Anonymous access and Windows Authentication

Authentication:

Authentication: Authentication is the process of determining the identity of a user based on the user’s credentials. The user’s credentials are usually in the form of user ID and password, which is checked against any credentials' store such as database. If the credentials provided by the user are valid, then the user is considered an authenticated user.

In ASP.NET there are different ways in which authentication is performed as discussed below:

   1)               Anonymous Access: There is no authentication performed and the user is treated as       anonymous user by IIS.

Sometimes it is necessary or possible to access any data from remote server or database without any authenticated person. If the data is easily accessible without any authentication (i.e username and password) that means the user accessing those data or file has an anonymous access. There is no difference between a user who is “anonymously authenticated” and an unauthenticated user. There can be many situations where anonymous authentication is useful.

    2)      Windows Authentication: Provides information on how to use Windows authentication in conjunction with Microsoft Internet Information Services (IIS) authentication to secure ASP.NET applications. This is the default authentication mode in ASP.NET and it is set in web.config file of the application.

Windows Authentication uses the security features of Windows clients and servers. Unlike Basic authentication, initially, it does not prompt users for a user name and password. The current Windows user information on the client computer is supplied by the web browser through a cryptographic exchange involving hashing with the Web server. If the authentication exchange initially fails to identify the user, the web browser will prompt the user for a Windows user account user name and password.

Windows authentication is generally used if the users accessing the application belong to same organization.

This authentication method uses Windows accounts for validating users' credentials. This type of authentication is very good for intranet Web sites where we know our users.