Week-10

=Week-10=

Describe how the three types of authentication work.
Authentication is the process of obtaining identification credentials such as name and password from a user and validating those credentials against some authority. If the credentials are valid, the entity that submitted the credentials is considered an authenticated identity. Once an identity has been authenticated, the authorization process determines whether that identity has access to a given resource.
 * Authentication & authorization**

Provides information on how to use Windows authentication in conjunction with Microsoft Internet Information Services (IIS) authentication to secure ASP.NET applications. Windows-based authentication
 * Windows Authentication Provider**
 * Causes the browser to display a login dialog box when the user attempts to access a restricted page.
 * Is supported by most browsers.
 * Is configured through the IIS management console.
 * Uses Windows user accounts and directory rights to grant access to restricted pages.

Provides information on how to create an application-specific login form and perform authentication using your own code. A convenient way to work with forms authentication is to use ASP.NET membership and ASP.NET login controls, which together provide a way to collect user credentials, authenticate them, and manage them.
 * Forms Authentication Provider**
 * Forms-based authentication**
 * Lets developers code a login form that gets the user name and password.
 * The user name and password entered by the user are encrypted if the login page uses a secure connection.
 * Doesn’t rely on Windows user accounts. Instead, the application determines how to authenticate users.


 * Windows Live ID authentication**
 * Windows Live ID is a centralized authentication service offered by Microsoft.
 * Windows Live ID lets users maintain a single user account that lets them access any web site that participates in Windows Live ID. The advantage is that the user only has to maintain one user name and password.
 * To use Windows Live ID, you must register your web site with Microsoft to obtain an application ID and then download the Windows Live ID Web Authentication SDK.

Describe the purpose of roles, users, and access rules.
Identifies the targeted identities (user accounts) for this element. Anonymous users are identified using a question mark (?). You can specify all authenticated users using an asterisk (*). Identifies a role (a RolePrincipal object) for the current request that is allowed or denied access to the resource. For more information, see Managing Authorization Using Roles. Defines the HTTP verbs to which the action applies, such as GET, HEAD, and POST. The default is "*", which specifies all verbs.
 * users**
 * roles**
 * verbs**


 * Rules are applied as follows:**
 * Rules contained in application-level configuration files take precedence over inherited rules. The system determines which rule takes precedence by constructing a merged list of all rules for a URL, with the most recent rules (those nearest in the hierarchy) at the head of the list.
 * Given a set of merged rules for an application, ASP.NET starts at the head of the list and checks rules until the first match is found. The default configuration for ASP.NET contains an  element, which authorizes all users. (By default, this rule is applied last.) If no other authorization rules match, the request is allowed. If a match is found and the match is a deny element, the request is returned with the 401 HTTP status code. If an allow element matches, the module allows the request to be processed further.

More Information

Describe the basic purpose of the AspNetDb.mdf database.

Describe the basic procedure for modifying a data provider.

 * Membership** (Provides general membership facilities)
 * Creates a new user.
 * Deletes a user.
 * Updates a user with new information.
 * Returns a list of users.
 * Finds a user by name or e-mail.
 * Validates (authenticates) a user.
 * Gets the number of users online.
 * Searches for users by username or e-mail address.


 * MembershipUser** (Provides information about a specific user)
 * Gets the password and password question.
 * Changes the password.
 * Determines whether the user is online.
 * Determines whether the user is validated.
 * Returns the date for last activity, login, and password change.
 * Unlocks a user.


 * MembershipProvider**
 * Defines functionality for data providers that can be used by the membership system
 * Defines the methods and properties that a provider used by membership is required to implement.

Returns a collection of all the available providers.
 * MembershipProviderCollection**

Stores references to MembershipUser objects.
 * MembershipUserCollection**

Provides descriptive values for success or failure when creating a new membership user.
 * MembershipCreateStatus**

Defines the exception thrown if a user cannot be created. A MembershipCreateStatus enumeration value describing the reason for the exception is available through the StatusCode property.
 * MembershipCreateUserException**

Specifies the possible password storage formats used by the membership providers included with ASP.NET (Clear, Hashed, Encrypted).
 * MembershipPasswordFormat**