Authorization in ASP.NET
Presenter – Raj Kumar Bhagat, Mindfire Solutions
MCTS 70-515 Microsoft .Net 4.0 Web App Development
MCP 70-486 Developing ASP.NET MVC 4.0 Web App
ASP.NET, MVC, C#, SQL Server, MySQL, Jquery, EntityFramework,
Email – firstname.lastname@example.org
Skype - mfsi_rajb
- Why security is important?
- Different ways to secure our application
● What is authentication and authorization?
● What are providers in ASP.NET?
● What is membership provider in ASP.NET?
● Problems with ASP.NET Membership
● SimpleMembership as a better Membership system
● Implementation of SimpleMembership provider in MVC 4 application
Introduction – Why Security?
Security is one of the most important part of any Website or a Web
There are various ways to exploit a website/ web application: -
● Brute Force
● Social Engineering
● SQL Injection
● Design application in good way
● Encrypt sensitive data while storing
● Validate input data before processing
● Force users to give strong password
● Implement Authentication and Authorization technique
Authentication and Authorization
Authentication is a process where a user's credential is checked.
e.g. - gmail, facebook etc.
Authorization is a process where a user access the resource based
on his/her role.
Authentication always precedes Authorization.
What is a Provider in Asp.Net?
ProviderBase class is an "Abstract Class" which follows the
This class is very simple and contains very few methods which is
inherited from the "Object" Class.This class is a part of the
This ProviderBase class implements a 2 step process.
● Feature-specific Providers (Membership/ Role/ Profile
● Implementation-specific Providers (SqlMembership Provider)
MembershipProvider in ASP.NET
● ASP.NET membership gives us a built-in way to validate and store
user credentials. ASP.NET membership therefore helps us manage
user authentication in web sites.
● ASP.NET Membership provides two types of Membership
● ASP.NET provides us to configure our own Custom Membership
Provider. (Oracle Data Source, Other data source)
● This class inherits from the abstract ProviderBase class and
contains various methods and properties to Create, Delete, Update,
Validate, Get User information, Change Password
Problems with ASP.NET
● Requires full SQL server for default cases
● Custom Membership Providers have to work with a SQL-Server-
● Designed around a specific view of users, roles, profiles
● Requires specific schema, overflow in blob columns
● Works with our schema
● Broaden database support to the whole SQL server family
● Easy to use with Entity Framework Code First
with ASP.NET Membership
Implementation of SimpleMembership provider in MVC 4 application