ASP.NET Security tutorial / PDF

ASP.NET Security tutorial / PDF








ASP.NET Security tutorial / PDF













Building a Secure Web Site
nThree Categories of Web Security:
Content freely available to everyone (public).
Serve the general population but require a login (application-level security, protected).
Intranet sites for a controlled population of users — a company’s employees (private).

nSecurity Issues:
Application-level security (users).
Deployment security (programmers).

nWeb Security Components:
Authentication identifies the originator of requests (who).
Authorization defines who can access which pages (what).

Authentication

nASP.NET supports three types of authentication:
Forms (Page-wide)
Windows (Machine-wide)
Passport (Internet-wide)
None
nWeb.config
     
       
 
Note:
nThe authentication mode is an application-wide setting that can be set only in the 
application root and can’t be overridden in subordinate Web.config files.
nYou can’t use Windows authentication in one part of an application and forms 
authentication in another.

Authorization

nASP.NET supports two forms of authorization:
ACL (access control list) authorization, also known as file 
authorization, based on file system permissions, typically used with 
Windows authentication.
URL authorization, relies on configuration directives in Web.config 
files, most often used with forms authentication.

Three Typical Security Scenarios  for Web Applications

Pages can be freely browsed by any: no application-level 
security
Intranet application: use Windows authentication and ACL 
authorization.
Internet application with secure page access: use forms 
authentication and URL authorization....



























ASP.NET Security tutorial / PDF

0 commentaires:

Inscription à : Publier les commentaires (Atom)