8.1. Authenticating Users
Some applications require you to log in, whereas others are open to the public. Others have a mixture of protected and open content. Despite several large scale efforts to provide a single login scheme that can be shared across multiple sites, nothing has really emerged yet as a de facto standard. I still seem to be forgetting logins and passwords for various applications. Until there is a universal login that everyone trusts, developers manage user accounts on their own.
ASP.NET supports several schemes for authenticating users. You can use Windows user accounts, you can use a custom authentication store, or you can leverage ASP.NET forms authentication.
8.1.1. Authenticating Windows Users
In the default configuration, the ASP.NET authentication mode is set to Windows. An object called a WindowsPrincipal is assigned to each request for a user authenticated against a Windows machine or domain account. The permissions of this WindowsPrincipal are used in checking against the operating system. File system and resource restrictions that are in effect for the user are enforced by Windows based on the WindowsPrincipal. The setting can be modified in the web.config file for the application.
<configuration>
<system.web>
<authentication mode="Windows" />
</system.web>
</configuration>
When a site doesn't require any credentials, the user is referred to as the anonymous user. The anonymous user is any user that is accessing the site without authentication. There ...
Get Professional ASP.NET 3.5 AJAX now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
