Forms Authentiation
Apart from the Authentication the authorization is a common strategy that can be employed for both Forms/Windows Authenticated User's.
Authentication
Microsoft provides ActiveDirectoryMembershipProvider andSqlMembershipProvider but we can also create our own custom implementation by inheriting from the MembershipProvider class and implementing the methods that we need.
Authorization
Apart from the Authentication the authorization is a common strategy that can be employed for both Forms/Windows Authenticated User's.
Authentication
- The login page collects the user credentials and then calls the Membership class in order to validate them.
- The Membership class uses the web.config to determine what MembershipProvider to use.
- In the end the Membership class calls the ValidateUser method of the membership provider that was determined in step 2. The ValidateUser method verifies if the specified username and password exist and are valid.
Microsoft provides ActiveDirectoryMembershipProvider andSqlMembershipProvider but we can also create our own custom implementation by inheriting from the MembershipProvider class and implementing the methods that we need.
Authorization
- We use the AuthorizeAttribute inside the controller classes to mark the action methods that can be invoked only if the user is authenticated and/or has a given role. Then the AuthorizeAttribute uses the Roles class to check if the currently logged user has the required role.
- The Roles class uses the web.config to understand what RoleProvider to use.
- The RoleProvider is an abstract class that defines the basic methods that all role providers will have. We can use the supplied role providers (e.g. SqlRoleProvider) that are included with the .NET Framework, or we can implement our own custom provider.
Apart from this we can
- Implement our Custom Membership Provider
- Implement our Custom Role Providerefee
References : http://codeutil.wordpress.com/2013/05/14/forms-authentication-in-asp-net-mvc-4/
No comments:
Post a Comment