1)windows authentication
-anonymous
-basic
-digest
-integrated windows
2)forms authentication
3)passport authentication
4)none
authorization
file authorization depends on NTFS permissions
url authorization depends on
forms authentication uses HTML forms to collect authentication information and check in databases. In forms tag
name="frmauth" loginURL="login.aspx" protection="all"
authorization
allow users="*/?"
deny users="*/?"
authorization
authentication mode="Forms"
forms loginUrl="Login.aspx" protection="All"
credentials passwordFormat="Clear"
user name="Admin" password="Admin"
user name="Super" password="Super"
user name="User" password="User"
credentials
forms
authentication
impersonation : by default not enabled
by default asp.net application runs under "aspnet" account. to run under specific user credentials require impersonation.
Anonymous Authentication: IIS doesn't perform any authentication check. IIS allows any user to access the ASP .NET application.
Basic Authentication: For this kind of authentication, a Windows user name and password have to be provided to connect. However, this information is sent over the network in plain text and hence this is an insecure kind of authentication. Basic Authentication is the only mode of authentication older, non-Internet Explorer browsers support.
Digest Authentication: It is same as Basic Authentication but for the fact that the password is hashed before it is sent across the network. However, to be using Digest Authentication, we must use IE 5.0 or above.
Integrated Windows Authentication: In this kind of authentication technique, passwords are not sent across the network. The application here uses either the kerberos or challenge/response protocols to authenticate users. Kerberos, a network authentication protocol, is designed to provide strong authentication for client-server applications. It provides the tools of authentication and strong cryptography over the network to help to secure information in systems across entire enterprise.
