Chapter 5: Authentication and Authorization

the biggest chapter in the whole book…


– Terminology
– Application Design (Trusted Subsystem vs Impersonation/Delegation)
– ASP.NET Security Pipeline and Infrastructure
  – IPrincipal and IIdentity
  – Role-based Authorization (programmatically vs declarative)
– Server Authentication

Using Windows Accounts

– IIS Authentication Methods (Basic, Digest, NTLM, Kerberos)
– Impersonation
  – Automatic vs. Programmatic
  – Impersonation Gotchas (multi-threading and async handlers, error handling)
– Delegation and How to get it to Work
– Security Context and Accessing External Resources

Using Custom Accounts

– Forms Authentication
  – Mechanics
  – Configuration
  – Security
– Customizing Forms Authentication
  – Issuing Tickets
  – Role Management
  – Role Caching (Cache vs User Data)
  – Web Farms and Single-Sign-On Scenarios
– Protecting Non-ASP.NET Resources with ASP.NET
  – Securing classc ASP

Hybrid Approaches

– Manual Windows Authentication (LogonUser vs LDAP)
– Converting a Windows Token into a GenericPrincipal
– Caching Windows Tokens
– Protocol Transition
– Basic Authentication against Custom Accounts
– Client Certificate based Authentication
  – Cryptographic Operations
  – Translating between Certificates and Windows Accounts
– Mixed Mode Authentication


This entry was posted in Uncategorized. Bookmark the permalink.

1 Response to Chapter 5: Authentication and Authorization

  1. Gilles says:

    Hi Dominick,

    Is there a way in ASP.NET to send a custom message to the client when the authentication ticket has expired to let them know why they are being re-directed.
    (error 4005)

    Thank you.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s