How many different type of authentications exist in asp.net or web api project

Question

User264732274 posted

i am only familiar with form authentication. beside form authentication tell me list of names of other authentication scheme for asp.net or web api project.

now identity is used for authentication. identity is form authentication or claim authentication ?

token is claim based authentication system ?

how claim authentication system is different from form authentication

Answer 1

User-219423983 posted

Hi sudip_inn,

how claim authentication system is different from form authentication

For better understanding the claims-based authentication, I suggest you’d better first look at the real life example “A man goes the Bar with Age validation” in the following thread. The third way is a claims-based authentication and the second way could be considered to Form authentication. I think you could think that the authentication “claims-based authentication” happens in the third party and the form authentication happens in the application itself.

http://stackoverflow.com/questions/6786887/explain-claims-based-authentication-to-a-5-year-old

now identity is used for authentication. identity is form authentication or claim authentication ?

The ASP.NET Identity is a framework that support both the Form authentication and claims-based authentication. For this, you could read the following link.

http://www.asp.net/identity/overview/getting-started/introduction-to-aspnet-identity

token is claim based authentication system ?

The token is an identification that comes from third party. The  claim based authentication system is consumer of Token. You could have a look at the following image and the following link.

https://msdn.microsoft.com/en-us/library/ff359108.aspx

Best Regards,

Weibo Zhang

Answer 2

User264732274 posted

from your stackoverflow link it seems Claims Based Authentication is 3rd party auth system like open auth.......am i right?

if i am right then what is the difference between Claims Based Authentication and open auth ? both are same ? if yes then why two different term should be used to call?

what is role based auth ? can i call form auth is role based auth ?

you also did not say how many different type of authentication system exist for dotnet based web application.

please clarify. thanks

Answer 3

User264732274 posted

still got no answer for different type of authentications exist in asp.net or web api project.

here i have some query on the same.

i am only familiar with form authentication. so tell me what others authentication scheme exist for mvc project which we can use ?

what is claim based auth ?

claim based auth is 3rd party auth system ?

we can implement in web site like form auth ?

if claim based auth is 3rd party auth then how it is different from open id or open auth system like facebook, google auth provider.

we use membership or identity to validate user and after validation give user permission to access protected pages . so tell me membership or identity is one kind of advance form authentication or is it totally different technology ?

i heard various term regarding authentication like form auth, token auth, identity, membership, open id, open auth, oauth, social login system. i am very much confused about those term. i want to know briefly about them and also like to know how they work and how they are different from each other.

i search google a lot but not getting any right tutorial which explain all above auth related term properly. so i need some one's help who would nice explain all the above terms and also explain how they works and how they are different from each other. also explain when people use which one.

looking for guidance. thanks

Answer 4

User-219423983 posted

Hi sudip_inn,

The key point to understand the Claims Based Authentication is that the application does not know and don’t need to care how the user was authenticated, nor how the authorizations are administrated, it only uses the information from the claims in the signed token to determine who the user is and/or what the user may see or do and/or any other information about the user. The 3-party could come from your own database, it could also come from real 3-party, such as Microsoft, Google etc.

OAuth is a specific protocol by which one web site can obtain user consent to access their private data on another web site.

For more things about the differences between Claims authentication and OAuth, you could have a look at below thread.

http://stackoverflow.com/questions/2847638/difference-between-claims-vs-oauth

About the difference differences between Claims authentication and Role based authenction, you could have a look at below thread.

http://stackoverflow.com/questions/22814023/role-based-access-control-rbac-vs-claims-based-access-control-cbac-in-asp-n

About how to use the claims authentication in MVC or Web API, this below link provides a demo and you’d better learn it.

http://bitoftech.net/2015/03/31/asp-net-web-api-claims-authorization-with-asp-net-identity-2-1/

Best Regards,

Weibo Zhang

Answer 5

User264732274 posted

thanks for reply

from your brief explanation about claim auth it seems it is 3rd party auth. i have seen people login to asp.net forum with google or facebook credentials. this kind of auth is claim based auth or is it called OAuth ?

please let me know.

to implement claim auth for our specific web site do i need to talk to other web site like facebook or google etc ?

please answer as a result i could ask few more questions on claims. thanks

Answer 6

User-219423983 posted

Hi sudip_inn,

i have seen people login to asp.net forum with google or facebook credentials. this kind of auth is claim based auth or is it called OAuth ?

OAuth is an open protocol to allow secure authorization in a simple and standard method from application, it’s a protocol. While the Claims-based authentication is an architecture which accepts multiple protocols, including OAuth. So, in my opinion, the above kind of authentication would be better called claim based auth.

to implement claim auth for our specific web site do i need to talk to other web site like facebook or google etc ?

Yes, you need to talk to the External Sites. The following article shows a demo to introduce this feature.

http://www.asp.net/mvc/overview/security/create-an-aspnet-mvc-5-app-with-facebook-and-google-oauth2-and-openid-sign-on

Best Regards,

Weibo Zhang

Answer 7

User264732274 posted

what is difference between OAuth and Open ID.........both are same and does the same job or fully different and used in different scenario.

thanks

Answer 8

User264732274 posted

give me few example of oAuth , claim based auth, Open ID etc that guide me to understand what is difference.

i have seen people login to asp.net forum with google or facebook credentials. this kind of auth is claim based auth or is it called OAuth ?

u said above kind of authentication should be called claim based auth not oAuth. so give few oAuth example

thanks