Summary


In this chapter, we've tackled a topic that is often considered to be the most difficult part of building ASP applications, and often doesn't get the attention it deserves (and, from a security point of view, requires ). As you've hopefully gathered from the theory, explanations , and examples, ASP.NET makes it much easier to set up a secure web site or application to suit every kind of common scenario. But remember that security as a whole involves a lot more than just the topics we've covered here “ you also need to consider physical network and server security implications, as well as application security settings and configuration. If in doubt, get an expert in!

Web application security is based around the three fundamental concepts of authentication (forcing a user to prove that they are who they say they are), authorization (checking if the user has permission to access the resource they requested ), and impersonation (allowing applications to be executed under the context of a different user).

You looked at each topic in turn , and saw how they are implemented and configured in IIS, in Windows 2000, Windows Server 2003, and in ASP.NET. You also saw the whole chain of events that occur as part of the overall process, and the various access control options that they provide.

We then concentrated on ASP.NET security configuration, and saw how the three fundamental concepts are implemented through the web.config files you place in your application folders. We completed this chapter with some examples of creating and configuring secured applications using the various techniques:

  • Configuring a web application using Windows authentication.

  • Accessing the user's identity within this application.

  • Accessing the user's role within this application.

  • Configuring a web application using forms-based authentication.

  • Using different types of user credentials lists.

  • Accessing the user's identity within this application.

  • A simple personalization example.

In the next chapter, we start an in-depth look at some of the base classes that are provided by the framework. In particular, we'll investigate data structures such as collections and lists.




Professional ASP. NET 1.1
Professional ASP.NET MVC 1.0 (Wrox Programmer to Programmer)
ISBN: 0470384611
EAN: 2147483647
Year: 2006
Pages: 243

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net