.NET Framework Security

Chapter 14. Authentication: Know Who Is Accessing Your Site

By Kevin Price

IN THIS CHAPTER

• ASP.NET Authentication and IIS Authentication

• Default IIS Settings

• Using CLR Role-Based Security in Windows

• Using ASP.NET Forms Authentication

• Using Impersonation and Delegation in ASP.NET

As a developer, there have been many times when the question of how to, or even whether to, authenticate users has risen. The reasons for doing so are countless; it's how you do it that will determine its effectiveness. This chapter will introduce you to some of the new features for authentication in ASP.NET, as well as demonstrate how this works with the existing infrastructure provided in IIS.

This chapter will cover the whys and hows of using authentication in ASP.NET, as well as Internet Information Services (IIS), to establish who can access your site and to find out who has accessed your site. After reading this chapter, you will

• Understand authentication methods available in IIS

• Know how ASP.NET handles authentication

• Know how to use the CLR role-based security infrastructure to help secure your application

• Know how impersonation works now and how it can actually help you secure your site