To restrict access to users for certain resources of an application, a process of identifying users becomes a necessity. Authentication enables to restrict a user to access resources by certain ways. It could be a combination of a username and password, a digital certificate, a smart card or a fingerprint reader. The validity of information provided by user helps identify user, so that user is provided access to requested resources. The process of successful identification of user implies that user is authenticated.

After identification of user is over, next step is to determine whether authenticated user has access to resources. The process of determining access to resources for a particular user is known as Authorization. In Windows based systems, resources have an Access Control List, which provides a list of users who have access to that resource. The list also specifies kind of access such as read, write, modify, and delete resource, for each user. For example, if a user requests an ASP page, operating system checks whether user has Read access to page and if user has read permission, then operating system allows IIS to fetch page. The IIS has authorization settings which enable IIS to control access of resources by users. File Access Control Lists are set for a given file or directory using Security tab in Explorer property page.

To access online version of above article, go to http://www.dotnet-guide.com/accesscontrol.html

Just as you have created a ASP.NET Custom Server Controls you can customize it too to create a unique identity. You can even consume a single ASP.NET Custom Server Controls for multiple web forms. For ASP.NET Custom Server Controls only one copy of control is needed in Global Assembly Cache (GAC). Moreover, ASP.NET Custom Server Controls are very helpful if you want a dynamic layout for your web application.

To access online version of above article, go to http://www.dotnet-guide.com/customcontrols.html