15.1. Introducing Security
Although security can be quite a complex subject, it often revolves around three important questions:
Who are you?
How can you prove that?
What are you allowed to do in the system?
15.1.1. Identity: Who Are You?
An identity is what makes you, you. The answer to what an identity is depends on the context it is used in. As a citizen of a country, your identity revolves around your person, your official name and birth date, and maybe even a social security number. However, for a web site like p2p.wrox.com, Wrox's community web site, your identity may be as little as your name and e-mail address.
No matter what you include in an identity, it is a way to refer to you. But how does anyone else know you? And how can they be sure it's really you when you log on to a web site for example? This is where authentication enters the game.
15.1.2. Authentication: How Can You Prove Who You Are?
Authentication is about providing evidence about who you are. When you need to register for a library card, you may need to show your passport to prove that the name you registered the card under really belongs to you. With a web site like p2p.wrox.com you need to provide an e-mail address and a password. Together these two pieces form the evidence that prove your identity. There are many other mechanisms used for authentication, including high-tech fingerprint or iris scans, smart cards and tokens (where the evidence is stored on something tangible), and so on. However, in light ...
Get Beginning ASP.NET 3.5: In C# and VB now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.