0

im a novice in authentication concepts, so trying to explore about authentication and different types of authentication..

My first doubt is, when i searched on google its saying that default authenication is windows authentication for a webproject, but when i see my new webproject it shows me as Forms authentication in my web.config file

<authentication mode="Forms">
  <forms loginUrl="~/Account/Login.aspx" timeout="2880" />
</authentication>

what is the correct default authentication of a webproject in asp.net?

My another doubt is, is it really required to use authentication and authorisation in asp.net, as i worked with a mvc project what i did in that was when the user logged in i checked with the database if the userid and password are matching and if yes then retrieve the roleId of that user and then grant menus that the user has rights?

sebastian
  • 837
  • 1
  • 8
  • 18
  • it depends on what you need. Explain what you need and you may get the correct answer – Ivo Feb 12 '14 at 05:40
  • im just learning authentication concepts, so trying to figure out...as we see our daily public websites like gmail etc, i have a login form, do we really need to use authencation and authorization to grant access to resources – sebastian Feb 12 '14 at 06:01

1 Answers1

1

Yes the default authentication is the windows authentication. No matter what you type on your web.config, your pages first pass the windows authentication if you do not have give there permission for read you either not see them, either you prompt with for password.

On IIS you see the public user here:


(source: planethost.gr)

If you do not give access to that user, you can not see your pages. More details for that on this answer: How to set correct file permissions for ASP.NET on IIS

Now on your question, if you really need authentication and authorisation in asp.net. You do not need anything - but do you try to re-event it ? Do you know and fully understand how this works, and you have duplicate with your code or not ?. asp.net is a nice robust, ready to use authentication module, that you can easy expand.

From what you say, you check your database and validate your user, ok after that ? how you know then that your user is the one on the next pages ? how you control that, how you logout your user, how you ensure that a man in the middle did not stole their password and credential ?

Glorfindel
  • 21,988
  • 13
  • 81
  • 109
Aristos
  • 66,005
  • 16
  • 114
  • 150