How can Web applications in ASP.NET be secured?

Answer

Web applications in ASP.NET are typically secured in one of two ways, Windows authentication and Forms authentication. Each method stores users differently and involves a different approach for logins.

Windows authentication

• Users are operating system users on the local Windows server or on a domain. Roles are Windows groups.
• Users log into the Web application using a non-customizable pop-up login dialog box.
• For instructions, see the Microsoft article: How To: Use Windows Authentication in ASP.NET 2.0.

Forms authentication

• Users may be stored in a database, a file, or another custom location.
• Users log into the Web application using a form on a standard Web page. The form may be customized.
• For instructions on using a local SQL Server Express database, see the Microsoft article: Walkthrough: Managing Web Site Users with Roles.
• For instructions using full SQL Server, see the Microsoft article: How To: Use Forms Authentication with SQL Server in ASP.NET 2.0.