Credentials

Previous page
Table of content
Next page

Recall that in user -based security, the authentication question centers on the identity of the user. Credentials are used to prove who the user is. A credential might be a password, a smart card, or a biometric device. Credentials are verified by some security authority, such as Windows or ASP.NET.

In certain cases it may be justifiable to provide unverified access to certain resources. This is known as anonymous access, which is often used for public access to ASP.NET resources.

In user-based security, the authorization question centers on whether or not the identity can perform the attempted action. The principal is then compared to a list of rights to determine whether the access is permitted. For example, at the file-system level, when you access a file, the username is compared against an ACL for the desired action to determine whether the file access is granted.

In a multitier architecture, the identity under which the server executes is often very powerful, and you want to restrict the ability of the client that makes requests to some subset of privileges that the server has. In this case the server can impersonate the client, effectively reducing the privileges to a safer level. In the case of anonymous access, the server does not even know who the actual client is. In this case it makes sense to use a specially devised user account for anonymous access, with special care taken in the determination of rights assigned to the anonymous user.

Network Credentials

Credentials can be obtained from an authentication service over the network. The ICredentials interface, which is defined in the System.Net namespace, has one method named GetCredential , which is used for this purpose. The GetCredential method takes a first parameter containing a URI that specifies the location of an authentication service on the network. The second parameter is a string that provides the type of authentication that is desired. The GetCredential method returns a NetworkCredential instance that contains the credentials associated with the specified URI and authorization scheme. When no credentials are available, the GetCredential method returns a null reference. 

 NetworkCredential GetCredential(    Uri uri,    string authType );

There are only two classes that implement the ICredentials interface: CredentialCache and NetworkCredential. CredentialCache provides storage for a set of multiple credentials. [16] NetworkCredential provides credentials for password-based authentication schemes such as NTLM and Kerberos. The following code snippet gives a general idea of how this technique works.

[16] You can use CredentialCache.DefaultCredentials to use the current thread context for credentials based on NTLM and Kerberos. 

 NetworkCredential nc = new NetworkCredential(    "JoeUser","MyPassword","SomeDomain"); CredentialCache cc = new CredentialCache(); cc.Add(new Uri("www.xyz.com"), "Basic", nc); WebRequest wr = WebRequest.Create("www.xyz.com"); wr.Credentials = cc;

Previous page
Table of content
Next page
.NET Security and Cryptography
.NET Security and Cryptography
ISBN: 013100851X
EAN: 2147483647
Year: 2003
Pages: 126
Authors: Peter Thorsteinson, G. Gnana Arun Ganesh
BUY ON AMAZON
FileMaker Pro 8: The Missing Manual
C & Data Structures (Charles River Media Computer Engineering)
Pocket Guide to the National Electrical Code(R), 2005 Edition (8th Edition)
Professional Struts Applications: Building Web Sites with Struts ObjectRelational Bridge, Lucene, and Velocity (Experts Voice)
The Lean Six Sigma Pocket Toolbook. A Quick Reference Guide to Nearly 100 Tools for Improving Process Quality, Speed, and Complexity
GDI+ Programming with C#
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy