Authentication in ASP.Net

Authentication is a mechanism which detects if a user trying to access the site or resource is a valid user or not. There are lot of misinterpretations about terms Authentication and Authorization.

Authorization on the other hand is a process followed by successful authentication, which checks if the current user is having rights to access the resource.

Different modes of Authentication in ASP.Net
- None
- Windows
- Forms
- Passport

Where to set Authentication mode ?
The authentication mode can be set in a web.config file of your web application. In web.config file, under System.Web section,
we can specify Authentication mode as,

    <authentication mode="Windows" />

Authentications Modes in details

None - This is the most flexible mode provided for Authentication. You can use this setting if you don't want
to authenticate any user at all or you want to implement your own authentication mechanism. Custom authentication can be implemented using an ISAPI filters from IIS.

Passport - It is a central mechanism provided by Microsoft which allows single sign on with multiple sites mechanism. All member sites using passport mechanism are provided with a key which is used in single sign on mechanism across multiple domains.

Windows - It relies upon IIS for authenticating a user. With this settings, windows accounts are checked for authentication against user trying to log into the system. When IIS authenticates a user, it creates a security token and passes it to ASP.Net. ASP.Net then creates an WindowsPrincipal object and attaches it to the application context.

Forms - This mechanism allows your application to collect user credentials right from HTML forms. When a user submits the login credentials,
application code checks for user authentication. If it succeeds, it issues a cookie for the respective client. This cookies is then used for
subsequent requests from the respective client. If the cookie is not found, user is redirected to a log on page.