ASP.NET Security Lecture 1
Authentication: Checks user identity
Authorization: Check Permissions
4 type of security:
1. Windows Authentication
2. Forms Authentication: Can be customized
3. Passport Authentication
4. None
Web.config
<!-- For more information on how to configure your ASP.NET application, please visit
http://go.microsoft.com/fwlink/?LinkId=169433
-->
<configuration>
<system.web>
<compilation debug="true" targetFramework="4.0"/>
<authentication mode="Forms">
<forms name="abc" defaultUrl="Default.aspx" loginUrl="Login.aspx">
<credentials passwordFormat="Clear">
<user name="admin" password="ad"/>
<user name="admin1" password="ad1"/>
<user name="admin2" password="ad2"/>
</credentials>
</forms>
</authentication>
</system.web>
<location path="Default4.aspx">
<system.web>
<authorization>
<allow users="admin"/>
<deny users="*"/>
</authorization>
</system.web>
</location>
<location path="Default2.aspx">
<system.web>
<authorization>
<allow users="admin1"/>
<deny users="*"/>
</authorization>
</system.web>
</location>
<location path="Default3.aspx">
<system.web>
<authorization>
<allow users="admin2"/>
<deny users="*"/>
</authorization>
</system.web>
</location>
</configuration>