Go Back   Wiki NewForum > Career Forum > Tech Forum & Tutorial > ASP.NET Forum & Tutorial

ASP.NET Authentication and Authorization - Interview questions

Views: 1347  
Thread Tools Rate Thread Display Modes
Old 05-31-2009, 04:41 AM
bholus7 bholus7 is offline
Join Date:
Apr 2009
Posts: 1,322
Default ASP.NET Authentication and Authorization - Interview questions

ASP.NET Authentication and Authorization - Interview questions

Define Authentication and Authorization.

Answer - Authentication is the process of verifying user's identity. Authorization is the process of granting privilege to authenticated user.

The user is validated using authenticated process and then the authorization process identifies if the user has access to a given resource. In ASP.NET, you can authenticate user in code or allow the user to be authenticated by other party such as MS Passport.

You have two layer of authentication in ASP.NET i.e. IIS layer and ASP.net authentication process layer. IIS performs authentication if it is configured to do so. By default, IIS allows anonymous access which means all the users are authenticated. All the requests pass through IIS layer and then to ASP.NET authentication process.

If any user requests IIS layer for anonymous access, the user is treated as authenticated and pass to ASP.NET process. ASP.NET checks if impersonation is enabled in the web configuaration file i.e. web.config file. If impersonation is enabled, ASP.net acts as though it were the authenticated user otherwise it process with its own configured account.

To enable the application to authenticate users,
you need to add element in the authorization section of Web.config.

What is the authentication mode available in ASP.NET?

Answer - ASP.NET supports three authentication modes through the System.Web.Security namespace.

Windows Authentication
The windows authentication authenticates users based on their windows accounts. In short, it uses windows network security. It uses IIS to perform authentication.

Passport authentication
The Passport authentication uses Microsoft's passport service to authenticate users. The new user is directed to the Microsoft site where he can register his identity.

This facilitates user to access multiple sites using single user name and password. You need to install the Passport SDK to enable the Passport classes in the System.Web.Security namespace.
Form authentication

The Form authentication collects user's credential and lets the application use own logic to authenticate users. The collected user's credential is validated using the list maintained by the application.

The application maintains its own user list either using element in the web.config file or using database. The advantage of using form authentication is that the users don't need to be the member of windows network to have access to the application.

How do you set authentication mode in the ASP.NET application?

Answer - You can set authentication mode using web.config file.

List out the difference between windows authentication and form authentication.

Answer - Windows authentication uses windows account whereas form authentication maintains its own user list. Windows authentication is best suited for the application which is meant for a corporate users whereas form authentication is preferable for the applications which have diversified users from several places.

User lists for windows authentication are found in element whereas in case of form authentication, lists are there in element of web.config file.
How do you impersonate the authenticated user in ASP.NET?

Answer - Impersonation means delegating one user identity to another user. In ASP.NET, the anonymous users impersonate the ASPNET user account by default. You can use element of web.config file to impersonate user. E.g.
How do you provide secured communication in ASP.NET?

Answer - ASP.NET provides secured communication using Secure Sockets Layer. The application to use SSL need to have an encryption key called a server certificate configured in IIS. When a user requests a secured page, the server generates an encryption key for the userís session

The encrypted response is then sent along with encryption key generated. In the client side, the response is then decrypted using same encryption key.

Reply With Quote

New topics in ASP.NET Forum & Tutorial

Thread Tools
Display Modes Rate This Thread
Rate This Thread:

Forum Jump

Powered by vBulletin® Version 3.8.10
Copyright ©2000 - 2019, vBulletin Solutions, Inc.