4 February 2014

Windows Authentication

         Windows Authentication treats the user identity supplied by Microsoft Internet Information Services (IIS) as the authenticated user in an ASP.NET application.

            IIS provides a number of authentication mechanisms to verify user identity, including anonymous authentication, Windows integrated (NTLM) authentication, Windows integrated (Kerberos) authentication, Basic (base64 encoded) authentication, Digest authentication, and authentication based on client certificates. Windows Authentication is implemented in ASP.NET using the   Windows Authentication Module 

              The module constructs a Windows Identity based on the credentials supplied by IIS and sets the identity as the current User property value for the application.
             
             Windows Authentication is the default authentication mechanism for ASP.NET applications and is identified as the authentication mode for an application using the authentication configuration element

Example:

<system.web>
  <authentication mode="Windows"/>
</system.web>


Impersonating the Windows Identity:

         Although the Windows Authentication mode sets the value of the current User property to a Windows Identity based on the credentials supplied by IIS, it does not modify the Windows identity that is supplied to the operating system.
  
        The Windows identity supplied to the operating system is used for permission checking, such as NTFS file permissions, or for connecting to a database using integrated security. By default, this Windows identity is the identity of the ASP.NET process.

        On Microsoft Windows 2000 and Windows XP Professional, this is the identity of the ASP.NET worker process, which is the local ASPNET account. On Windows Server 2003, this is the identity of the IIS Application Pool that the ASP.NET application is part of. By default, this is the NETWORK SERVICE account.

      You can configure the Windows identity of your ASP.NET application as the Windows identity supplied by IIS by enabling impersonation. That is, you instruct your ASP.NET application to impersonate the identity supplied by IIS for all tasks that the Windows operating system authenticates, including file and network access.

Example: 
        <System.web>
        <authentication mode="windows"/>
         <identity impersonate="true"/>
          </System.web>

 






at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)