What is Authentication? What are the different types of Authentication?
In a client-server environment, there are plenty of cases where the server has to
interact and identify the client that sends a request to the server. Authentication is the process of
determining and confirming the identity of the client.
If a client is not successfully identified, it is said to be anonymous.
Types of Authentication
Essentially the Windows Authentication and Forms Authentication are the famous ones, as Passport Authentication
is related to a few websites (like microsoft.com, hotmail.com, msn.com etc. only).
Windows Authentication is implemented mostly in Intranet scenarios. When a browser (client) sends a Request
to a server where in windows authentication has been implemented, the initial request is anonymous in nature.
The server sends back a Response with a message in HTTP Header. This Prompts a Window to display a Modal Dialog Box
on the browser, where the end user may enter the "User name" and "Password".
The end user enters the credentials, which are then validated against the User Store on the Windows server. Note that
each user who access the Web Application in a Windows Authentication environment needs to have a Windows Account in
the company network.
How to avoid or disable the modal dialog box in a Windows Authentication environment?
By enabling the Windows Integrated Authentication checkbox for the web application through settings in IIS.
Security Authentication Process
Website Admin Tool
Mixed Mode Authentication
Provider Model & Personalization
Forms Authentication is used in Internet based scenarios, where its not practical to provide a Windows based account
to each and every user to the Web Server. In a Forms Authentication environment, the user enters credentials, usually a User Name
and a corresponding Password, which is validated against a User Information Store, ideally a database table.
Forms Authentication Ticket is the cookie stored on the user's computer, when a user is authenticated. This helps in
automatically logging in a user when he/she re-visits the website. When a Forms Authentication ticket is created, when a
user re-visits a website, the Forms Authentication Ticket information is sent to the Web Server along with the HTTP Request.
More Interview Questions...