SlideShare a Scribd company logo

Authentication and Authorization in Asp.Net

Download as PPTX, PDF
Shivanand Arur
Shivanand Arur

This presentation gives a little information about Why Security is important, then moving towards understanding about Authentication and Authorization and its various ways 1. Forms Authentication 2. Windows Authentication 3. Passport Authentication

Technology
1 of 20
Topics – Authentication and Authorization 1. INTRODUCTION  Why Security is important in today’s world?  Different Ways to secure your Website / Application 2. What is IIS? and How to install and host an ASP.NET Website? 3. What is Authentication? 4. What is Authorization? 5. What is an Identity Object? 6. What is a Principal Object?
Topics – Authentication and Authorization • Different ways of Authentication :  Forms Authentication.  Using Cookies  Cookieless  Windows Authentication.  Passport Authentication.
Introduction – Why Security is Important? 1. Security is one of the most important part of any Website or a Web Application. 2. Hackers are waiting out there for us and use various ways to exploit a website / web-application. 3. Hacker can attack in many ways.  Brute Force  Sniffers  Spoofing  Social Engineering  SQL Injection
Introduction - Different Ways to Secure your Application  Design your Application well.  Encrypting the Data while storing.  Input Validation.  Forcing Users for Strong Passwords.  Authentication and Authorization.
What is Internet Information Service(IIS)? • IIS is one of the most powerful Web Server developed by Microsoft to host ASP.NET Websites or Applications. • Its responsibility is to give a Response back to the Request sent by the Client. How does IIS work?
What is Authentication? • Dictionary meaning of “Authentication” is to “Check someone’s genuineness” • In ASP.NET – Authentication means the same. It is a process where you check a person’s credentials. • Example – Facebook, Yahoo, Gmail. What is Authorization? • Providing access to resource based on User’s role. • Authentication always preceeds Authorization
What is an Identity Object? • An Identity Object is an Object which stores information about an Authenticated User. • Contains 2 types of Objects “WindowsIdentity” and “GenericIdentity” What is a Principal Object? • A Principal Object is an Object that basically defines the roles of the Authenticated User. • Principal Object encapsulates the Identity Object.
Forms Authentication • Forms Authentication is nothing but a Cookie based Authentication where a Cookie is stored on the Client’s machine. • It makes use of a Custom Form to accept User’s Credentials. • Credentials are validated with the information stored in a specific source. • Advantage – – It is the simplest way of authenticating Users for websites and applications. – User does not have to login again and again to the same application.
Windows Authentication • Windows Authentication is used in Intranet Environment. • Users credentials are validated with the information stored in the Windows Users Group. • It is not available in Windows 7 Home - Premium, Basic and Starter Versions.
Types of Windows Authentication 1. Anonymous Authentication – It does not authenticates the User. 2. Basic Authentication – User is authenticated and information is sent in BASE-64 Encoded format. 3. Digest Authentication – Works like Basic Authentication, but sends information in an encrypted format. 4. Integrated Windows Authentication – It either uses the NTLM or Kerberos type for authentication.
Working process of NTLM – Also know as Challenge-Response Process
Authentication using Kerberos Mechanism Authentication using Kerberos, contains 3 main components.  Authentication Service (AS)  Validates the Username and Password and sends a simple ticket.  Ticket Granting Server (TGT)  The Client sends the Ticket to the TGT, which sends a Service Ticket.  Service Broker (SB)  The SB, generates the Connection and creates Session for the User to use the Application
2 1 1 2
Passport Authentication • User’s Credentials are authenticated using the Microsoft’s websites (Windows Live, Hotmail). • User’s are sent to the Microsoft’s Login page for authentication. • User is not authorized. • Developer does not require to create his own Custom Login Form. • For using the Passport Authentication service, you will have to download the .Net Passport SDK and will also need to register the Application using the .Net Service Manager.
THANK YOU

Recommended

Secure coding practices
Secure coding practicesSecure coding practices
Secure coding practicesScott Hurrey
 
Api testing
Api testingApi testing
Api testingKeshav Kashyap
 
What is Dependency Injection in Spring Boot | Edureka
What is Dependency Injection in Spring Boot | EdurekaWhat is Dependency Injection in Spring Boot | Edureka
What is Dependency Injection in Spring Boot | EdurekaEdureka!
 
Dependency injection - the right way
Dependency injection - the right wayDependency injection - the right way
Dependency injection - the right wayThibaud Desodt
 
Asp.Net Identity
Asp.Net IdentityAsp.Net Identity
Asp.Net IdentityMarwa Ahmad
 
iOS Application Pentesting
iOS Application PentestingiOS Application Pentesting
iOS Application Pentestingn|u - The Open Security Community
 
Vulnerabilities in modern web applications
Vulnerabilities in modern web applicationsVulnerabilities in modern web applications
Vulnerabilities in modern web applicationsNiyas Nazar
 
.Net Core
.Net Core.Net Core
.Net CoreBertrand Le Roy
 

Recommended

Secure coding practices
Secure coding practicesSecure coding practices
Secure coding practicesScott Hurrey
 
Api testing
Api testingApi testing
Api testingKeshav Kashyap
 
What is Dependency Injection in Spring Boot | Edureka
What is Dependency Injection in Spring Boot | EdurekaWhat is Dependency Injection in Spring Boot | Edureka
What is Dependency Injection in Spring Boot | EdurekaEdureka!
 
Dependency injection - the right way
Dependency injection - the right wayDependency injection - the right way
Dependency injection - the right wayThibaud Desodt
 
Asp.Net Identity
Asp.Net IdentityAsp.Net Identity
Asp.Net IdentityMarwa Ahmad
 
iOS Application Pentesting
iOS Application PentestingiOS Application Pentesting
iOS Application Pentestingn|u - The Open Security Community
 
Vulnerabilities in modern web applications
Vulnerabilities in modern web applicationsVulnerabilities in modern web applications
Vulnerabilities in modern web applicationsNiyas Nazar
 
.Net Core
.Net Core.Net Core
.Net CoreBertrand Le Roy
 
C#.NET
C#.NETC#.NET
C#.NETgurchet
 
C# 101: Intro to Programming with C#
C# 101: Intro to Programming with C#C# 101: Intro to Programming with C#
C# 101: Intro to Programming with C#Hawkman Academy
 
Asp.net.
Asp.net.Asp.net.
Asp.net.Naveen Sihag
 
OWASP Top 10 2021 What's New
OWASP Top 10 2021 What's NewOWASP Top 10 2021 What's New
OWASP Top 10 2021 What's NewMichael Furman
 
Angular 8
Angular 8 Angular 8
Angular 8 Sunil OS
 
Authentication vs authorization
Authentication vs authorizationAuthentication vs authorization
Authentication vs authorizationFrank Victory
 
Introduction to c#
Introduction to c#Introduction to c#
Introduction to c#OpenSource Technologies Pvt. Ltd.
 
Spring data jpa
Spring data jpaSpring data jpa
Spring data jpaJeevesh Pandey
 
Java - Generic programming
Java - Generic programmingJava - Generic programming
Java - Generic programmingRiccardo Cardin
 
SQLITE Android
SQLITE AndroidSQLITE Android
SQLITE AndroidSourabh Sahu
 
Introduction to .NET Framework
Introduction to .NET FrameworkIntroduction to .NET Framework
Introduction to .NET FrameworkRaghuveer Guthikonda
 
Secure Coding for Java
Secure Coding for JavaSecure Coding for Java
Secure Coding for JavaSébastien GIORIA
 
Sql injection
Sql injectionSql injection
Sql injectionPallavi Biswas
 
Introduction to Node.js
Introduction to Node.jsIntroduction to Node.js
Introduction to Node.jsVikash Singh
 
SQL INJECTION
SQL INJECTIONSQL INJECTION
SQL INJECTIONAnoop T
 
SQL Injections - A Powerpoint Presentation
SQL Injections - A Powerpoint PresentationSQL Injections - A Powerpoint Presentation
SQL Injections - A Powerpoint PresentationRapid Purple
 
Java tutorial PPT
Java tutorial PPTJava tutorial PPT
Java tutorial PPTIntelligo Technologies
 
Angularjs PPT
Angularjs PPTAngularjs PPT
Angularjs PPTAmit Baghel
 
An Introduction to Test Driven Development
An Introduction to Test Driven Development An Introduction to Test Driven Development
An Introduction to Test Driven Development CodeOps Technologies LLP
 
Introduction to Web Application Penetration Testing
Introduction to Web Application Penetration TestingIntroduction to Web Application Penetration Testing
Introduction to Web Application Penetration TestingAnurag Srivastava
 
Authentication, authorization, accounting(aaa) slides
Authentication, authorization, accounting(aaa) slidesAuthentication, authorization, accounting(aaa) slides
Authentication, authorization, accounting(aaa) slidesrahul kundu
 
Difference between authentication and authorization in asp.net
Difference between authentication and authorization in asp.netDifference between authentication and authorization in asp.net
Difference between authentication and authorization in asp.netUmar Ali
 

More Related Content

What's hot

C# 101: Intro to Programming with C#
C# 101: Intro to Programming with C#C# 101: Intro to Programming with C#
C# 101: Intro to Programming with C#Hawkman Academy
 
OWASP Top 10 2021 What's New
OWASP Top 10 2021 What's NewOWASP Top 10 2021 What's New
OWASP Top 10 2021 What's NewMichael Furman
 
Angular 8
Angular 8 Angular 8
Angular 8 Sunil OS
 
Authentication vs authorization
Authentication vs authorizationAuthentication vs authorization
Authentication vs authorizationFrank Victory
 
Java - Generic programming
Java - Generic programmingJava - Generic programming
Java - Generic programmingRiccardo Cardin
 
Introduction to Node.js
Introduction to Node.jsIntroduction to Node.js
Introduction to Node.jsVikash Singh
 
SQL INJECTION
SQL INJECTIONSQL INJECTION
SQL INJECTIONAnoop T
 
SQL Injections - A Powerpoint Presentation
SQL Injections - A Powerpoint PresentationSQL Injections - A Powerpoint Presentation
SQL Injections - A Powerpoint PresentationRapid Purple
 
An Introduction to Test Driven Development
An Introduction to Test Driven Development An Introduction to Test Driven Development
An Introduction to Test Driven Development CodeOps Technologies LLP
 
Introduction to Web Application Penetration Testing
Introduction to Web Application Penetration TestingIntroduction to Web Application Penetration Testing
Introduction to Web Application Penetration TestingAnurag Srivastava
 

What's hot (20)

C#.NET
C#.NETC#.NET
C#.NET
 
C# 101: Intro to Programming with C#
C# 101: Intro to Programming with C#C# 101: Intro to Programming with C#
C# 101: Intro to Programming with C#
 
Asp.net.
Asp.net.Asp.net.
Asp.net.
 
OWASP Top 10 2021 What's New
OWASP Top 10 2021 What's NewOWASP Top 10 2021 What's New
OWASP Top 10 2021 What's New
 
Angular 8
Angular 8 Angular 8
Angular 8
 
Authentication vs authorization
Authentication vs authorizationAuthentication vs authorization
Authentication vs authorization
 
Introduction to c#
Introduction to c#Introduction to c#
Introduction to c#
 
Spring data jpa
Spring data jpaSpring data jpa
Spring data jpa
 
Java - Generic programming
Java - Generic programmingJava - Generic programming
Java - Generic programming
 
SQLITE Android
SQLITE AndroidSQLITE Android
SQLITE Android
 
Introduction to .NET Framework
Introduction to .NET FrameworkIntroduction to .NET Framework
Introduction to .NET Framework
 
Secure Coding for Java
Secure Coding for JavaSecure Coding for Java
Secure Coding for Java
 
Sql injection
Sql injectionSql injection
Sql injection
 
Introduction to Node.js
Introduction to Node.jsIntroduction to Node.js
Introduction to Node.js
 
SQL INJECTION
SQL INJECTIONSQL INJECTION
SQL INJECTION
 
SQL Injections - A Powerpoint Presentation
SQL Injections - A Powerpoint PresentationSQL Injections - A Powerpoint Presentation
SQL Injections - A Powerpoint Presentation
 
Java tutorial PPT
Java tutorial PPTJava tutorial PPT
Java tutorial PPT
 
Angularjs PPT
Angularjs PPTAngularjs PPT
Angularjs PPT
 
An Introduction to Test Driven Development
An Introduction to Test Driven Development An Introduction to Test Driven Development
An Introduction to Test Driven Development
 
Introduction to Web Application Penetration Testing
Introduction to Web Application Penetration TestingIntroduction to Web Application Penetration Testing
Introduction to Web Application Penetration Testing
 

Viewers also liked

Authentication, authorization, accounting(aaa) slides
Authentication, authorization, accounting(aaa) slidesAuthentication, authorization, accounting(aaa) slides
Authentication, authorization, accounting(aaa) slidesrahul kundu
 
Difference between authentication and authorization in asp.net
Difference between authentication and authorization in asp.netDifference between authentication and authorization in asp.net
Difference between authentication and authorization in asp.netUmar Ali
 
Authentication Technologies
Authentication TechnologiesAuthentication Technologies
Authentication TechnologiesNicholas Davis
 
AAA & RADIUS Protocols
AAA & RADIUS ProtocolsAAA & RADIUS Protocols
AAA & RADIUS ProtocolsPeter R. Egli
 
Authentication(pswrd,token,certificate,biometric)
Authentication(pswrd,token,certificate,biometric)Authentication(pswrd,token,certificate,biometric)
Authentication(pswrd,token,certificate,biometric)Ali Raw
 
Layer 7: Fine Grained Authorization for Web Services
Layer 7: Fine Grained Authorization for Web ServicesLayer 7: Fine Grained Authorization for Web Services
Layer 7: Fine Grained Authorization for Web ServicesCA API Management
 
Nevigation control in asp.net
Nevigation control in asp.netNevigation control in asp.net
Nevigation control in asp.netparallelminder
 
Formbased authentication in asp.net
Formbased authentication in asp.netFormbased authentication in asp.net
Formbased authentication in asp.netparallelminder
 
Restoring SharePoint Frontend server
Restoring SharePoint Frontend serverRestoring SharePoint Frontend server
Restoring SharePoint Frontend serverparallelminder
 
Asp.net membership anduserroles_ppt
Asp.net membership anduserroles_pptAsp.net membership anduserroles_ppt
Asp.net membership anduserroles_pptShivanand Arur
 
Authentication and Authorization Architecture in the MEAN Stack
Authentication and Authorization Architecture in the MEAN StackAuthentication and Authorization Architecture in the MEAN Stack
Authentication and Authorization Architecture in the MEAN StackFITC
 
Master Pages In Asp.net
Master Pages In Asp.netMaster Pages In Asp.net
Master Pages In Asp.netparallelminder
 
Asp Net Advance Topics
Asp Net Advance TopicsAsp Net Advance Topics
Asp Net Advance TopicsAli Taki
 
The Three Musketeers (Authentication, Authorization, Accounting)
The Three Musketeers (Authentication, Authorization, Accounting)The Three Musketeers (Authentication, Authorization, Accounting)
The Three Musketeers (Authentication, Authorization, Accounting)Sarah Conway
 
Master pages ppt
Master pages pptMaster pages ppt
Master pages pptIblesoft
 
Radius server,PAP and CHAP Protocols
Radius server,PAP and CHAP ProtocolsRadius server,PAP and CHAP Protocols
Radius server,PAP and CHAP ProtocolsDhananjay Aloorkar
 
Master pages
Master pagesMaster pages
Master pagesteach4uin
 

Viewers also liked (20)

Authentication, authorization, accounting(aaa) slides
Authentication, authorization, accounting(aaa) slidesAuthentication, authorization, accounting(aaa) slides
Authentication, authorization, accounting(aaa) slides
 
Difference between authentication and authorization in asp.net
Difference between authentication and authorization in asp.netDifference between authentication and authorization in asp.net
Difference between authentication and authorization in asp.net
 
Authentication Technologies
Authentication TechnologiesAuthentication Technologies
Authentication Technologies
 
RADIUS
RADIUSRADIUS
RADIUS
 
AAA in a nutshell
AAA in a nutshellAAA in a nutshell
AAA in a nutshell
 
AAA & RADIUS Protocols
AAA & RADIUS ProtocolsAAA & RADIUS Protocols
AAA & RADIUS Protocols
 
Authentication(pswrd,token,certificate,biometric)
Authentication(pswrd,token,certificate,biometric)Authentication(pswrd,token,certificate,biometric)
Authentication(pswrd,token,certificate,biometric)
 
Layer 7: Fine Grained Authorization for Web Services
Layer 7: Fine Grained Authorization for Web ServicesLayer 7: Fine Grained Authorization for Web Services
Layer 7: Fine Grained Authorization for Web Services
 
Nevigation control in asp.net
Nevigation control in asp.netNevigation control in asp.net
Nevigation control in asp.net
 
Formbased authentication in asp.net
Formbased authentication in asp.netFormbased authentication in asp.net
Formbased authentication in asp.net
 
Restoring SharePoint Frontend server
Restoring SharePoint Frontend serverRestoring SharePoint Frontend server
Restoring SharePoint Frontend server
 
Asp.net membership anduserroles_ppt
Asp.net membership anduserroles_pptAsp.net membership anduserroles_ppt
Asp.net membership anduserroles_ppt
 
Authentication and Authorization Architecture in the MEAN Stack
Authentication and Authorization Architecture in the MEAN StackAuthentication and Authorization Architecture in the MEAN Stack
Authentication and Authorization Architecture in the MEAN Stack
 
Master Pages In Asp.net
Master Pages In Asp.netMaster Pages In Asp.net
Master Pages In Asp.net
 
Asp Net Advance Topics
Asp Net Advance TopicsAsp Net Advance Topics
Asp Net Advance Topics
 
The Three Musketeers (Authentication, Authorization, Accounting)
The Three Musketeers (Authentication, Authorization, Accounting)The Three Musketeers (Authentication, Authorization, Accounting)
The Three Musketeers (Authentication, Authorization, Accounting)
 
Ch3 server controls
Ch3 server controlsCh3 server controls
Ch3 server controls
 
Master pages ppt
Master pages pptMaster pages ppt
Master pages ppt
 
Radius server,PAP and CHAP Protocols
Radius server,PAP and CHAP ProtocolsRadius server,PAP and CHAP Protocols
Radius server,PAP and CHAP Protocols
 
Master pages
Master pagesMaster pages
Master pages
 

Similar to Authentication and Authorization in Asp.Net

SharePoint Saturday The Conference DC - Are you who you say you are share poi...
SharePoint Saturday The Conference DC - Are you who you say you are share poi...SharePoint Saturday The Conference DC - Are you who you say you are share poi...
SharePoint Saturday The Conference DC - Are you who you say you are share poi...Liam Cleary [MVP]
 
Y U No OAuth, Using Common Patterns to Secure Your Web Applications
Y U No OAuth, Using Common Patterns to Secure Your Web ApplicationsY U No OAuth, Using Common Patterns to Secure Your Web Applications
Y U No OAuth, Using Common Patterns to Secure Your Web ApplicationsJason Robert
 
Claim based authentaication
Claim based authentaicationClaim based authentaication
Claim based authentaicationSean Xiong
 
SharePoint Authentication And Authorization SPTechCon San Francisco
SharePoint Authentication And Authorization SPTechCon San FranciscoSharePoint Authentication And Authorization SPTechCon San Francisco
SharePoint Authentication And Authorization SPTechCon San FranciscoLiam Cleary [MVP]
 
Creating a Sign On with Open id connect
Creating a Sign On with Open id connectCreating a Sign On with Open id connect
Creating a Sign On with Open id connectDerek Binkley
 
Securing SharePoint Apps with OAuth
Securing SharePoint Apps with OAuthSecuring SharePoint Apps with OAuth
Securing SharePoint Apps with OAuthKashif Imran
 
Authentication Models
Authentication ModelsAuthentication Models
Authentication ModelsRaj Chanchal
 
Security asp.net application
Security asp.net applicationSecurity asp.net application
Security asp.net applicationZAIYAUL HAQUE
 
Introduction to Web Security
Introduction to Web SecurityIntroduction to Web Security
Introduction to Web SecurityKamil Lelonek
 
Kerberos-PKI-Federated identity
Kerberos-PKI-Federated identityKerberos-PKI-Federated identity
Kerberos-PKI-Federated identityWAFAA AL SALMAN
 
NIC 2014 Modern Authentication for the Cloud Era
NIC 2014 Modern Authentication for the Cloud EraNIC 2014 Modern Authentication for the Cloud Era
NIC 2014 Modern Authentication for the Cloud EraMorgan Simonsen
 
SharePoint Saturday Austin - Share point authentication and authorization
SharePoint Saturday Austin - Share point authentication and authorizationSharePoint Saturday Austin - Share point authentication and authorization
SharePoint Saturday Austin - Share point authentication and authorizationLiam Cleary [MVP]
 
Combat Passwords on Post-Its with Multi-Factor Authentication for IBM i
Combat Passwords on Post-Its with Multi-Factor Authentication for IBM iCombat Passwords on Post-Its with Multi-Factor Authentication for IBM i
Combat Passwords on Post-Its with Multi-Factor Authentication for IBM iPrecisely
 
Microsoft Teams community call - February 2020
Microsoft Teams community call - February 2020Microsoft Teams community call - February 2020
Microsoft Teams community call - February 2020Microsoft 365 Developer
 
JDD2015: Security in the era of modern applications and services - Bolesław D...
JDD2015: Security in the era of modern applications and services - Bolesław D...JDD2015: Security in the era of modern applications and services - Bolesław D...
JDD2015: Security in the era of modern applications and services - Bolesław D...PROIDEA
 

Similar to Authentication and Authorization in Asp.Net (20)

SharePoint Saturday The Conference DC - Are you who you say you are share poi...
SharePoint Saturday The Conference DC - Are you who you say you are share poi...SharePoint Saturday The Conference DC - Are you who you say you are share poi...
SharePoint Saturday The Conference DC - Are you who you say you are share poi...
 
Y U No OAuth, Using Common Patterns to Secure Your Web Applications
Y U No OAuth, Using Common Patterns to Secure Your Web ApplicationsY U No OAuth, Using Common Patterns to Secure Your Web Applications
Y U No OAuth, Using Common Patterns to Secure Your Web Applications
 
Claim based authentaication
Claim based authentaicationClaim based authentaication
Claim based authentaication
 
Y U No OAuth?!?
Y U No OAuth?!?Y U No OAuth?!?
Y U No OAuth?!?
 
SharePoint Authentication And Authorization SPTechCon San Francisco
SharePoint Authentication And Authorization SPTechCon San FranciscoSharePoint Authentication And Authorization SPTechCon San Francisco
SharePoint Authentication And Authorization SPTechCon San Francisco
 
Creating a Sign On with Open id connect
Creating a Sign On with Open id connectCreating a Sign On with Open id connect
Creating a Sign On with Open id connect
 
Securing SharePoint Apps with OAuth
Securing SharePoint Apps with OAuthSecuring SharePoint Apps with OAuth
Securing SharePoint Apps with OAuth
 
Authentication Models
Authentication ModelsAuthentication Models
Authentication Models
 
Security asp.net application
Security asp.net applicationSecurity asp.net application
Security asp.net application
 
Introduction to Web Security
Introduction to Web SecurityIntroduction to Web Security
Introduction to Web Security
 
Kerberos-PKI-Federated identity
Kerberos-PKI-Federated identityKerberos-PKI-Federated identity
Kerberos-PKI-Federated identity
 
AbedElilahElmahmoumP1.pptx
AbedElilahElmahmoumP1.pptxAbedElilahElmahmoumP1.pptx
AbedElilahElmahmoumP1.pptx
 
NIC 2014 Modern Authentication for the Cloud Era
NIC 2014 Modern Authentication for the Cloud EraNIC 2014 Modern Authentication for the Cloud Era
NIC 2014 Modern Authentication for the Cloud Era
 
SharePoint Saturday Austin - Share point authentication and authorization
SharePoint Saturday Austin - Share point authentication and authorizationSharePoint Saturday Austin - Share point authentication and authorization
SharePoint Saturday Austin - Share point authentication and authorization
 
Combat Passwords on Post-Its with Multi-Factor Authentication for IBM i
Combat Passwords on Post-Its with Multi-Factor Authentication for IBM iCombat Passwords on Post-Its with Multi-Factor Authentication for IBM i
Combat Passwords on Post-Its with Multi-Factor Authentication for IBM i
 
Microsoft Teams community call - February 2020
Microsoft Teams community call - February 2020Microsoft Teams community call - February 2020
Microsoft Teams community call - February 2020
 
Web security
Web securityWeb security
Web security
 
JDD2015: Security in the era of modern applications and services - Bolesław D...
JDD2015: Security in the era of modern applications and services - Bolesław D...JDD2015: Security in the era of modern applications and services - Bolesław D...
JDD2015: Security in the era of modern applications and services - Bolesław D...
 
SCWCD : Secure web
SCWCD : Secure webSCWCD : Secure web
SCWCD : Secure web
 
SCWCD : Secure web : CHAP : 7
SCWCD : Secure web : CHAP : 7SCWCD : Secure web : CHAP : 7
SCWCD : Secure web : CHAP : 7
 

Recently uploaded

Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxLoriGlavin3
 
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Mark Goldstein
 
Connecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfConnecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfNeo4j
 
2024 April Patch Tuesday
2024 April Patch Tuesday2024 April Patch Tuesday
2024 April Patch TuesdayIvanti
 
Decarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityDecarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityIES VE
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
Generative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfGenerative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfIngrid Airi González
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxLoriGlavin3
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxLoriGlavin3
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesThousandEyes
 
Data governance with Unity Catalog Presentation
Data governance with Unity Catalog PresentationData governance with Unity Catalog Presentation
Data governance with Unity Catalog PresentationKnoldus Inc.
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
UiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPathCommunity
 
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality AssuranceInflectra
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxLoriGlavin3
 
Testing tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesTesting tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesKari Kakkonen
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfLoriGlavin3
 
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Alkin Tezuysal
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxLoriGlavin3
 
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...panagenda
 

Recently uploaded (20)

Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
 
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
 
Connecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfConnecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdf
 
2024 April Patch Tuesday
2024 April Patch Tuesday2024 April Patch Tuesday
2024 April Patch Tuesday
 
Decarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityDecarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a reality
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
Generative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfGenerative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdf
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
 
Data governance with Unity Catalog Presentation
Data governance with Unity Catalog PresentationData governance with Unity Catalog Presentation
Data governance with Unity Catalog Presentation
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
UiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to Hero
 
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
 
Testing tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesTesting tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examples
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdf
 
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptx
 
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
 

Authentication and Authorization in Asp.Net

  • 1.
  • 2. Topics – Authentication and Authorization 1. INTRODUCTION  Why Security is important in today’s world?  Different Ways to secure your Website / Application 2. What is IIS? and How to install and host an ASP.NET Website? 3. What is Authentication? 4. What is Authorization? 5. What is an Identity Object? 6. What is a Principal Object?
  • 3. Topics – Authentication and Authorization • Different ways of Authentication :  Forms Authentication.  Using Cookies  Cookieless  Windows Authentication.  Passport Authentication.
  • 4. Introduction – Why Security is Important? 1. Security is one of the most important part of any Website or a Web Application. 2. Hackers are waiting out there for us and use various ways to exploit a website / web-application. 3. Hacker can attack in many ways.  Brute Force  Sniffers  Spoofing  Social Engineering  SQL Injection
  • 5.
  • 6. Introduction - Different Ways to Secure your Application  Design your Application well.  Encrypting the Data while storing.  Input Validation.  Forcing Users for Strong Passwords.  Authentication and Authorization.
  • 7. What is Internet Information Service(IIS)? • IIS is one of the most powerful Web Server developed by Microsoft to host ASP.NET Websites or Applications. • Its responsibility is to give a Response back to the Request sent by the Client. How does IIS work?
  • 8. What is Authentication? • Dictionary meaning of “Authentication” is to “Check someone’s genuineness” • In ASP.NET – Authentication means the same. It is a process where you check a person’s credentials. • Example – Facebook, Yahoo, Gmail. What is Authorization? • Providing access to resource based on User’s role. • Authentication always preceeds Authorization
  • 9.
  • 10. What is an Identity Object? • An Identity Object is an Object which stores information about an Authenticated User. • Contains 2 types of Objects “WindowsIdentity” and “GenericIdentity” What is a Principal Object? • A Principal Object is an Object that basically defines the roles of the Authenticated User. • Principal Object encapsulates the Identity Object.
  • 11.
  • 12. Forms Authentication • Forms Authentication is nothing but a Cookie based Authentication where a Cookie is stored on the Client’s machine. • It makes use of a Custom Form to accept User’s Credentials. • Credentials are validated with the information stored in a specific source. • Advantage – – It is the simplest way of authenticating Users for websites and applications. – User does not have to login again and again to the same application.
  • 13.
  • 14. Windows Authentication • Windows Authentication is used in Intranet Environment. • Users credentials are validated with the information stored in the Windows Users Group. • It is not available in Windows 7 Home - Premium, Basic and Starter Versions.
  • 15. Types of Windows Authentication 1. Anonymous Authentication – It does not authenticates the User. 2. Basic Authentication – User is authenticated and information is sent in BASE-64 Encoded format. 3. Digest Authentication – Works like Basic Authentication, but sends information in an encrypted format. 4. Integrated Windows Authentication – It either uses the NTLM or Kerberos type for authentication.
  • 16. Working process of NTLM – Also know as Challenge-Response Process
  • 17. Authentication using Kerberos Mechanism Authentication using Kerberos, contains 3 main components.  Authentication Service (AS)  Validates the Username and Password and sends a simple ticket.  Ticket Granting Server (TGT)  The Client sends the Ticket to the TGT, which sends a Service Ticket.  Service Broker (SB)  The SB, generates the Connection and creates Session for the User to use the Application
  • 18. 2 1 1 2
  • 19. Passport Authentication • User’s Credentials are authenticated using the Microsoft’s websites (Windows Live, Hotmail). • User’s are sent to the Microsoft’s Login page for authentication. • User is not authorized. • Developer does not require to create his own Custom Login Form. • For using the Passport Authentication service, you will have to download the .Net Passport SDK and will also need to register the Application using the .Net Service Manager.