Most Web sites need to selectively restrict access to some portions of the site. A Web site can be somewhat analogous to an art gallery. The gallery is open for the public to come in and browse, but there are certain parts of the facility, such as the business offices, where the public is not allowed. Another example of the need for security is where the Web site must record a purchaser's credit card information. The file or database where such information is collected must be secured from public access. ASP+ security features can solve these and many other security needs.
ASP+, working in conjunction with Internet Information Services (IIS) 5.0, can authenticate user credentials (such as names and passwords) using any of five different authentication methods: Basic, Digest, Windows, Passport, and Cookie authentication. Access to site information can be controlled in either of two ways: by comparing authenticated credentials (or representations of them) to NTFS file system (NTFS) permissions, or by comparing them to an XML file containing authorized users, authorized roles (groups), or authorized HTTP verbs.
The following sections describe these capabilities in more detail: