Chapter 27. The System.Web.Security Namespace
The System.Web.Security
namespace includes the modules that
implement various types of ASP.NET authentication, such as WindowsAuthenticationModule
, FormsAuthenticationModule
, and PassportAuthenticationModule
. You don’t
interact directly with these modules in an ASP.NET application; instead, the
ASP.NET framework uses the appropriate module (based on the options you have set in the
web.config
file) to authenticate the user.
After this point, ASP.NET provides identity information in the System.Web.HttpContext.User
property and uses this identity
to authorize access to resources such as files and URLs (using modules like UrlAuthorizationModule
and FileAuthorizationModule
, which are also
found in this namespace).
One reason you might use the types in this namespace is to handle authentication
events. Generic security events, like System.Web.HttpApplication.AuthenticateRequest
and System.Web.HttpApplication.AuthorizeRequest
are already
available in the global.asax
file. However, each
authentication module also provides its own Authenticate
event, which can be used to validate a user programmatically or attach a new System.Security.Principal.IIdentity
instance. Event
handlers for Authenticate
events are coded in the
global.asax
file, but defined in this namespace.
Another important class in this namespace is FormsAuthentication
. This class provides the shared methods you need to use in your login page if you use ASP.NET’s forms-based security. ...
Get ASP.NET in a Nutshell now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.