What do you mean by passport authentication and windows
authentication ?
- 5 Answers
- 11769 Views
- TCS, I also Faced
- E-Mail Answers
Answer Posted / sandip
IIS provides Windows Authentication and hence, this should
be configured within IIS. There are four different kinds of
Windows authentication available: Anonymous, Basic, Digest
and Integrated Windows Authentication.
* Anonymous Authentication: IIS doesn’t perform any
authentication checks. IIS allows any user to access the
ASP.NET application.
* Basic Authentication: For this kind of authentication,
the Windows user name and password have to be provided to
connect. However, this information is sent over the network
in plain text, and, hence, this is an insecure method of
authentication.
* Digest Authentication: It is the same as basic
authentication except for the fact that the password is
hashed before it is sent across the network. However, to be
using Digest Authentication, we must use Internet Explorer
5.0 or above.
* Integrated Windows Authentication: In this kind of
authentication technique, passwords are not sent across the
network. The application here uses either the kerberos or
challenge/response protocols to authenticate users.
Kerberos, a network authentication protocol, is designed to
provide strong authentication for client-server
applications. It provides the tools of authentication and
strong cryptography over the network to help secure
information in systems across an entire enterprise.
* Passport Authentication: Passport authentication is a
centralized authentication service. This uses Microsoft’s
Passport service to authenticate the users of an
application. If the authentication mode of an application is
configured as “Passport”, and if the users have signed up
with Passport, then the authentication formalities are
pushed over to Passport servers.
Passport uses an encrypted cookie mechanism to
identify and indicate authenticated users. If the users have
already been signed into Passport when they visit the
application page, ASP.NET will consider them as
authenticated; otherwise, the users will be redirected to
Passport servers to login. Upon successful login, they’ll
be redirected back to the application page.
* Forms Authentication: With forms authentication,
custom logic can be built into an ASP.NET application. The
following happens when forms authentication is used in an
ASP.NET application:
o When a user requests a page for the application,
ASP.NET checks for the presence of a special session cookie.
o If the cookie is present, ASP.NET assumes the
user is authenticated and processes the request.
o If the cookie isn’t present, ASP.NET redirects
the user to a web form where the custom logic has been built
into the code. The authentication checks can be incorporated
into the web form, and when the user is authenticated
ASP.NET needs to be informed of the same by setting a
property. Once this is done, ASP.NET creates the special
cookie to handle any subsequent requests.
| Is This Answer Correct ? | 24 Yes | 2 No |
Post New Answer View All Answers
What do mean by remotable objects in .net remoting?
Garbage collector?s functionality on unmanaged code ?
What are the steps to publish an object outside the service domain
How are the activation URLs different in case of SAO and CAO in .NET remoting?
Explain how to perform remoting?
What are the information required to configure remote objects?
Elaborate the term WebService and how it differ from Remoting?
How to directly call a native function exported from a dll?
How do you implement distributed applications in .net?
What is the difference beween the registeractivatedservicetype() and registeractivatedclienttype()?
Name the distributed systems available apart from .net remoting?
What is objref object in remoting?
How do you directly call a native function exported from a DLL?
Define singleton activation mode in .net remoting?
When should we choose .net remoting over .net web services?
