Introduction

There are various types of authentication options available during the creation of any ASP.NET web application in Visual Studio 2013. It depends on the selection project template such as if you select the Empty Project Template to create the web application then the authentication option does not available.

The following are the various types of project templates also available in Visual Studio 2013 to create ASP.NET web applications. These are given below:

• Empty Project Template
• Web Forms Project Template
• MVC Project Template
• SPA Project Template
• Facebook Project Template
• Windows Azure Mobile Services Project Template

You can get the total idea of these templates from the Working with Project Templates in Visual Studio 2013 since we are discussing the authentication options here.

As you know there are various authentication options available in Visual Studio 2013 so that I am describing them in here. The authentication options are given below:

• No Authentication
• Individual User Accounts
• Organizational Accounts
• Windows Authentication

Overview of Authentication

At first let's us understand Authentication. So, what is authentication? Authentication is the process of ensuring the identity of a user for the purpose of authenticating the user to perform the operations in the application. It is applied to ASP.NET applications through the identity provider that is a service that provides the facility to authenticate the users. We can also manage the user accounts using an identity provider. The information of the user may be stored in a database for managing the accounts by the identity provider. Framework 4.5.1 is used in creating the web application in Visual Studio 2013.

Overview of Authorization, Claims and Roles

The Authorization process is started after the application users are authenticated . There are some identity providers available that are used to produce info for the authorization like e-mail, full name and so on. This information is referred as claims.

Each claim is sent by the identity provider to the consuming application in the form of a name-value pair. The claims are sent using the tokens to the application. You can refer to the Claims Overview for better information.

A Role is also a type of the Claim that defines the character of any user; character like Administrator, Editor or Developer. The Roles are used to assign the privileges rather than explicitly giving a user access to any operation. It does not accept the authority by itself; it only checks the role presence for the user.

Getting Started

No Authentication

This authentication is applicable to where all the content is available for the public. As the name describes there is no authentication applied to the application. If the application does not keep track of the users then this authentication is applied. If No Authentication is selected when creating the ASP.NET web application then the application will not include any resources that optional authentication will require, or we can say that there are no web pages available for logging in, no classes for the membership.

We can choose this authentication as in the following:

Individual User Accounts

This authentication is used where the application is to be configured for the the user authentication. It is applied by the ASP.NET Identity. The user can register and create login credentials for the application or users can also even login with their social providers like Facebook, Twitter and so on. The ASP.NET Identity uses the SQL Server LocalDB for storing the user information related data. We can also deploy it to the SQL Server Database  or Azure SQL Database.

In Visual Studio 2013 the features are the same as in Visual Studio 2012 but there are some advantages when applying the code in the Visual Studio 2013. Given below:

• This new membership is based on the OWIN alternately using the ASP.NET Forms Membership. Now we can use the same authentication when working on the MVC or Web Forms in IIS or self hosting Web API.
   
• The Entity Framework is used to manage the database and all tables are represented by the entity classes. We can easily personalize the database schema and migrate the code also.

Note: This can be implemented in the 4.5 Framework or later.

If we are creating an internet website and the website is also accessible by external users then this authentication is useful. We can Change the Authentication mode to Individual User Accounts easily as in the following:

You can use it in creating the ASP.NET web application using Web Forms, MVC and Web API project templates only.

Organizational Accounts

If you choose this authentication then you will pass the credentials of your Active directory or Office 365 for creating the application. Choosing this authentication, the application will configure to use the Windows Identity Foundation for authentication based on user accounts in the Azure Active Directory or Windows Server Active Directory. The WIF framework is used to allow the claims-based authentication to the application that is using the Active Directory.

We can also use the on-premises ADFS accounts for the authentication if the application is running on the Windows Azure.

Windows Authentication

This authentication can used only to the Intranet application. You use Windows account credentials for authenticating the application. If this authentication is applied to the ASP.NET web application then users can authenticate to the application using their Windows Account Credentials, alternatively using to log in explicitly.

As you can see it also displays that this authentication is available for the Intranet application. This Windows Authentication applied application can use the authorization that is based on the predefined security groups and any particular users.

Summary

This article described the various authentication options available in Visual Studio 2013 to authenticate ASP.NET web applications. Thanks for reading the article.