Your SlideShare is downloading. ×
0
Authentication and 
Authorization in ASP.NET 
MVC 4 
Presenter – Raj Kumar Bhagat, Mindfire Solutions
Myself 
Certifications:- 
MCTS 70-515 Microsoft .Net 4.0 Web App Development 
MCP 70-486 Developing ASP.NET MVC 4.0 Web Ap...
Contents 
● Introduction 
- Why security is important? 
- Different ways to secure our application 
● What is authenticati...
Introduction – Why Security? 
Security is one of the most important part of any Website or a Web 
Application. 
There are ...
How? 
● Design application in good way 
● Encrypt sensitive data while storing 
● Validate input data before processing 
●...
Authentication and Authorization 
Authentication is a process where a user's credential is checked. 
e.g. - gmail, faceboo...
What is a Provider in Asp.Net? 
ProviderBase class is an "Abstract Class" which follows the 
"Provider Model". 
This class...
MembershipProvider in ASP.NET 
● ASP.NET membership gives us a built-in way to validate and store 
user credentials. ASP.N...
Problems with ASP.NET 
Membership 
● Requires full SQL server for default cases 
● Custom Membership Providers have to wor...
SimpleMembership 
● Works with our schema 
● Broaden database support to the whole SQL server family 
● Easy to use with E...
SimpleMembership integrates 
with ASP.NET Membership
Demo 
Implementation of SimpleMembership provider in MVC 4 application
References 
● http://www.codeproject.com/Articles/637428/SimpleMembershipProvider-vs- 
MembershipProvider 
● http://mvc-mo...
Thank You!!!
Upcoming SlideShare
Loading in...5
×

Authentication & Authorization in ASPdotNet MVC

500

Published on

This presentation focuses on achieving Authentication & Authorization in ASP.NET MVC 4 application.

Published in: Software, Technology
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
500
On Slideshare
0
From Embeds
0
Number of Embeds
4
Actions
Shares
0
Downloads
11
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

Transcript of "Authentication & Authorization in ASPdotNet MVC"

  1. 1. Authentication and Authorization in ASP.NET MVC 4 Presenter – Raj Kumar Bhagat, Mindfire Solutions
  2. 2. Myself Certifications:- MCTS 70-515 Microsoft .Net 4.0 Web App Development MCP 70-486 Developing ASP.NET MVC 4.0 Web App Skills:- ASP.NET, MVC, C#, SQL Server, MySQL, Jquery, EntityFramework, LINQ Contact:- Email – rajb@mindfiresolutions.com Skype - mfsi_rajb
  3. 3. Contents ● Introduction - Why security is important? - Different ways to secure our application ● What is authentication and authorization? ● What are providers in ASP.NET? ● What is membership provider in ASP.NET? ● Problems with ASP.NET Membership ● SimpleMembership as a better Membership system ● Implementation of SimpleMembership provider in MVC 4 application
  4. 4. Introduction – Why Security? Security is one of the most important part of any Website or a Web Application. There are various ways to exploit a website/ web application: - ● Brute Force ● Sniffers ● Spoofing ● Social Engineering ● SQL Injection
  5. 5. How? ● Design application in good way ● Encrypt sensitive data while storing ● Validate input data before processing ● Force users to give strong password ● Implement Authentication and Authorization technique
  6. 6. Authentication and Authorization Authentication is a process where a user's credential is checked. e.g. - gmail, facebook etc. Authorization is a process where a user access the resource based on his/her role. Authentication always precedes Authorization.
  7. 7. What is a Provider in Asp.Net? ProviderBase class is an "Abstract Class" which follows the "Provider Model". This class is very simple and contains very few methods which is inherited from the "Object" Class.This class is a part of the System.Configuration.Provider namespace. This ProviderBase class implements a 2 step process. ● Feature-specific Providers (Membership/ Role/ Profile Providers) ● Implementation-specific Providers (SqlMembership Provider)
  8. 8. MembershipProvider in ASP.NET ● ASP.NET membership gives us a built-in way to validate and store user credentials. ASP.NET membership therefore helps us manage user authentication in web sites. ● ASP.NET Membership provides two types of Membership providers:- - SQLMembershipProvider - ActiveDirectoryMembershipProvider ● ASP.NET provides us to configure our own Custom Membership Provider. (Oracle Data Source, Other data source) ● This class inherits from the abstract ProviderBase class and contains various methods and properties to Create, Delete, Update, Validate, Get User information, Change Password
  9. 9. Problems with ASP.NET Membership ● Requires full SQL server for default cases ● Custom Membership Providers have to work with a SQL-Server- Centric API ● Designed around a specific view of users, roles, profiles ● Requires specific schema, overflow in blob columns
  10. 10. SimpleMembership ● Works with our schema ● Broaden database support to the whole SQL server family ● Easy to use with Entity Framework Code First
  11. 11. SimpleMembership integrates with ASP.NET Membership
  12. 12. Demo Implementation of SimpleMembership provider in MVC 4 application
  13. 13. References ● http://www.codeproject.com/Articles/637428/SimpleMembershipProvider-vs- MembershipProvider ● http://mvc-model.blogspot.in/2013/06/mvc-4-custom-simple-membership-provider. html ● http://blog.osbornm.com/2010/07/21/using-simplemembership-with-asp-net-webpages/
  14. 14. Thank You!!!
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×