ASP.NET Security Lecture 1

Authentication: Checks user identity
Authorization: Check Permissions
 4 type of security:
1. Windows Authentication
2. Forms Authentication: Can be customized
3. Passport Authentication
4. None
Web.config

<!--

 For more information on how to configure your ASP.NET application, please visit
  http://go.microsoft.com/fwlink/?LinkId=169433

 -->
<configuration>
    <system.web>
        <compilation debug="true" targetFramework="4.0"/>
        <authentication mode="Forms">
            <forms name="abc" defaultUrl="Default.aspx" loginUrl="Login.aspx">
                <credentials passwordFormat="Clear">
                    <user name="admin" password="ad"/>
                    <user name="admin1" password="ad1"/>
                    <user name="admin2" password="ad2"/>
                </credentials>
            </forms>
        </authentication>
    </system.web>
    <location path="Default4.aspx">
        <system.web>
            <authorization>
                <allow users="admin"/>
                <deny users="*"/>
            </authorization>
        </system.web>
    </location>
    <location path="Default2.aspx">
        <system.web>
            <authorization>
                <allow users="admin1"/>
                <deny users="*"/>
            </authorization>
        </system.web>
    </location>
    <location path="Default3.aspx">
        <system.web>
            <authorization>
                <allow users="admin2"/>
                <deny users="*"/>
            </authorization>
        </system.web>
    </location>
</configuration>