Performing Authentication and Authorization

Setting up authentication is only part of the job. We also have to implement authorization so that ASP.NET knows what a user can do once they have been authenticated. The technique required for this differs between the MVC framework and other ASP.NET applications. I describe both in the sections that follow.

To make demonstrating authorization simpler, I have created some credentials in the Web.config file of the MVC framework and Web Forms triathlon applications (both follow the same format for this because both rely on the same core ASP.NET authentication feature). Listing 34-4 shows the additions I have made.

Listing 34-4. Defining credentials in Web.config

<authentication mode="Forms">     <forms ...

Get Applied ASP.NET 4 in Context now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.