This documentation is archived and is not being maintained.

ASP.NET Authentication

Authentication is the process of obtaining identification credentials such as name and password from a user and validating those credentials against some authority. If the credentials are valid, the entity that submitted the credentials is considered an authenticated identity. Once an identity has been authenticated, the authorization process determines whether that identity has access to a given resource.

ASP.NET implements authentication through authentication providers, the code modules that contain the code necessary to authenticate the requestor's credentials. The topics in this section describe the authentication providers built into ASP.NET.



Windows Authentication Provider

Provides information on how to use Windows authentication in conjunction with Microsoft Internet Information Services (IIS) authentication to secure ASP.NET applications.

Forms Authentication Provider

Provides information on how to create an application-specific login form and perform authentication using your own code. A convenient way to work with forms authentication is to use ASP.NET membership and ASP.NET login controls, which together provide a way to collect user credentials, authenticate them, and manage them, using little or no code. For more information, see Managing Users by Using Membership and ASP.NET Login Controls Overview.

You might also consider using Windows Live ID for user authentication. For information about how to use Windows Live ID to authenticate users for you website, see Windows Live ID SDK.

ASP.NET Web Application Security

Provides links to additional topics that describe how to secure your ASP.NET Web applications.

ASP.NET Configuration Overview

Provides links to topics on how to use configuration files and the configuration API to manage the run-time behavior of ASP.NET.