Search Search

#1 worldwide
FREE Coding Lessons
since 1996
   THE BEST WAY to learn ASP & Asp.net!
Advertise Here!
click for details 		Credits Host:
DiscountASP.net 		Server Admin:
The "Team" 		Contact Info.
Charles M. Carroll
my Blog
[prev. Lesson]  Authentication and Security
     [next Lesson]  Authenticate: Comparison by Kevin Flick

Authentication Overview
written and ©1998, 99 by Kevin Flick www.flicks.com creator of Authentix

What is Authentication?

Let's assume you want to restrict access to selected portions of your website. For example, you might have valuable information, such as real-time stock quotes (like Reuters or Datastream), or you want to charge a monthly fee in order to access your database.
In these cases, you want to let people in, but only after checking that visitors have used an authorized username and password. Additionally, you might want to provide access to the bulk of your website for the simple price of a visitor's email address, creating an effective method for tracking visitors.

Asking a visitor for their username and password (or their credentials) is called Authentication. On the world wide web, the oldest and most widely supported authentication method is Basic Authentication.

What are my choices?

Assuming you have the latest and greatest IIS, you have several choices when working with authentication including:

  • IIS NT Challenge Response
    A good choice if if you are on a Windows Network, you can require the use of IE, and there's no proxy-server between the browser and the server.
  • IIS Basic Authentication
    Can expose your NT usernames and passwords unless all connections are over SSL.
  • A Basic Authentication filter such as AuthentiX
    Cannot compromise NT accounts. High performance, large numbers of users. Can validate against ODBC or internal database. Many advanced features.
  • Write your own filter
    Flexible, but resource intensive to build.
  • Cookie Based Authentication with ASP pages
    Only protects ASP pages. Can be slow. Requires cookies. Cookie-based systems can be susceptible to spoofing.
  • Self-Authenticating ISAPI dlls, CGI-scripts using Basic Authentication.
    Good performance, all content generated though a single URL. Doesn't use conventional directory/file/html format.
  • Certificate based.
    Secure, but intimidating for webmasters and surfers alike. Requires SSL.
There are many worthy charities!!. But perhaps help starving children in Africa or South America AND help Charles too. a $5 tip buys him lunch at McDonalds, a $20 tip buys his kid Hitoshi a new computer game, a $39 tip buys his daughter Michiko a few nice outfits. See our donor list.