Businesses are investing in software applications to automate business processes or to support employees in their roles. That means applications need to be able to reflect the roles you play in your organization and only allow you to do things you have authority for in real life. A time and expense system is a good example. Employees working on a project should be able to enter time and expenses against it. But only the Project Manager should be allowed to approve time and expenses or create new projects. And only the finance department should be able to cut checks.
.NET is a new and innovative architecture that has a wide variety of uses. It makes mobile devices, connectivity and information a lot more accessible and easy to handle. It's a programming infrastructure for the internet and a whole new user experience.
ASP.NET is a web application framework developed and marketed by Microsoft to allow programmers to build dynamic web sites, web applications and web.
The .NET framework makes it very easy to implement Role-Based security in your application. Enforcing security consists of two parts,
1. Authentication and
2. Authorization.
Authentication is the part of verifying your identity. The application verifies that you are the person you claim to be. It could be achieved by username and password for verification person's authentication.
Authorization is determining whether or not a user has the permission to perform an action in the application. Authorization relies on knowing the identity of the user and being able to find the security information associated with that user. When a user wants to access some information first its authentication is checked then if it results to be right then the authorized user is allowed to access the required information.
The figure given above describes the process applied for authentication and authorization. Firstly all possibilities are checked before providing the access to the user. Finally either the access is provided or it would return without any output .
The .NET framework provides access to the user through an identity and authorization access through a principal.