Authentication & Authorization in ASPdotNet MVC

Uploaded on

This presentation focuses on achieving Authentication & Authorization in ASP.NET MVC 4 application.

This presentation focuses on achieving Authentication & Authorization in ASP.NET MVC 4 application.

More in: Software , Technology
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads


Total Views
On Slideshare
From Embeds
Number of Embeds



Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

    No notes for slide


  • 1. Authentication and Authorization in ASP.NET MVC 4 Presenter – Raj Kumar Bhagat, Mindfire Solutions
  • 2. Myself Certifications:- MCTS 70-515 Microsoft .Net 4.0 Web App Development MCP 70-486 Developing ASP.NET MVC 4.0 Web App Skills:- ASP.NET, MVC, C#, SQL Server, MySQL, Jquery, EntityFramework, LINQ Contact:- Email – Skype - mfsi_rajb
  • 3. Contents ● Introduction - Why security is important? - Different ways to secure our application ● What is authentication and authorization? ● What are providers in ASP.NET? ● What is membership provider in ASP.NET? ● Problems with ASP.NET Membership ● SimpleMembership as a better Membership system ● Implementation of SimpleMembership provider in MVC 4 application
  • 4. Introduction – Why Security? Security is one of the most important part of any Website or a Web Application. There are various ways to exploit a website/ web application: - ● Brute Force ● Sniffers ● Spoofing ● Social Engineering ● SQL Injection
  • 5. How? ● Design application in good way ● Encrypt sensitive data while storing ● Validate input data before processing ● Force users to give strong password ● Implement Authentication and Authorization technique
  • 6. Authentication and Authorization Authentication is a process where a user's credential is checked. e.g. - gmail, facebook etc. Authorization is a process where a user access the resource based on his/her role. Authentication always precedes Authorization.
  • 7. What is a Provider in Asp.Net? ProviderBase class is an "Abstract Class" which follows the "Provider Model". This class is very simple and contains very few methods which is inherited from the "Object" Class.This class is a part of the System.Configuration.Provider namespace. This ProviderBase class implements a 2 step process. ● Feature-specific Providers (Membership/ Role/ Profile Providers) ● Implementation-specific Providers (SqlMembership Provider)
  • 8. MembershipProvider in ASP.NET ● ASP.NET membership gives us a built-in way to validate and store user credentials. ASP.NET membership therefore helps us manage user authentication in web sites. ● ASP.NET Membership provides two types of Membership providers:- - SQLMembershipProvider - ActiveDirectoryMembershipProvider ● ASP.NET provides us to configure our own Custom Membership Provider. (Oracle Data Source, Other data source) ● This class inherits from the abstract ProviderBase class and contains various methods and properties to Create, Delete, Update, Validate, Get User information, Change Password
  • 9. Problems with ASP.NET Membership ● Requires full SQL server for default cases ● Custom Membership Providers have to work with a SQL-Server- Centric API ● Designed around a specific view of users, roles, profiles ● Requires specific schema, overflow in blob columns
  • 10. SimpleMembership ● Works with our schema ● Broaden database support to the whole SQL server family ● Easy to use with Entity Framework Code First
  • 11. SimpleMembership integrates with ASP.NET Membership
  • 12. Demo Implementation of SimpleMembership provider in MVC 4 application
  • 13. References ● MembershipProvider ● html ●
  • 14. Thank You!!!