Interview answers verified by specialists.
Find interview questions and answers on this website:
ASP.NET runs inside the process of IIS due to which there are two authentication layers which exist in the system. First authentication happens at the IIS level and the second at ASP.NET level per the WEB.CONFIG file. Working: At first, IIS ensures that the incoming request is from an authenticated IP address. Otherwise the request is rejected. By default IIS allows anonymous access due to which requests are automatically authenticated. However, if this is changed, IIS performs its own user authentication too. ASP.net checks if impersonation is enabled if a request is passed to ASP.net by an authenticated user. If it is enabled, ASP.net acts itself as an authenticated user else it acts with its own configured account. Finally the OS resources are requested by the identity obtained from previous step. The user is granted the resources if the authentication is successful else the resources are denied. Resources can include ASP.net page, code access security features to extend authorization step to disk files, registry keys, etc.