ASP.NET Authentication and IIS Authentication

To begin, let's look at a definition of what authentication is. Microsoft defines authentication as

“…the process of obtaining identification credentials such as name and password from a user and validating those credentials against some authority. If the credentials are valid, the entity that submitted the credentials is considered an authenticated identity. Once an identity has been authenticated, the authorization process determines whether that identity has access to a given resource.”

This “authenticated identity” is the basis for .NET authentication as well as IIS, Windows NT, Windows 2000, and many other platforms' means of not only determining if a user can access a resource, but also to ...

Get .NET Framework Security now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.