Authentication & Authorization in ASPdotNet MVC

1,077 views

Published on

This presentation focuses on achieving Authentication & Authorization in ASP.NET MVC 4 application.

Published in: Software, Technology
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
1,077
On SlideShare
0
From Embeds
0
Number of Embeds
22
Actions
Shares
0
Downloads
20
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

Authentication & Authorization in ASPdotNet MVC

  1. 1. Authentication and Authorization in ASP.NET MVC 4 Presenter – Raj Kumar Bhagat, Mindfire Solutions
  2. 2. Myself Certifications:- MCTS 70-515 Microsoft .Net 4.0 Web App Development MCP 70-486 Developing ASP.NET MVC 4.0 Web App Skills:- ASP.NET, MVC, C#, SQL Server, MySQL, Jquery, EntityFramework, LINQ Contact:- Email – rajb@mindfiresolutions.com Skype - mfsi_rajb
  3. 3. Contents ● Introduction - Why security is important? - Different ways to secure our application ● What is authentication and authorization? ● What are providers in ASP.NET? ● What is membership provider in ASP.NET? ● Problems with ASP.NET Membership ● SimpleMembership as a better Membership system ● Implementation of SimpleMembership provider in MVC 4 application
  4. 4. Introduction – Why Security? Security is one of the most important part of any Website or a Web Application. There are various ways to exploit a website/ web application: - ● Brute Force ● Sniffers ● Spoofing ● Social Engineering ● SQL Injection
  5. 5. How? ● Design application in good way ● Encrypt sensitive data while storing ● Validate input data before processing ● Force users to give strong password ● Implement Authentication and Authorization technique
  6. 6. Authentication and Authorization Authentication is a process where a user's credential is checked. e.g. - gmail, facebook etc. Authorization is a process where a user access the resource based on his/her role. Authentication always precedes Authorization.
  7. 7. What is a Provider in Asp.Net? ProviderBase class is an "Abstract Class" which follows the "Provider Model". This class is very simple and contains very few methods which is inherited from the "Object" Class.This class is a part of the System.Configuration.Provider namespace. This ProviderBase class implements a 2 step process. ● Feature-specific Providers (Membership/ Role/ Profile Providers) ● Implementation-specific Providers (SqlMembership Provider)
  8. 8. MembershipProvider in ASP.NET ● ASP.NET membership gives us a built-in way to validate and store user credentials. ASP.NET membership therefore helps us manage user authentication in web sites. ● ASP.NET Membership provides two types of Membership providers:- - SQLMembershipProvider - ActiveDirectoryMembershipProvider ● ASP.NET provides us to configure our own Custom Membership Provider. (Oracle Data Source, Other data source) ● This class inherits from the abstract ProviderBase class and contains various methods and properties to Create, Delete, Update, Validate, Get User information, Change Password
  9. 9. Problems with ASP.NET Membership ● Requires full SQL server for default cases ● Custom Membership Providers have to work with a SQL-Server- Centric API ● Designed around a specific view of users, roles, profiles ● Requires specific schema, overflow in blob columns
  10. 10. SimpleMembership ● Works with our schema ● Broaden database support to the whole SQL server family ● Easy to use with Entity Framework Code First
  11. 11. SimpleMembership integrates with ASP.NET Membership
  12. 12. Demo Implementation of SimpleMembership provider in MVC 4 application
  13. 13. References ● http://www.codeproject.com/Articles/637428/SimpleMembershipProvider-vs- MembershipProvider ● http://mvc-model.blogspot.in/2013/06/mvc-4-custom-simple-membership-provider. html ● http://blog.osbornm.com/2010/07/21/using-simplemembership-with-asp-net-webpages/
  14. 14. Thank You!!!

×