This is the process of accepting credentials from a user and validating those credentials against a designated authority.
ASP.NET authentication Types:
- Forms authentication
- Windows authentication
- Passport authentication
- Default authentication
This is the process of determining whether the proven identity is allowed to access a specific resource.
ASP.NET authorization types:
- FileAuthorization
- UrlAuthorization
- * - Refers to all identities
- ? - Refers to the anonymous identity
<authorization> <allow roles="Admins"/> <allow verb="GET" users="*"/> <allow verb="POST" users="Kim"/> <deny verb="POST" users="*"/> <deny users="John"/> <deny users="?"/> </authorization>
Impersonation :
A This mechanism allows a server process to run using the security credentials of the client. When the server is impersonating the client, any operations performed by the server are performed using the client's credentials. Impersonation does not allow the server to access remote resources on behalf of the client.
Delegation :
A Like impersonation, delegation allows a server process to run using the security credentials of the client. However, delegation is more powerful and allows the server process to make calls to other computers while acting as the client.
