When
a user requests a web page, there exists a process of security too, so that
every anonymous user is checked for authentication before gaining access to the
webpage. The following points are followed in the sequence for authentication
when a client attempts a page request:
·
A
.aspx web page residing on an IIS web server is requested by an end user
·
IIS
checks for the user's credentials
·
Authentication
is done by IIS. If authenticated, a token is passed to the ASP.NET worker
process along with the request
·
Based
on the authentication token from IIS, and on the web.config settings for the
requested resource, ASP.NET impersonates the end user to the request thread. For
impersonation, the web.config impersonate attribute's value is checked.
