Live Chat Icon For mobile
Live Chat Icon

ASP.NET FAQ - Security

Find answers for the most frequently asked questions
Expand All Collapse All

To resolve this issue, identify the user account that is used to run the program, and then assign the ‘Impersonate a client after authentication’ user right to that user account. To do this, follow these steps:

  1. Click Start, point to Programs, point to Administrative Tools, and then click Local Security Policy.
  2. Expand Local Policies, and then click User Rights Assignment.
  3. In the right pane, double-click Impersonate a client after authentication.
  4. In the Local Security Policy Setting dialog box, click Add.
  5. In the Select Users or Group dialog box, click the user account that you want to add, click Add, and then click OK.
  6. Click OK.

For more details refer Overview of the ‘Impersonate a Client After Authentication’….


Authentication is the process of identifying and verifying who the client accessing the server is.

For example, if you use

  • Windows authentication and are browsing an ASP.NET page from server — ASP.NET/IIS would automatically use NTLM to authenticate you as SYNCFUSION\user1 (for example).
  • Forms based authentication, then you would use an html based forms page to enter username/password — which would then check a database and authenticate you against the username/password in the database.

Authorization is the process of determining whether an authenticated user has access to run a particular page within an ASP.NET web application. Specifically, as an application author decide to grant or deny the authenticated user ‘SYNCFUSION\user1’ access to the admin.aspx page. This could be done either by explicitly granting/denying rights based on the username — or use role based mappings to map authenticated users into roles (for example: an administrator might map ‘SYNCFUSION\user1’ into the ‘Power Users’ role) and then grant/deny access based on role names (allowing a degree of abstraction to separate out your authorization policy).


ASP.NET supports the following Authentication Providers

  • Windows : Is used in conjunction with IIS authentication. Authentication is performed by IIS in one of three ways: basic, digest, or Integrated Windows Authentication. When IIS authentication is complete, ASP.NET uses the authenticated identity to authorize access
  • Forms : The user provides credentials and submits the form.
  • Passport : Centralized authentication service provided by Microsoft that offers a single logon and core profile services for member sites.
  • None : No Authentication provided. This is default Authentication mode

In the web.config file, you can specify this setting:

   mode= ' [ Windows | Forms | Passport | None ] '>


Share with

Couldn't find the FAQs you're looking for?

Please submit your question and answer.