What is Passport Authentication?
There are three types of authentications in ASP.NET i.e.
- Windows Authentication
- Forms Authentication
- Passport Authentication
- Anonymous access
Windows Authentication:
If your application is targeted for use inside an
organization, and users accessing the application have existing user accounts
within the local user database of the Web server or Active Directory, you
should authenticate users with Windows authentication.
Form Authentication:
Form-based authentication presents the user with an HTML-based Web page that prompts the user for credentials.
Passport authentication:
You can also authenticate users using a service from Microsoft called Passport. Passport
is a centralized directory of user information that Web sites can use, in exchange for a fee, to authenticate users. Users can choose to allow the Web site access to personal
information stored on Passport, such as the users' addresses, ages, and interests.
is a centralized directory of user information that Web sites can use, in exchange for a fee, to authenticate users. Users can choose to allow the Web site access to personal
information stored on Passport, such as the users' addresses, ages, and interests.
We don’t need to implement our own custom authentication mechanism if implementing .NET Passport Single Sign-In (SSI) service.
Anonymous access
You can explicitly disable authentication for your application if you know that it will be used only by anonymous users.
<configuration>
<system.web>
<authentication mode="None" />
</system.web>
</configuration>
You can explicitly disable authentication for your application if you know that it will be used only by anonymous users.
<configuration>
<system.web>
<authentication mode="None" />
</system.web>
</configuration>
--------------**--------------
Can you briefly explain how Passport Authentication works?
As discussed above that Passport Authentication is a central service. It just authenticate (validate the credentials), no authorization (grant or deny access to a site). So, implementing application will check for the Passport Authentication Cookie. In case of unavailability of Passport Cookie, user is redirected to passport Sign-In page. User provides the credentials on Sign-In page, if validated, Authentication Cookie is stored on client machine and redirected to the requested page.
Below picture clearly explains step by step process of Passport authentication in ASP.NET.
--------------**--------------
What are the advantages of using Passport Authentication?
Advantages of Passport Authentication are:
- We don’t need to care of authentication mechanism our self, Passport SSI does this for us.
- Single login credentials can be used to access multiple sites. User don’t need to remember separate credentials for individual site.
--------------**--------------
What is Role-based Security?
We have discussed about authentication in above questions but another different but related concept is Authorization. Authorization is a process of granting privileges or permissions on resources to an authenticated user. So,
“Role Based Security is a technique we use to implement authorization on the basis of user’s roles within an organization. It’s more granular approach to grant or revoke permissions on resources through user’s roles.“
“Role Based Security is a technique we use to implement authorization on the basis of user’s roles within an organization. It’s more granular approach to grant or revoke permissions on resources through user’s roles.“
--------------**--------------
What are the different Security Controls in ASP.NET?
ASP.NET provides several security controls which are actually Web Server controls. We can see in Visual Studio Toolbox.
Login Control:
In almost every application we need to take user credentials on a typical login page. Login control provides the same standard functionality and reduces the effort for building it from scratch.
In almost every application we need to take user credentials on a typical login page. Login control provides the same standard functionality and reduces the effort for building it from scratch.
LoginName:
After a user successfully logged in to an application, we normally display his/her username to top right or some other place on the page. Now, this functionality is provided by LoginName control.
After a user successfully logged in to an application, we normally display his/her username to top right or some other place on the page. Now, this functionality is provided by LoginName control.
LoginView Control:
LoginView control displays different view for different users. Using AnonymousTemplate and LoggedInTemplate, different information can be presented to different users.
LoginView control displays different view for different users. Using AnonymousTemplate and LoggedInTemplate, different information can be presented to different users.
LoginStatus Control:
LoginStatus control implies whether a user is authenticated or not. For an unathenticated user, it displays a link to login page. On the other hand, for authenticated user, a logout link is displayed.
LoginStatus control implies whether a user is authenticated or not. For an unathenticated user, it displays a link to login page. On the other hand, for authenticated user, a logout link is displayed.
LoginRecovery Control:
Password recovery is another important functionality simplified through PasswordRecovery control. It sends an email with login credentials to registered user email.
Password recovery is another important functionality simplified through PasswordRecovery control. It sends an email with login credentials to registered user email.
--------------**--------------
What is Code-Access Security (CAS)?
Role Based Security that restrict access to resources on the basis of user’s role. CAS (Code Access Security) is entirely a different concept. It’s .NET CLR’s security system that restrict the code to perform an unwanted task by applying security policies.
--------------**--------------
--------------**--------------
What are the key functions of Code Access Security?
Key functions of Code Access Security are :
- Defines permissions and permission sets that represent the right to access various system resources.
- Enables code to demand that its callers have specific permissions.
- Enables code to demand that its callers possess a digital signature, thus allowing only callers from a particular organization or site to call the protected code.
- Enforces restrictions on code at run time by comparing the granted permissions of every caller on the call stack to the permissions that callers must have.
--------------**--------------
What .NET Tool can be used to Enable/Disable CAS?
Code Access Security Tool (Caspol.exe) can be used to turn Code Access Security ON or OFF as follows:
- caspol -security on
- caspol -security off
We can also list all code groups using following command.
- caspol -listgroups
--------------**--------------
What is Impersonation in ASP.NET?
Impersonation is an act of a user to pretend itself to be another user. By default, ASP.NET executes application code using the same user account as that of ASP.NET process i.e. Network Service. But with impersonation enabled, it executes code with the windows identity of the user making the request.
For example, if a user ‘user1′ logged in and IIS is setup to run as Network Service. If ‘user1′ call a piece of code on another computer (may be a web service call), the other computer will see the IIS user instead of ‘user1′. But we can enable impersonation to allow ‘user1′ to access the web service using its windows identity instead of Network Service.
--------------**--------------
How to configure Impersonation in ASP.NET??
By
default, impersonation is disabled in ASP.NET. Impersonation can be
Enabled/Disabled as follows:
</configuration>
<system.web>
<identity impersonate=”true”/> <! — To disable set impersonate=”false” –>
</system.web>
</configuration>
<system.web>
<identity impersonate=”true”/> <! — To disable set impersonate=”false” –>
</system.web>
</configuration>
Impersonate
a specific user account as:
<identity impersonate=”true” userName=”user” password=”pwd”
/>
--------------**--------------
No comments:
Post a Comment