Authentication and Authorization

Slides:



Advertisements
Similar presentations
Forms Authentication, Users, Roles, Membership Ventsislav Popov Crossroad Ltd.
Advertisements

Forms Authority Database Store Username and Passwords: ASP.NET framework allows you to control access to pages, classes, or methods based on username and.
ASP.Net Security Chapter 10 Jeff Prosise’s Book. Authentication To ascertain the caller’s identity –Windows authentication –Forms authentication –Passport.
ASP.NET Web Application Security Hannes Preishuber ppedv AG
ASP.NET Security MacDonald Ch. 18 MIS 424 MIS 424 Professor Sandvig Professor Sandvig.
Authenticating Users in an ASP.NET Application. Web Site Administration Tool From VS 2008, click Website/ ASP.Net Configuration to open Web Site Administration.
Website Security ISYS 512. Authentication Authentication is the process that determines the identity of a user. Web.config file – node Options: –Windows.
Microsoft ASP.NET Security Venkat Chilakala Support Professional Microsoft Corporation.
Building ASP.NET Applications 2 Lecture 3,4 T. Ahlam Algharasi 4 th Level.
Membership, Role Manager and Profile Membership, Role Manager and Profile Matt Gibbs ASP.NET Development Manager.
ASP.NET 2.0 Chapter 6 Securing the ASP.NET Application.
Chapter 13 – Site Security. Internet Information Server ASP.NET Applications.NET Framework Windows NT/2000 Operating System Forms Passport Windows Certificates.
Website Security ISYS 512. Cookies Data in Cookies System.Web Which web site set the cookie Expiration date –DateTime data type –TimeSpan data type One.
Building Applications using ASP.NET and C# / Session 14 / 1 of 18 Session 14.
Jonas Thomsen, Ph.d. student Computer Science University of Aarhus Best Practices and Techniques for Building Secure Microsoft.
Delivering Excellence in Software Engineering ® EPAM Systems. All rights reserved. ASP.NET Authentication.
1 ASP.NET SECURITY Presenter: Van Nguyen. 2 Introduction Security is an integral part of any Web-based application. Understanding ASP.NET security will.
Session 11: Security with ASP.NET

Forms Authentication, Users, Roles, Membership Svetlin Nakov Telerik Corporation
MCSE Guide to Microsoft Exchange Server 2003 Administration Chapter Four Configuring Outlook and Outlook Web Access.
1.NET Web Forms Security Issues © 2002 by Jerry Post.
Telerik Software Academy ASP.NET Web Forms.
© FPT SOFTWARE – TRAINING MATERIAL – Internal use 04e-BM/NS/HDCV/FSOFT v2/3 Securing a Microsoft ASP.NET Web Application.
1 Web services and security ---discuss different ways to enforce security Presenter: Han, Xue.
SSL, Single Sign On, and External Authentication Presented By Jeff Kelley April 12, 2005.
.Net and Web Services Security CS795. Web Services A web application Does not have a user interface (as a traditional web application); instead, it exposes.
1 CS 3870/CS 5870: Note 11 Authentication and Authorization Membership Provider.
Dr. Mustafa Cem Kasapbaşı Security in ASP.NET. Determining Security Requirements Restricted File Types.
Effective Security in ASP.Net Applications Jatin Sharma: Summer 2005.
PROG Advanced Web Applications With.NET PROG Advanced Web Applications With.NET User Authentication & Authorization.
1 CS 3870/CS 5870: Note 07 Lab 3 Lab 4 Test 1: Two Tables.
Module 11: Securing a Microsoft ASP.NET Web Application.
Slide 1 ASP Authentication There are basically three authentication modes Windows Passport Forms There are others through WCF You choose an authentication.
Module 7: Creating a Microsoft ASP.NET Web Application.
What is Web Site Administration Tool ? WAT Allow you to Configure Web Site With Simple Interface –Manage Users –Manage Roles –Manage Access Rules.
Web Database Programming Week 7 Session Management & Authentication.
Role Management in.NET Shree Shalini Pusapati CS /17/20151.
MEMBERSHIP AND IDENTITY Active server pages (ASP.NET) 1 Chapter-4.
IIS and.Net security -Vasudha Bhat. What is IIS? Why do we need IIS? Internet Information Services (IIS) is a Web server, its primary job is to accept.
1 CS 3870/CS 5870: Note 12 Authentication and Authorization Membership Provider.
From “Control Panel”, launch “Programs and Features” then select “Turn Windows features on or off” Lab 2: Setup Lab Environment.
Security E-Learning Chapter 08. Security Control access to your web site –3 Techinques for Identifying users Giving users access to your site Securing.
Configuring and Deploying Web Applications Lesson 7.
1 CS 3870/CS 5870: Note 14. Prog5 Due 10 PM Wednesday, Oct 21 Authentication and Authorization 2.
1 CS 3870/CS 5870: Note 12 Membership Class. 2 Logging in User Programmatically If Membership.ValidateUser(txtUserName.Text, txtPassword.Text) Then FormsAuthetication.RedirectFromLoginPage(...)
Security. Agenda ASP.NET security basics AuthenticationAuthorization Security principals Forms authentication Membership service Login controls Role Management.
Part 2.
Working with ASP.NET Controls What is ASP.NET Using server controls in your pages Allowing users to create their own accounts Creating a login page Letting.
ASP.NET 2.0 Security Alex Mackman CM Group Ltd
Security In your webSite.
Unit 7 Learning Objectives
Securing your ASP.NET Website
Agenda Introduction Security flow for a request Authentication
Authentication and Authorisation in ASP.Net
ASP .NET MVC Authorization Training Videos
Session Variables and Post Back
Security Basics and ASP.NET Support
Jim Fawcett CSE686 – Internet Programming Summer 2005
ASP.NET Web Configuration File
Security mechanisms and vulnerabilities in .NET
ASP.NET Application Framework
CS 3870 Prog6 Roles Management Due Monday, November 5 Group Assignment.
Introduction to .net Impersonation
Created by : Asst. Prof. Ashish Shah
SINGLE SIGN ON AND SECURITY
ASP.Net Security Framework
Role Management in .net Vinay Dhareshwar.
AUTHENTICATION.
Security - Forms Authentication
Presentation transcript:

Authentication and Authorization CS 3870/CS 5870: Note 11 Authentication and Authorization Membership Provider

Membership Provider Authentication Authorization To identify the user Authorization To give permission to the user Membership Provider ASP.NET approach for Authentication and authorization

Web.Config Machine.config Machine level settings Default settings for all Web applications Application Web.config Under the application main Web site directory Apply to the entire application Overwrite some settings set in Machine.config Local Web.config Each folder under the main Web site can have its own Web.config file Overwrite some settings set in higher level Web.config Not every setting can be set in local Web.config AUTHENTICATION must be set in application Web.config AUTHORIZATION can be different for different folders Page Directives Apply to the page only Overwrite settings set in Web.config

Machine.config on Xray C:\Windows\Microsoft.NET\Framework\v4.0.30319\Config <membership> <providers> <add name="AspNetSqlMembershipProvider" type="System.Web.Security.SqlMembershipProvider, System.Web, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" connectionStringName="LocalSqlServer" enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="true" applicationName="/" requiresUniqueEmail="false" passwordFormat="Hashed" maxInvalidPasswordAttempts="5" minRequiredPasswordLength="7" minRequiredNonalphanumericCharacters="1" passwordAttemptWindow="10" passwordStrengthRegularExpression=""/> </providers> </membership>

Machine.config on Xray C:\Windows\Microsoft.NET\Framework\v4.0.30319\Config <connectionStrings> <add name="LocalSqlServer" connectionString="data source=.\SQLEXPRESS;Integrated Security=SSPI;AttachDBFilename=|DataDirectory|aspnetdb.mdf; User Instance=true" providerName="System.Data.SqlClient"/> </connectionStrings>

Web.Config Application Configuration File in the main web site <system.web> <authentication mode="Forms" > <forms name="formsAuth" loginUrl="Prog5/login.aspx" path="/" requireSSL="false" slidingExpiration="true" protection="All" defaultUrl="~/Prog5/Default.aspx" timeout="30" cookieless="UseDeviceProfile" /> </authentication> </system.web>

Authentication To identify the user Four Modes Windows: IntraNet Forms : Internet Passport: MS None

Forms Based Authentication name : cookie's name loginUrl : default is login.aspx path : the location to save the cookie, default is / protection: the amount of protection applied to the cookie Encryption Validation All (both, default) None timeout : minutes (default 30) a durable cookie could be issued

Forms Based Authentication defaultUrl: if the user requests the login.aspx page Otherwise, go to the requested page requiresSSL: credential be sent over an encrypted wire (SSL) slidingExpiration: timeout of the cookie is on a sliding scale cookieless: UseDeviceProfile: default UseCookies: require to use cookies UseUri: force to store credential within Uri AutoDetect: sending a test cookie first

Form Login Create form Login in the main Web site folder Add control Login from tab Login All pages are still accessible to the public

Authorization Application Configuration File in the main folder </system.web> <authentication mode="Forms"> </authentication> <authorization> <deny users="?" /> </authorization>

Authorization Application Configuration File in the main folder </system.web> <authentication mode="Forms"> </authentication> <location path=“Prog5"> <system.web> <authorization> <deny users="?" /> </authorization> </location> <!–- could have multiple locations -->

Control CreateUserWizard Add a form CreateUser.aspx under the main folder Add control CreateUserWizard Toolbox/Login Create one user UserName: csse Password: cs3870@UWP Your email Your choices for others

Event ContinueButtonClick In CreateUser.aspx.vb Select CreateUserWizard1 Select event ContinueButtonClick Code Response.Redirect(“Prog5/Login.aspx")

Authorization <deny users="*" /> <allow users="*" /> <allow users="[comma separated list of users]" roles="[comma separated list of roles]" verbs="[comma separated list of roles]"/> <deny users="[comma separated list of users]" * : everyone ? : anonymous verbs: POST, GET, HEADER, DEBUG

Other Login Controls Toolbox/Login ChangePassword LoginName LoginStatus LoginView PasswordRecovery

Prog5MasterPage Add LoginName and LoginStatus

Correct All Mistakes of Prog4 If you make the same mistakes in Prog5 as you did in Prog4, the number of points you lose will be doubled!

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.