Windows Authentication mode relies upon IIS to perform the required authentication of a client. After IIS authenticates a client, it passes a security token to ASP.NET.
Advantages – Authenticates using Windows accounts, so you do not need to write any custom authentication code.
Disadvantages – May require the use and management of individual Windows user accounts.
Form Authentication is an authentication scheme that makes it possible for the application to collect credentials using an HTML form directly from the client. If your application authenticates the client, it issues a cookie to the client
Advantages – Makes it possible for custom authentication schemes using arbitrary criteria. Can be used for authentication or personalization. It does not require corresponding Windows accounts.
Disadvantages – Is subject to replay attacks for the lifetime of the cookie, unless using SSL/TLS. Is only applicable for resources mapped to Aspnet_isapi.dll.
Passport Authentication is a centralized authentication service provided by Microsoft that offers a single logon. When register with Passport, the Passport service grants a site-specific key. The server uses this key to encrypt and decrypt the query strings passed between the site and the Passport logon server.[ad]
Advantages – Supports single sign-in across multiple domains. It is Compatible with all browsers.
Disadvantages – Places an external dependency for the authentication process.
None Authentication Mode is used when users are not authenticated at all or if you plan to develop custom authentication code.
Advantages – Offers total control of the authentication process providing the greatest flexibility. It also provides the highest performance if you do not implement an authentication method.
Disadvantages – Custom-built authentication schemes are seldom as secure as those provided by the operating system. It requires extra work to custom-build an authentication scheme.
IIS provides a variety of authentication schemes:
- Anonymous (enabled by default) – Anonymous authentication gives users access to the public areas of your Web site without prompting them for a user name or password.
- Basic – username and password are transmitted in clear text
- Digest – username and password are transmitted with encrypted format
- Integrated Windows authentication (enabled by default) – NTLM authentication/ Kerberos V5
- Client Certificate Mapping – A certificate is a digitally signed statement that contains information about an entity and the entity’s public key, thus binding these two pieces of information together.
Server Controls like DataGrid, DataGridView, DataList etc have other controls inside them.
A control can participate in event bubbling through two methods that it inherits from the base class System.Web.UI.Control. These methods are OnBubbleEvent and RaiseBubbleEvent.
Example an DataGridView can have an Textbox or an button inside it. These Child Controls cannot raise events by themselves, but they pass the event to the parent control (DataGridView), which is passed to the page as “ItemCommand” event. This process is known as Event Bubbling.
Disclaimer – F5debug Interview Questions & Answers Series:
You may recopy extracts from these pages (“the material”) to individual third party websites or to any intranet websites, but only if:
You acknowledge www.f5debug.net as the source of the material. Such acknowledgment should include reference to www.f5debug.net in the copy of the material and should also include “© Karthikeyan Anbarasan, www.f5debug.net “. You inform the third party that these conditions apply to him/her and that he/she must comply with them.