ASP.NET Authentication and IIS Authentication

To begin, let's look at a definition of what authentication is. Microsoft defines authentication as

“…the process of obtaining identification credentials such as name and password from a user and validating those credentials against some authority. If the credentials are valid, the entity that submitted the credentials is considered an authenticated identity. Once an identity has been authenticated, the authorization process determines whether that identity has access to a given resource.”

This “authenticated identity” is the basis for .NET authentication as well as IIS, Windows NT, Windows 2000, and many other platforms' means of not only determining if a user can access a resource, but also to ...

Get .NET Framework Security now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.