Authentication and Authorization in ASP.NET

Authentication and Authorization are two interrelated security concepts.
Authentication is knowing the identity of the user. For example, Alice logs in with her username and password, and the server uses the password to authenticate Alice. It prove genuineness.
Authorization is deciding whether a user is allowed to perform an action. For example, Alice has permission to get a resource but not create a resource.It is the process of granting approval or permission on resources.

Types of authentication and authorization in ASP.NET

There are three ways of doing authentication in ASP.NET:-
Windows authentication: - In this methodology ASP.NET web pages will use local windows users and groups to authenticate and authorize resources.
Forms Authentication: - This is a cookie based authentication where username and password are stored on client machines as cookie files or they are sent through URL for every request. Form-based authentication presents the user with an HTML-based Web page that prompts the user for credentials.
Passport authentication :- Passport authentication is based on the passport website provided
by the Microsoft .So when user logins with credentials it will be reached to the passport website ( i.e. hotmail,devhood,windows live etc) where authentication will happen. If Authentication is successful it will return a token to your website.  
None :- No Authentication provided. This is the default Authentication mode.

In the web.config file of your application, you can specify the Authentication mode as shown below : - 



ASP.NET allows two ways to authorize access to a given resources: -

. URL authorization
URL authorization maps users and roles to URLs in ASP.NET applications
. File authorization
File authorization validate the ACL (access control list) of the .aspx or .asmx handler file to determine whether a user should have access to the file.




SOAP Vs REST Services

REST stands for Representational State Transfer.
SOAP stands for Simple Object Access Protocol.
Only main difference is that How Client accesses our Service.
Normal WCF service runs on the SOAP format but when we create REST service then client can access your service in different architecture style like JSON.

REST uses4 HTTP methods to insert/delete/update/retrieve information which is below:
GET - Retrive a specific representation of a resource
PUT - Creates or updates a resource with the supplied representation
DELETE - Deletes the specified resource
POST - Submits data to be processed by the identified resource

WCF
1. It is also based on SOAP and return data in XML form.
2. It is the evolution of the web service(ASMX) and support various protocols like 3. TCP, HTTP,
    HTTPS, Named Pipes, MSMQ.
4. The main issue with WCF is, its tedious and extensive configuration.
5. It is not open source but can be consumed by any client that understands xml.
6. It can be hosted with in the applicaion or on IIS or using window service.

WCF Rest
1. To use WCF as WCF Rest service you have to enable webHttpBindings.
2. It support HTTP GET and POST verbs by [WebGet] and [WebInvoke] attributes respectively.
3. To enable other HTTP verbs you have to do some configuration in IIS to accept request of that
    particular verb on .svc files
4. Passing data through parameters using a WebGet needs configuration. The UriTemplate must be
    specified
5. It support XML, JSON and ATOM data format.

Web Service is an abstract term encompassing a large variety of data providers for distributed systems. Perhaps you are referring to ASMX web services, which can still be found in the wild but aren't really widely used in new development these days.

WCF Service is Microsoft's implementation of SOAP. There are others implementations or you could roll your own (not recommended).
SOAP is a kind of stateful, session-based, message-based web service. It's good if your service is designed as a set of complex actions.

REST is a stateless, sessionless, resource-based web service. It's good if your service is designed to access data and perform simple CRUD operations on it. SOAP and REST are mutually exclusive. A service cannot be both. There are ways to manipulate vanilla WCF to make is RESTful but these techniques are becoming deprecated. If you want to implement a RESTful web service there are two main choices in the Microsoft world: WCF Data Services and ASP.NET Web API..

SOAP

Without getting too deep into its history, Simple Object Access Protocol (SOAP) is a Microsoft invented protocol that was meant to create a structured way of sending and receiving data over the wire.  This protocol is one of the main foundations of WCF and utilizes XML to create services with typed data and methods.  In the typical scenario, a Web Services Description Language (WSDL) file is created from service code and is provided, usually through a static URL, to the client.  The client uses this WSDL file to understand what methods are available on the service, how to call them, and what the classes of the returned objects will be.  This is a very action-driven model that focuses on what actions a service is a capable of performing.

REST

REpresentational State Transfer (REST) is not a protocol, but an architecture and design pattern for building and calling web services.  This is the pattern that Web API was designed to utilize to build web services.  It is a very resource-driven architecture that exposes endpoints based on objects and not functions.  RESTful services also make use of the standard HTTP methods and constructs to exchange data; using GET, POST, PUT, DELETE, and sometimes PATCH a caller can denote which action to perform on the object being accessed at the requested endpoint.  Query parameters and content in the body of the request can also provide ways to pass parameters to the service.