More Group Sites
Education Books
School Rankings
Jobless Net
Better Home
Welcome Guest! To enable all features please Login or Register.



Go to last post Go to first unread
#1 Posted : Tuesday, 14 February 2017 9:14:42 PM(UTC)

Rank: Administration


Groups: AcademicCoachingSchool, admin, Administration, BookSeller, CatholicSchool, CoachingAdult, CoachingProfessional, CoachingSports, ExtraCurriculumCoaching, IndependentSchool, Moderator, MusicTeacher, PrivateSchool, PublicSchool, SelectiveSchool, tutor
Joined: 23/11/2008(UTC)
Posts: 523

IIS 7 and ASP.NET forms and windows authentication

iis authentication
- Anonymous
- ASP.NET Impersonation
- Basic
- Client Certificate Mapping (IIS and Active Directory)
- Digest
- Forms
- Windows

<authentication mode="Windows" />

ASP.NET Authentication
- Windows (default)
- Forms
- Passport
- None
- Forms (Cookie)

The Forms authentication provider is an authentication scheme that makes it possible for the application to collect credentials using an HTML form directly from the client. The client submits credentials directly to your application code for authentication. If your application authenticates the client, it issues a cookie to the client that the client presents on subsequent requests. If a request for a protected resource does not contain the cookie, the application redirects the client
to the logon page. When authenticating credentials, the application can store credentials in a number of ways, such as a configuration file or a SQL Server database. For more information, see Forms Authentication Provider.

Enable Forms Authentication (IIS 7)

Edit Forms Authentication Settings (IIS 7)

Forms authentication lets users log on by using identities from an ASP.NET membership database. This authentication method uses redirection to an HTML logon page to confirm the identity of the user. You can configure Forms authentication at the
site or application levels.

Forms authentication is convenient for the following reasons:
1. It allows either a custom data store, such as a SQL server database, or Active Directory to be used for authentication.
2. It integrates easily with a Web user interface.
3. Clients can use any browser.

If you want to use membership roles for authorisation, you must use Forms authentication or a similar custom authentication method.

Windows authentication

Use Windows authentication when you want clients to authenticate using the NTLM or Kerberos protocols.

In a Windows network, NT LAN Manager (NTLM) is a suite of Microsoft security protocols that provides authentication, integrity, and confidentiality to users. NTLM is the successor to the authentication protocol in Microsoft LAN Manager (LANMAN), an older Microsoft product.

Kerberos is a network protocol that uses secret-key cryptography to authenticate client-server applications. ... The protocol gets its name from the three-headed dog (Kerberos, or Cerberus) that guarded the gates of Hades in Greek mythology.

Windows authentication, which includes both NTLM and Kerberos v5 authentication, is best suited for an intranet environment for the following reasons:
- Client computers and Web servers are in the same domain.
- Administrators can make sure that every client browser is Internet Explorer 2.0 or later versions.
- HTTP proxy connections, which are not supported by NTLM, are not required.
- Kerberos v5 requires a connection to Active Directory, which is not feasible in an Internet environment.

Windows authentication is not appropriate for use in an Internet environment, because that environment does not require or encrypt user credentials.

ASP.NET Forms-based authentication

ASP.NET Forms-based authentication is works well for sites or applications on public Web servers that receive many requests. This authentication mode lets you manage client registration and authentication at the application level, instead of relying
on the authentication mechanisms provided by the operating system.

Because Forms authentication sends the user name and password to the Web server as plain text, you should use Secure Sockets Layer (SSL) encryption for the logon page and for all other pages in your application except the home page.

User Interface
To use the UI
Open IIS Manager and navigate to the level you want to manage. For information about opening IIS Manager, see Open IIS Manager (IIS 7). For information about navigating to locations in the UI, see Navigation in IIS Manager (IIS 7).
In Features View, double-click Authentication.
On the Authentication page, select Forms Authentication.
In the Actions pane, click Enable to use Forms authentication with the default settings.

Command Line
To enable or disable Forms authentication, use the following syntax:
appcmd set config /commit:WEBROOT /section:system.web/authentication /mode: None | Windows | Passport | Forms

Note: Passport is a supported value for the mode attribute; however, Passport authentication is not supported on Windows Vista or Windows Server 2008.

By default, IIS 7 sets the mode attribute to Windows, which disables Forms authentication. If you set the attribute to Forms, you enable Forms authentication. For example, to enable Forms authentication, type the following at the command prompt, and then press ENTER:
appcmd set config /commit:WEBROOT /section:system.web/authentication /mode:Forms

When you use Appcmd.exe to configure the authentication element at the global level in IIS 7, you must specify /commit:WEBROOT in the command so that configuration changes are made to the root Web.config file instead of ApplicationHost.config.

URL Authorization
The UrlAuthorizationModule Class maps users and roles to elements within the URI namespace, which is defined by a URL. This module implements both positive and negative authorization assertions. The module can either be used to selectively permit or deny specific users access to arbitrary elements of the URI namespace. For example, you can base access on user role membership. For more information, see ASP.NET Authorization and UrlAuthorizationModule Class.
eg. grants access to several domain users, while denying it to everyone else.

Rss Feed  Atom Feed
Users browsing this topic
Forum Jump  
You cannot post new topics in this forum.
You cannot reply to topics in this forum.
You cannot delete your posts in this forum.
You cannot edit your posts in this forum.
You cannot create polls in this forum.
You cannot vote in polls in this forum.