Do you know that? 33% like freelancing because no office dress code next

Describe how the ASP.NET authentication process works.

ASP.NET runs inside the process of IIS due to which there are two authentication layers which exist in the system.

First authentication happens at the IIS level and the second at ASP.NET level per the WEB.CONFIG file.


At first, IIS ensures that the incoming request is from an authenticated IP address.
Otherwise the request is rejected.

By default IIS allows anonymous access due to which requests are automatically authenticated.

However, if this is changed, IIS performs its own user authentication too. checks if impersonation is enabled if a request is passed to by an authenticated user. If it is enabled, acts itself as an authenticated user else it acts with its own configured account.

Finally the OS resources are requested by the identity obtained from previous step.
The user is granted the resources if the authentication is successful else the resources are denied.

Resources can include page, code access security features to extend authorization step to disk files, registry keys, etc.