Authentication
Authentication
is a process that determines the identity of a user. After a user has been
authenticated, a
developer can determine if the identified user has authorization to proceed. It
is impossible to give an
entity authorization if no authentication process has been applied.
Authentication is provided in ASP.NET
3.5 using the membership service.
You
can use one of these entries in configuration file to select the corresponding
built in authentication provider:
<authentication mode="windows">
authentication mode="passport">
<authentication mode="forms">
Authorization
Authorization
is the process of determining whether an authenticated user is allowed access
to any
part
of an application, access to specific points of an application, or access only
to specific datasets that the application provides. When you authenticate and
authorize users or groups, you can customize a site based on user types or
preferences. Authorization is provided in ASP.NET 3.5 using a role management
service.
We
can specify a particular identity to use for all authenticated requests:
<identity impersonate="true" username="DOMAIN\username" password="password"/>