blogspot visit counter

Sunday, 14 April 2013

what is authentication and authorization in .net

asp.net state management/session interview questions answer
Authentication: - prove genuineness

Authorization: - process of granting approval or permission on resources.

The same dictionary meaning applies to ASP.NET as well. In ASP.NET authentication means to identify the user or in other words its nothing but to validate that he exists in your database and he is the proper user.
Authorization means does he have access to a particular resource on the IIS website. A resource can be an ASP.NET web page, media files (MP4, GIF, JPEG etc), compressed file (ZIP, RAR) etc.
So the first process which happens is authentication and then authorization. Below is a simple graphical representation of authentication and authorization. So when the user enters ‘userid’ and ‘password’ he is first authenticated and identified by the user name.
Now when the user starts accessing resources like pages, ASPDOTNETauthentication, videos etc, he is checked whether he has the necessary access for the resources. The process of identifying the rights for resources is termed as ‘Authorization’.
To put it in simple words to identify “he is shiv” is authentication and to identify that “Shiv is admin” is authorization.

Detecting authentication and authorization: - The principal and identity objects
 

At any moment of time if you want to know who the user is and what kind of authentication type he using you can use the identity object. If you want to know what kind of roles it’s associated with then we need to use the principal object. In other words to get authentication details we need to the identity object and to know about authorization details of that identity we need the principal object.

For instance below is a simple sample code which shows how to use identity and principal object to display name and check roles.

No comments:

Post a Comment

Related Posts Plugin for WordPress, Blogger...