As explained earlier, authentication is the process of accepting credentials from a user and validating those credentials against some authority. If the credentials are valid, you have an authenticated identity. Then, given an identity, authorization is the process of determining whether that identity has access to a given resource.
There are a variety of methods commonly used to authenticate a request, including Basic, Digest, Windows, and Custom authentication. First, a brief overview of how these authentication schemes work is presented, and then ASP+ support for authentication and authorization is described.
The first version of ASP+ will ship with support for the following authentication providers:
This method is used in conjunction with IIS authentication. Authentication is performed by IIS in one of three ways: Basic, Digest, or Windows authentication. ASP+ uses the authenticated identity to authorize access.
Passport authentication is a centralized authentication service provided by Microsoft that offers a single sign-in and core profile services for member sites.
Cookie authentication is generally used to refer to a system whereby unauthenticated requests are redirected to an HTML form (using HTTP client-side redirection). The user provides credentials and submits the forms. If the application authenticates the request, the system issues a cookie that contains the credentials in some form or a key for reacquiring the identity. Subsequent requests are issued with the cookie in the request headers and they are authenticated and authorized by an ASP+ handler using whatever validation method the application developer specifies.