473,503 Members | 3,715 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

2.0 auth questions

djc
I have a couple questions about authentication and authorization in asp.net
2.0.

1) I see there are still the same authentication mode options as in 1.1
(windows, forms, or passport). However in reading through some of the new
documentation I see reference to 'membership' a lot. How does membership
relate to all this? Is it simply enhanced classes used with 'forms' based
authentication? does it also apply to windows authentication mode? etc..

2) I though I understood this correctly:
A) With forms based authentication
- users and roles exist in a data store of your choice (usually a
sql database)
- you handle your own login page to check against your user store
- authorization after authentication is performed by asp.net using
settings in web.config
B) With windows authentication mode
- the users are actual windows accounts and the roles would be
windows groups.
- authorization after authentication is handled by NTFS permissions
on the web server

I was just toying around with the website administration tool in VS 2005 for
a site that is in windows authentication mode and noticed:
- I could enable and add 'roles', which didn't make sense to me since I
thought the 'roles' in this case were actually windows groups, and I could
add access rules which specified 'roles' or users that are not windows users
or groups??

confused, probably too confused for this post to even make sense, any input
would be greatly appreciated
Nov 1 '06 #1
3 1185
djc
I think most of my number 2 question was cleared up by this:
http://msdn.microsoft.com/library/de...horization.asp

If I understand correctly now I need one last clarification that was not
specfied in the article above:
when users/roles for URLAuthorizationModule are specified in web.config they
are automatically matched against windows accounts/groups when using windows
authentication mode or against whatever user store you used (sql db most of
the time) if using forms authentication. (Yes/No)?

my confusion was that I didn't realize the URLAuthorizationModule (settings
in <authorization></authorizationin web.config) could also be used when
using windows authentication mode. Now I just want to verify where the
users/roles specified in the <authorization></authorizationsection are
matched against.

still not sure on my number 1 below though (about membership, which I think
is new to 2.0?).

my first question below is still
"djc" <no***@nowhere.comwrote in message
news:%2***************@TK2MSFTNGP02.phx.gbl...
>I have a couple questions about authentication and authorization in asp.net
2.0.

1) I see there are still the same authentication mode options as in 1.1
(windows, forms, or passport). However in reading through some of the new
documentation I see reference to 'membership' a lot. How does membership
relate to all this? Is it simply enhanced classes used with 'forms' based
authentication? does it also apply to windows authentication mode? etc..

2) I though I understood this correctly:
A) With forms based authentication
- users and roles exist in a data store of your choice (usually a
sql database)
- you handle your own login page to check against your user store
- authorization after authentication is performed by asp.net using
settings in web.config
B) With windows authentication mode
- the users are actual windows accounts and the roles would be
windows groups.
- authorization after authentication is handled by NTFS permissions
on the web server

I was just toying around with the website administration tool in VS 2005
for a site that is in windows authentication mode and noticed:
- I could enable and add 'roles', which didn't make sense to me since I
thought the 'roles' in this case were actually windows groups, and I could
add access rules which specified 'roles' or users that are not windows
users or groups??

confused, probably too confused for this post to even make sense, any
input would be greatly appreciated

Nov 1 '06 #2
You're mixing apples and oranges a little. Authentication is not necessarily
membership. Yes, ASP.Net 2.0 does come with the same authentication options
such as forms and windows. It's only the method used to gather the
information and authenticate it simply. The membership system in ASP.Net 2.0
adds the capabilities for creating/managing/authenticating users from a user
store (typically a SQL Server database) based on the membership provider.
ASP.Net 2.0 can create the membership store in a SQL Server with all the
necessary tables and stored procedures. It can also implement role-based
security. Roles are not Windows Groups so don't compare them. Windows Groups
are actually an implementation of role-based security. The Membership system
does come with an optional roles-based security provider so you can
associate users with roles. It also comes with a personalization system so
you can personalize the information associated with a user without having to
muck around with creating custom user tables and such.
"djc" <no***@nowhere.comwrote in message
news:%2***************@TK2MSFTNGP02.phx.gbl...
>I have a couple questions about authentication and authorization in asp.net
2.0.

1) I see there are still the same authentication mode options as in 1.1
(windows, forms, or passport). However in reading through some of the new
documentation I see reference to 'membership' a lot. How does membership
relate to all this? Is it simply enhanced classes used with 'forms' based
authentication? does it also apply to windows authentication mode? etc..

2) I though I understood this correctly:
A) With forms based authentication
- users and roles exist in a data store of your choice (usually a
sql database)
- you handle your own login page to check against your user store
- authorization after authentication is performed by asp.net using
settings in web.config
B) With windows authentication mode
- the users are actual windows accounts and the roles would be
windows groups.
- authorization after authentication is handled by NTFS permissions
on the web server

I was just toying around with the website administration tool in VS 2005
for a site that is in windows authentication mode and noticed:
- I could enable and add 'roles', which didn't make sense to me since I
thought the 'roles' in this case were actually windows groups, and I could
add access rules which specified 'roles' or users that are not windows
users or groups??

confused, probably too confused for this post to even make sense, any
input would be greatly appreciated

Nov 1 '06 #3
djc
Thanks for the reply Mark.
so if Im using windows authenticaton mode and add an authorization entry in
web.config specifying <allow roles="GroupName" /it would not match
"GroupName" with a windows user group named "GroupName"?
"Mark Fitzpatrick" <ma******@fitzme.comwrote in message
news:%2****************@TK2MSFTNGP04.phx.gbl...
You're mixing apples and oranges a little. Authentication is not
necessarily membership. Yes, ASP.Net 2.0 does come with the same
authentication options such as forms and windows. It's only the method
used to gather the information and authenticate it simply. The membership
system in ASP.Net 2.0 adds the capabilities for
creating/managing/authenticating users from a user store (typically a SQL
Server database) based on the membership provider. ASP.Net 2.0 can create
the membership store in a SQL Server with all the necessary tables and
stored procedures. It can also implement role-based security. Roles are
not Windows Groups so don't compare them. Windows Groups are actually an
implementation of role-based security. The Membership system does come
with an optional roles-based security provider so you can associate users
with roles. It also comes with a personalization system so you can
personalize the information associated with a user without having to muck
around with creating custom user tables and such.
"djc" <no***@nowhere.comwrote in message
news:%2***************@TK2MSFTNGP02.phx.gbl...
>>I have a couple questions about authentication and authorization in
asp.net 2.0.

1) I see there are still the same authentication mode options as in 1.1
(windows, forms, or passport). However in reading through some of the new
documentation I see reference to 'membership' a lot. How does membership
relate to all this? Is it simply enhanced classes used with 'forms' based
authentication? does it also apply to windows authentication mode? etc..

2) I though I understood this correctly:
A) With forms based authentication
- users and roles exist in a data store of your choice (usually a
sql database)
- you handle your own login page to check against your user store
- authorization after authentication is performed by asp.net using
settings in web.config
B) With windows authentication mode
- the users are actual windows accounts and the roles would be
windows groups.
- authorization after authentication is handled by NTFS
permissions on the web server

I was just toying around with the website administration tool in VS 2005
for a site that is in windows authentication mode and noticed:
- I could enable and add 'roles', which didn't make sense to me since
I thought the 'roles' in this case were actually windows groups, and I
could add access rules which specified 'roles' or users that are not
windows users or groups??

confused, probably too confused for this post to even make sense, any
input would be greatly appreciated


Nov 1 '06 #4

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics
3
2273
HTTP-auth workaround
by: Steven Stern | last post by:
I'm looking for a way to force basic http autentication from within a PHP script. Here's the situation: I have an exisiting system that first authenticates people via the aMemberPro package....
PHP
4
2285
extension Class to Auth
by: jsWalter | last post by:
I have an extension Class to Auth and I'm looking for some folks to hammer on it a bit and give feed back. Class: AuthUser - add user (well, Auth does that now, so its gone) - remove user...
PHP
0
1403
smtplib, auth and covad
by: David Geller | last post by:
Hi, I had been using smptlib to send email via my covad relay previously (several months ago), and it worked fine. Covad requires authentication, and this was accomplished fine with...
Python
1
2464
imaplib.error: command COPY illegal in state AUTH
by: Raghul | last post by:
I am getting this error while copying n number of messages to the folder using imaplib.What to do to copy n number of folders in mail The error i got is imaplib.error: command COPY illegal in...
Python
4
5608
Forms Auth cookie vanishes immediately after login
by: 23s | last post by:
I had this problem in the past, after a server reformat it went away, and now after another server reformat it's back again - no clue what's doing it. Here's the flow: Website root is public, no...
ASP.NET
1
1147
Windows Auth, but Forms Auth for one page?
by: dhnriverside | last post by:
Hi guys My intranet site is using Windows authentication to get users login and details, and using Roles to determine which pages they can visit. However, I want to give them a page so that...
ASP.NET
13
2117
how to prevent auth ticket expiration
by: Perecli Manole | last post by:
In the forms authentication construct, I need a way to prevent ticket IssueDate and Expiration from being updated for a specific page only. By default forms authentication updates these two values...
ASP.NET
10
1763
trust auth in 7.4
by: Henk van Lingen | last post by:
Hi, docs say (19.2.1): When trust authentication is specified, PostgreSQL assumes that anyone who can connect to the server is authorized to access the database as whatever database user he...
PostgreSQL Database
0
1544
PEAR Auth - check on each page
by: kevin bailey | last post by:
I have a framework working where I have multiple pages each checking the authentication status. Unauthorised users are redirected to a login page - otherwise the requested page is shown. ...
PHP
0
1036
forms based auth question
by: tagg3rx | last post by:
Hi All, I'm trying to get forms based auth up and working and I'm running into a little snag. My login page needs to access css files and images in my application and when I enable the...
.NET Framework
0
7192
marktang
What is ONU?
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
General
0
7315
jinu1996
Maximizing Business Potential: The Nexus of Website Design and Digital Marketing
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
Online Marketing
1
6974
The easy way to turn off automatic updates for Windows 10/11
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows...
Windows Server
1
4991
isladogs
Access Europe - Using VBA to create a class based on a table - Wed 1 May
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome a new...
Microsoft Access / VBA
0
4665
Couldn’t get equations in html when convert word .docx file to html file in C#.
by: conductexam | last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and...
C# / C Sharp
0
3147
Windows Forms - .Net 8.0
by: adsilva | last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
Visual Basic .NET
0
1492
transfer the data from one system to another through ip address
by: 6302768590 | last post by:
Hai team i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated ...
C# / C Sharp
1
721
muto222
How to add payments to a PHP MySQL app.
by: muto222 | last post by:
How can i add a mobile payment intergratation into php mysql website.
PHP
0
369
bsmnconsultancy
Comprehensive Guide to Website Development in Toronto: Expert Insights from BSMN Consultancy
by: bsmnconsultancy | last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence...
General

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes
How to Post and Respond on Bytes
How to Promote and Link on Bytes
How to increase your Ranking on Bytes
Become a Recognized Expert on Bytes
Feedback Welcomed! Contact Us