Chapter 12. Authentication and Authorization
Most applications have some form of authorization, where they allow or disallow a user access to certain forms, pages, or application functions. Before any authorization can occur, the application must know the identity of the user, so most applications also use some type of authentication.
There are several types of authentication available to a .NET application, including the following:
Integrated Windows domain or Active Directory
ASP.NET membership provider
Custom database tables or LDAP server
In every case, the user's identity and roles are maintained in a .NET principal object, which is available to all code in your application. The support for authorization provided by .NET is role-based. The current ...
Get Expert C# 2008 Business Objects now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.