Chapter 15. Authentication and Authorization
Security is one of the biggest concerns for all software systems in the world, and it includes many topics. But the common concern when first learning how to implement security can be divided into two main parts:
Ensuring that only authorized users with the required permissions are allowed to access a resource
Preventing any illegal access to sensitive data with techniques that improve the security level of a system
The latter aspect of security is mostly taken care of by Microsoft in its Web server and development technologies. ASP.NET, IIS, and SQL Server all have a great security level that restricts illegal access to resources even if developers don't know much about security settings. Fortunately, this aspect of security in Microsoft technologies is proven, and comparative statistics support this assertion.
The first aspect of security is something you should consider during the main stage of developing a software system because it is important to determine who has legal to access to your resources or which resources should be restricted from public access.
Here, two main concepts come into play: authentication and authorization. These concepts are found in all software development technologies, including ASP.NET MVC.
Authentication is the mechanism by which you distinguish registered users from anonymous users. For example, you may have a page that displays internal company news to employees, and you want to allow only registered (and ...
Get Beginning ASP.NET MVC 1.0 now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.