For a production web application, on the hand, you use IIS as your web server. IIS supports several types of authentication including:
· Basic Authentication – Defined as part of the HTTP 1.0 protocol. Sends usernames and passwords in clear text (Base64 encoded) across the Internet.
· Digest Authentication – Sends a hash of a password, instead of the password itself, across the internet.
· Integrated Windows (NTLM) Authentication – The best type of authentication to use in intranet environments using windows.
· Certificate Authentication – Enables authentication using a client-side certificate. The certificate maps to a Windows user account.
You can use the Internet Information Services Manager to enable a particular type of authentication. Be aware that all types of authentication are not available in the case of every operating system. Furthermore, if you are using IIS 7.0, you need to enable the different types of Windows authentication before they appear in the Internet Information Services Manager. Open Control Panel, Programs, Programs and Features, Turn Windows features on or off and expand the Internet Information Services node. Select which type of Windows authentication you want to enable. Using Internet Information Services, you can enable or disable different types of authentication. For example, you may disable anonymous authentication and enable Integrated Windows (NTLM) authentication when using IIS.
After you enable Windows authentication, you can use the [Authorize] attribute to control access to controllers or controller actions. This attribute can be applied to an entire MVC controller or a particular controller action.
No comments:
Post a Comment