Guide for Smooth Cross-Border Data Transfers and Glob...TrustArc Webinar - Your Guide for Smooth Cross-Border Data Transfers and Glob...
TrustArc Webinar - Your Guide for Smooth Cross-Border Data Transfers and Glob...
 
intra-mart Accel series 2024 Spring updates_En
intra-mart Accel series 2024 Spring updates_Enintra-mart Accel series 2024 Spring updates_En
intra-mart Accel series 2024 Spring updates_En
 
CTO Insights: Steering a High-Stakes Database Migration
CTO Insights: Steering a High-Stakes Database MigrationCTO Insights: Steering a High-Stakes Database Migration
CTO Insights: Steering a High-Stakes Database Migration
 
So You've Lost Quorum: Lessons From Accidental Downtime
So You've Lost Quorum: Lessons From Accidental DowntimeSo You've Lost Quorum: Lessons From Accidental Downtime
So You've Lost Quorum: Lessons From Accidental Downtime
 
CNSCon 2024 Lightning Talk: Don’t Make Me Impersonate My Identity
CNSCon 2024 Lightning Talk: Don’t Make Me Impersonate My IdentityCNSCon 2024 Lightning Talk: Don’t Make Me Impersonate My Identity
CNSCon 2024 Lightning Talk: Don’t Make Me Impersonate My Identity
 
Call Girls Chennai ☎️ +91-7426014248 😍 Chennai Call Girl Beauty Girls Chennai...
Call Girls Chennai ☎️ +91-7426014248 😍 Chennai Call Girl Beauty Girls Chennai...Call Girls Chennai ☎️ +91-7426014248 😍 Chennai Call Girl Beauty Girls Chennai...
Call Girls Chennai ☎️ +91-7426014248 😍 Chennai Call Girl Beauty Girls Chennai...
 

Authentication and Authorization in Asp.Net

  • 1.
  • 2. Topics – Authentication and Authorization 1. INTRODUCTION  Why Security is important in today’s world?  Different Ways to secure your Website / Application 2. What is IIS? and How to install and host an ASP.NET Website? 3. What is Authentication? 4. What is Authorization? 5. What is an Identity Object? 6. What is a Principal Object?
  • 3. Topics – Authentication and Authorization • Different ways of Authentication :  Forms Authentication.  Using Cookies  Cookieless  Windows Authentication.  Passport Authentication.
  • 4. Introduction – Why Security is Important? 1. Security is one of the most important part of any Website or a Web Application. 2. Hackers are waiting out there for us and use various ways to exploit a website / web-application. 3. Hacker can attack in many ways.  Brute Force  Sniffers  Spoofing  Social Engineering  SQL Injection
  • 5.
  • 6. Introduction - Different Ways to Secure your Application  Design your Application well.  Encrypting the Data while storing.  Input Validation.  Forcing Users for Strong Passwords.  Authentication and Authorization.
  • 7. What is Internet Information Service(IIS)? • IIS is one of the most powerful Web Server developed by Microsoft to host ASP.NET Websites or Applications. • Its responsibility is to give a Response back to the Request sent by the Client. How does IIS work?
  • 8. What is Authentication? • Dictionary meaning of “Authentication” is to “Check someone’s genuineness” • In ASP.NET – Authentication means the same. It is a process where you check a person’s credentials. • Example – Facebook, Yahoo, Gmail. What is Authorization? • Providing access to resource based on User’s role. • Authentication always preceeds Authorization
  • 9.
  • 10. What is an Identity Object? • An Identity Object is an Object which stores information about an Authenticated User. • Contains 2 types of Objects “WindowsIdentity” and “GenericIdentity” What is a Principal Object? • A Principal Object is an Object that basically defines the roles of the Authenticated User. • Principal Object encapsulates the Identity Object.
  • 11.
  • 12. Forms Authentication • Forms Authentication is nothing but a Cookie based Authentication where a Cookie is stored on the Client’s machine. • It makes use of a Custom Form to accept User’s Credentials. • Credentials are validated with the information stored in a specific source. • Advantage – – It is the simplest way of authenticating Users for websites and applications. – User does not have to login again and again to the same application.
  • 13.
  • 14. Windows Authentication • Windows Authentication is used in Intranet Environment. • Users credentials are validated with the information stored in the Windows Users Group. • It is not available in Windows 7 Home - Premium, Basic and Starter Versions.
  • 15. Types of Windows Authentication 1. Anonymous Authentication – It does not authenticates the User. 2. Basic Authentication – User is authenticated and information is sent in BASE-64 Encoded format. 3. Digest Authentication – Works like Basic Authentication, but sends information in an encrypted format. 4. Integrated Windows Authentication – It either uses the NTLM or Kerberos type for authentication.
  • 16. Working process of NTLM – Also know as Challenge-Response Process
  • 17. Authentication using Kerberos Mechanism Authentication using Kerberos, contains 3 main components.  Authentication Service (AS)  Validates the Username and Password and sends a simple ticket.  Ticket Granting Server (TGT)  The Client sends the Ticket to the TGT, which sends a Service Ticket.  Service Broker (SB)  The SB, generates the Connection and creates Session for the User to use the Application
  • 18. 2 1 1 2
  • 19. Passport Authentication • User’s Credentials are authenticated using the Microsoft’s websites (Windows Live, Hotmail). • User’s are sent to the Microsoft’s Login page for authentication. • User is not authorized. • Developer does not require to create his own Custom Login Form. • For using the Passport Authentication service, you will have to download the .Net Passport SDK and will also need to register the Application using the .Net Service Manager.
  翻译: