Last post Dec 10, 2013 04:37 AM by PatriceSc
Dec 10, 2013 02:14 AM|Joy2101|LINK
I need to understand the ASP.Net authentication well and so i have some question in my mind and i need some details explanation on that.
Firstly, i have read few palces that it is better to use
Windows authentication for intranet application within the organization. Now i have few doubts on this.
> If it is single signon application then where it does the user authentication? Is it with Active directory data or some where else? If it is Active directory then how it linked to that, using LDAP ?
> If it is not single signon application then where it does the authentication?
I have read that before the web request reach to the HttpPageHandler, HttpModule do some authentication and authorization. But now my question is :
> If my application using windows authentication,then when the request hit first time the IIS, then what authentication and authorization the Httpmodule does ?
>If i am doing the validation with Active directory with Windows Authentication then the valdiation will happen only in the page that means only when it reach to the HttpPageHandler and page life cycle start then only the authentication will start against
Active Directory. So what kind of Authentication and Authorization happen in HttpModule.
> Same if i am using Form Authentication then the user identity and privileges will be validated against the database only when the page life cycle starts on login button click event. So same question here also, what userAuthentication and Authorization
HttpMoodule does, which happened before it goes to the Page handler since the user identity wont be there until it reach to the Page.
In the aboce scenario, please correct me if my understanding is not right.
I need to understand in depth what happen when my request hit the IIS and let mw know any sites where i can get step by step in details.
Thanks & Regards,
Dec 10, 2013 04:37 AM|PatriceSc|LINK
You also have
http://msdn.microsoft.com/en-us/library/ff423674.aspx (claim authentication).
Using the browser dev tools (F12) could also help to see what happens on the browser side and relate this with materials you could find. You could also use a tool to look at the authentication module code.
If you need further help, it might be better to post to
http://forums.iis.net/ (as you are looking at IIS product internals) and it would be likely better to tell them what you are trying to do to get better guidance. I assume this is not because you are just curious ;-)