Chapter 15. Authentication
IN THIS CHAPTER
Authentication is the process of verifying a user's identity against some authority such as an XML file or a database. Authentication is analogous to visiting an airport. Visitors are allowed in and can go into some areas. To get into other areas, such as the baggage handling area, a person must provide credentials to prove that he has the security clearance appropriate for the area. The level of clearance that a particular person has determines into which areas he is allowed. Web site authentication works in a similar fashion. With many Web sites, any visitor can view a portion of the Web site. Frequently, Web sites have “members-only” areas that require the user to be identified (authenticated).
When the user is authenticated, in other words, when the application can identify users, their requests for resources such as Web pages must be authorized. Authorization is the process of evaluating a user's credentials to determine if she can have access to the requested resource. In this chapter you will learn about the authentication types available to you in ASP.NET and how to authorize user requests. Specifically you will learn
ASP.NET provides a configuration file structure for maintaining user credentials. The default authentication format uses the configuration file, which includes usernames and passwords. The authentication classes are built with security in mind, and they provide methods for encrypting the passwords automatically.