How to implement windows authentication concepts in asp.net application

By
In this tutorial i have explained how enhance security features in asp.net website and web services .You can provide security in setup and cache file also There are basically four elements which provide security in ASP.NET Application. 
  1. Authentication
  2. Authorization
  3. Confidentiality
  4. Integrity
     1.) Authentication:- Authentication is a process in which user can verify your credentials such as Id and password.
Real life Examples
  • When you want to open your gmail account then you have to id and password to verify the credentials.This process is known as authentication.
  • Suppose you have a student of a college or school,your college or school provides a identity cards for each student to verify the credentials whether you are student of this college or not.When you go to college security guard check your identity card,this process is known as authentication.
There are mainly four types of authentication used in asp.net application.
  • Windows Authentication
  • Forms Authentication
  • Passport Authentication
  • Custom Authentication
I will discuss each authentication one by one in this tutorial or coming tutorials.
     2. ) Authorization :- An Authorization is the process in which,Developers provides a specific roles to a specific user.Authorization process comes after the Authentication process. we specify Authorization in web.config file.
Real life Examples:- 
  • Suppose you have a gmail account ,open your gmail account after Authentication process,here gmail administrator provide few access to the users such as you can access some file and folder but not access all files ,this process is known as Authorization.
  • When you(students) enter the college or school after authentication process (verify your identity card by security guard or system software).There are some restriction on students ,they can't go every places(room) in organization(school or college) such as students can't go Director  room ,management member's room and other places directly.this process is known as Authorization process. 
      3. ) Confidentility :-  It is a process in which data goes to client to web server in the form of encryption,So that no body can see the original data.This technique is known as Confidentility or Privacy.
Ex. 
Sender -----Plain Text (It is a boy)---->Encrypted with key --->Cipher  Text (@# @R e twq)-->Receiver 
      4. ) Integrity :-Integrity is the process in which user can easily know whether his data is modified (changed) or not.In Integrity we can not change the original data,if any body change the data then receiver can easily know with the help of hashing process whether data is changed or not. Because Sender send hash value with original text to  the receiver.
we can secure  internet data with the help of two technique which are given below:-
  • Digital Signature
  • Hashing
These two technique  insure that whether data is modified or not in between sender and receiver.Now days all websites are using this technique.Google,Microsoft,yahoo etc also use hash and digital signature techniques.With the help of digital signature receiver can easily claim that this data can send by that particular user(ex. mohan,ram,etc.) only.It follow Non Repudiation property.
How to implement window Authentication technique in asp.net Application
It is a default authentication ,which is specified in web.config file in ASP.NET .In this authentication, asp.net web page usages users and Groups to authenticate and authorize the resources.we mostly use 'Window Authentication' on intranet Network not internet.
Example:- In this kinds of authentication user is authenticate by the web server.If  you login with operating system with tag Id and password  then web server  allowed to access the site by checking web.config file rules.If you can verify the id and password then you can't access the application.
There are some steps to implement the windows authentication in asp.net application which are given below:-
Step 1:- First open your visual studio --> File -->New -->Website-->Select Asp.net Empty Website -->OK --> Open solution Explorer --> Add a web Form (Home.aspx)-->Drag and Drop Link Button as shown below:-


form

 Step 2:- Add another web form (Admin.aspx) as shown below:-


administrator

 Step 3:- Add another web form (User.aspx) as shown below:-


form3

 Step 4:- Now write the c# codes in home.aspx.cs  file as given below:-

using System;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Security.Principal;

public partial class Home : System.Web.UI.Page
{
    protected void Page_Load(object sender, EventArgs e)
    {
        Label1.Text = "Administrator computer=" +User.Identity.Name;
        WindowsIdentity identity = (WindowsIdentity)User.Identity;
    }
    protected void LinkButton2_Click(object sender, EventArgs e)
    {
        Response.Redirect("User.aspx");
    }
    protected void LinkButton1_Click(object sender, EventArgs e)
    {
        Response.Redirect("Admin.aspx");
    }
}

 Step 5:- Now open web.config file-->write some access rules ( authentication  and  authorization ) so that only administrator can access the application.

<?xml version="1.0"?>

<!--
  For more information on how to configure your ASP.NET application, please visit
  http://go.microsoft.com/fwlink/?LinkId=169433
  -->
<configuration>
  
    <system.web>
      <authentication mode="Windows"/>
      <authorization>
        <deny users="?" />
      </authorization>
    </system.web>
  <location path="Admin.aspx">
  <system.web>
    <authorization>
      <allow roles="RAMASHANKER-PC\diamond"/>
      <deny users="*"/>
      </authorization>         
  </system.web>
  </location>
 
</configuration>

Note:- Here Administrator of this windows only access the Admin.aspx page.
<allow roles="RAMASHANKER-PC\diamond"/>
In step 4 i have written the c# codes on page load, to find the Administrator pc Name of any  computer( for Windows only).

Step 6:- Now  Right click on Computer (Desktop icon) -->Manage-->Local User and Groups-->Create New user account and Administrator account if you want as shown below:-


new user

Step 7:- Now Run the application (press F5)  as shown below:-


run_web

Step 8:- Now click first above link as shown below:-


user
Step 9:-  Now Click Admin.aspx link from step 7 as shown below:-

admin
Note:- Here Administrator of computer is RAMASHANKER-PC/diamond so that he can easily access the Admin.aspx page.

Step 10:- Another user of this computer (Mohan and Ram which are created in step 6) can't access the Admin.aspx page.it will give following error as shown below:-


user_denied

Note:- In our coming MVC Tutorials ,i will make an windows authentication application  and host it on server (IIS).In this, I will put some access rules so that only some users of that group only,can access the application.
For More...
  1. Web Services in asp.net
  2. Caching concepts on asp.net application
  3. How to create generic handler in asp.net
  4. Views in Microsoft sql server
  5. Create captcha image without dll file
  6. Web Form controls in asp.net
  7. Stored procedure in sql server
  8. Create dll file and use it asp.net application
  9. How to print the gridview data in windows form application
  10. Overview of c#
Download  Attached application
              Download

0 comments:

Post a Comment

Powered by Blogger.