Windows authentication in asp.net Part 87
Text version of the video
http://csharp-video-tutorials.blogspot.com/2012/12/windows-authentication-in-aspnet-part-87.html
Healthy diet is very important both for the body and mind. If you like Aarvi Kitchen recipes, please support by sharing, subscribing and liking our YouTube channel. Hope you can help.
https://www.youtube.com/channel/UC7sEwIXM_YfAMyonQCrGfWA/?sub_confirmation=1
Slides
http://csharp-video-tutorials.blogspot.com/2013/08/part-87-windows-authentication.html
All ASP .NET Text Articles
http://csharp-video-tutorials.blogspot.com/p/free-aspnet-video-tutorial.html
All ASP .NET Slides
http://csharp-video-tutorials.blogspot.com/p/aspnet-slides.html
All Dot Net and SQL Server Tutorials in English
https://www.youtube.com/user/kudvenkat/playlists?view=1&sort=dd
All Dot Net and SQL Server Tutorials in Arabic
https://www.youtube.com/c/KudvenkatArabic/playlists
In Parts 85 and 86 of this video series, we discussed about anonymous authentication. Anonymous authentication is fine for web sites that contain public information, that every one can see.
However, if the web site contains private information or performs tasks such as booking tickets, placing orders etc, then the users need to be authenticated and authorised.
Windows authentication, identifies and authorizes users based on the server’s user list. Access to resources on the server is then granted or denied based on the user account’s privileges.
Windows authentication is best suited for Intranet Web applications.
The advantage of Windows authentication is that, the Web application can use the exact same security scheme that applies to your corporate network. User names, passwords, and permissions are the same for network resources and Web applications.
Security for an asp.net web application can be configured at 2 places. In IIS and in the application itself.
If both, anonymous and windows authentication are enabled in IIS, and, if we don’t have a deny entry for anonymous users, in the web.config file, then the resources on the web server are accessed using anonymous authentication.
Anonymous authentication can be disabled in IIS or in web.config file.
If you want to have the application code executed using the logged in user identity, then enable impersonation. Impersonation can be enabled thru IIS or by setting identity element’s impersonate attribute to true in web.config file.
If impersonation is enabled, the application executes using the permissions found in your user account. So, if the logged in user has access, to a specific network resource, only then will he be able to access that resource thru the application.