Sams Teach Yourself ASP.NET in 21 Days, Second Edition
By Chris Payne
Table of Contents
Day 21.  Securing Your ASP.NET Applications

You learned about a lot of security topics today. In ASP.NET, security is implemented in three stages. First there's authentication, which ensures that users are who they say they are. Authorization controls access to resources. And impersonation allows ASP.NET to use Windows access control lists (ACLs) to control access.

Authentication is implemented in three different ways: Windows, Forms, and Passport. Windows authentication relies on IIS to authenticate users, and it can be accomplished using three separate methods: basic, digest, and integrated Windows (also known as NTLM). The basic method simply sends user credentials across the network unencrypted, whereas the digest method encrypts the credentials first. Integrated Windows authentication relies on both server and client containing the Windows operating system, and sends Windows logon information across the network, without asking for credentials from the user.

Forms authentication allows developers to build custom authentication mechanisms, with help from the built-in FormsAuthentication object. Passport authentication is a centralized authentication service provided by Microsoft that requires subscription and a fee.

Authorization is implemented in two different ways: via files, and via URLs. The former relies on Windows access control lists to determine user permissions on a per-file and directory level. URL authorization maps users and roles to directories specified in the requested URL. The deny and allow elements in web.config control which users have access to which resources. The location element provides additional granularity in controlling access.

Impersonation allows ASP.NET to take on the identity of its users. This allows it to use Windows ACLs to control access, thereby letting you implement security with a minimal amount of coding.


    Sams Teach Yourself ASP. NET in 21 Days
    Sams Teach Yourself ASP.NET in 21 Days (2nd Edition)
    ISBN: 0672324458
    EAN: 2147483647
    Year: 2003
    Pages: 307
    Authors: Chris Payne © 2008-2017.
    If you may any questions please contact us: