Authentication options for multiple scenarios

There are many types of scenarios that we have around ASP.NET and Authentication.  You can see a number of the solutions we have at ASP.NET Authentication and a good talk about them at ASP.NET Wiki: Security: Authentication and Authorization.  We also have Using Forms Authentication with ASP.NET AJAX.

But there are some other requirements that may come into play that aren’t really discussed with these solutions.

What if you require a higher level of authentication

For example, the two-factor authentication as described by RSA.  In this case, it requires two of the following three things:

  • Something known, like a password
  • Something possessed, like your ATM card
  • Something unique about your appearance or person, like a fingerprint.

So with ASP.NET, you can use our membership provider to work in conjunction with RSA and accomplish this.  There are other providers that can also solve this type of authentication requirement.

What if you want to have an offline authentication story

One way to solve this if you are using ASP.NET Forms Authentication is to copy the SQL tables and stored procedures down to the client computers so that when someone logs in offline, they can still be authenticated.  This is good if you know who the clients are and so you can allow a “trusted” client to have this data on their machine.  Another way to solve this is to use RSA authentication when logging into the computer and then just use Windows Authentication to know what user you are working with.

Another solution, if you are using a Smart Client type of application is to use the steps outlined here.  This allows you to use ASP.NET AJAX application services to authenticate and in offline mode, all service requests automatically go to the local cache without requiring changes to your code.

Feel free to post other solutions to these if you have them.  Or if you have other scenarios that it would be useful to discuss.  For instance, we could certainly talk about Windows CardSpace here.

kick it on DotNetKicks.com

Published 07 April 08 10:49 by Tom
Filed under: ,

Comment Notification

If you would like to receive an email when updates are made to this post, please register here

Subscribe to this post's comments using RSS

Comments

# DotNetKicks.com said on April 7, 2008 10:50 AM:

You've been kicked (a good thing) - Trackback from DotNetKicks.com

# Josh Coswell said on April 7, 2008 5:20 PM:

This gives me more latitude with asp.net authentication.

Thanks

Josh Coswell

http://riverasp.net

# Graham said on January 22, 2009 4:43 AM:

Here is link to RSAs two-factor solution for IIS

http://www.rsa.com/node.aspx?id=2806

Leave a Comment

(required) 
(optional)
(required) 

Search

Go

This Blog

All my posts are provided "AS IS" with no warranties, and confer no rights. All the expressions expressed herein are entirely my own and not necessarily those of Microsoft. In addition, thoughts and opinions often change. Because a weblog is intended to provide a semi-permanent point-in-time snapshot, you should not consider out of date posts to reflect current thoughts and opinions.

Your country's flag: IP Address Lookup





See who links to this blog

Add to Technorati Favorites

site statistics

Technology Blogs - BlogCatalog Blog Directory

Technology
Top Blogs

BlogRankers.com

BRDTracker



Syndication

Page view tracker