Security In your webSite.

Slides:



Advertisements
Similar presentations
Editorial roles Members of a Manila site can be assigned an editorial role if you want to grant them access to write stories or modify the appearance of.
Advertisements

Forms Authentication, Users, Roles, Membership Ventsislav Popov Crossroad Ltd.
Members Only & Login Modules Members Only works with the Login module to provide password protection to Web pages and files. Login Groups may be created.
ASP.NET Security MacDonald Ch. 18 MIS 424 MIS 424 Professor Sandvig Professor Sandvig.
Authenticating Users in an ASP.NET Application. Web Site Administration Tool From VS 2008, click Website/ ASP.Net Configuration to open Web Site Administration.
Building ASP.NET Applications 2 Lecture 3,4 T. Ahlam Algharasi 4 th Level.
ASP.NET 2.0 Chapter 6 Securing the ASP.NET Application.
1 Chapter Overview Creating User and Computer Objects Maintaining User Accounts Creating User Profiles.
Delivering Excellence in Software Engineering ® EPAM Systems. All rights reserved. ASP.NET Authentication.
1 ASP.NET SECURITY Presenter: Van Nguyen. 2 Introduction Security is an integral part of any Web-based application. Understanding ASP.NET security will.
Edwin Sarmiento Microsoft MVP – Windows Server System Senior Systems Engineer/Database Administrator Fujitsu Asia Pte Ltd
Scottish Legal Aid Board Content Management using OpenCms Martin Spinks CTO Navyblue Tuesday, March 16, 2010.
Reading Data in Web Pages tMyn1 Reading Data in Web Pages A very common application of PHP is to have an HTML form gather information from a website's.
Session 11: Security with ASP.NET
Cookies Set a cookie – setcookie() Extract data from a cookie - $_COOKIE Augment user authentication script with a cookie.
Forms Authentication, Users, Roles, Membership Svetlin Nakov Telerik Corporation
Chapter 13 – Advanced Topics Dr. Stephanos Mavromoustakos.
Robinson_CIS_285_2005 HTML FORMS CIS 285 Winter_2005 Instructor: Mary Robinson.
© FPT SOFTWARE – TRAINING MATERIAL – Internal use 04e-BM/NS/HDCV/FSOFT v2/3 Securing a Microsoft ASP.NET Web Application.
1 Web services and security ---discuss different ways to enforce security Presenter: Han, Xue.
COMP3121 E-Commerce Technologies Richard Henson University of Worcester November 2011.
This tip sheet focuses on the elements required to access SMART. Total Pages: 5 Accessing SMART Logging In Agency/Facility/Program Access Logging Out IGSR.
Dr. Mustafa Cem Kasapbaşı Security in ASP.NET. Determining Security Requirements Restricted File Types.
PROG Advanced Web Applications With.NET PROG Advanced Web Applications With.NET User Authentication & Authorization.
Module 11: Securing a Microsoft ASP.NET Web Application.
Role Management in.NET Shree Shalini Pusapati CS /17/20151.
Chapter 4: Working with ASP.NET Server Controls OUTLINE  What ASP.NET Server Controls are  How the ASP.NET run time processes the server controls on.
MEMBERSHIP AND IDENTITY Active server pages (ASP.NET) 1 Chapter-4.
GUDURU PRAVEEN REDDY.NET IMPERSONATION. Contents Introduction Impersonation Enabled Impersonation Disabled Impersonation Class Libraries Impersonation.
Setting Up TGO User Accounts. Creating User Accounts for Other Users If your company has other users who need to use the Active Orders system, your company’s.
Copyright © Texas Education Agency, All rights reserved.1 Web Technologies Website Forms / Data Acquisition.
Working with Users and Groups Lesson 5. Skills Matrix Technology SkillObjective DomainObjective # Introducing User Account Control Configure and troubleshoot.
Page 1 of 42 To the ETS – Create Client Account & Maintenance Online Training Course Individual accounts (called a Client Account) are subsets of the Site.
Personalizing Web Sites Nasrullah. Understanding Profile The ASP.NET application service that enables you to store and retrieve information about users.
Configuring a Membership Site Configure your Web site for membership Create folders for members-only content Prevent anonymous users from accessing members-only.
Working with ASP.NET Controls What is ASP.NET Using server controls in your pages Allowing users to create their own accounts Creating a login page Letting.
COOKIES AND SESSIONS.
COMP3121 E-Commerce Technologies Richard Henson University of Worcester December 2009.
Unit 7 Learning Objectives
Securing your ASP.NET Website
Welcome! To the ETS – Create Client Account & Maintenance
Authentication and Authorisation in ASP.Net
ASP .NET MVC Authorization Training Videos
Security Basics and ASP.NET Support
Tutorial for 21Classes.com
Data Virtualization Tutorial… CORS and CIS
Data Virtualization Tutorial… OAuth Example using Google Sheets
Assess Survey Invitations
Jim Fawcett CSE686 – Internet Programming Summer 2005
IEEE Standards Association New Electronic Balloting System
Requesting Access to POP on Intel’s Supplier Presence Site - External Users Feb 28, 2012.
Multi-Factor Authentication (MFA)
Active Orders Supplier Administrator Training Getting Started Activities This training presentation describes the Getting Started activities that will.
How to Register on Active Orders Trading Grid Company Registration
What is Cookie? Cookie is small information stored in text file on user’s hard drive by web server. This information is later used by web browser to retrieve.
Manage your Interest Group
Welcome to FOCUS FOCUS website:
Created by : Asst. Prof. Ashish Shah
Configuring Internet-related services
Web Privacy Chapter 6 – pp 125 – /12/9 Y K Choi.
Installation & User Guide
Towards an easy use of CIRCABC Interest group leader training
TaxSlayer Multi-Factor Authentication (MFA)
Role Management in .net Vinay Dhareshwar.
Access Anywhere Users Manual.
Creating Your WebQuest on Zunal.com
How to Reset a Forgotten Windows Live Hotmail Password? | Call
Security - Forms Authentication
Student user guide for getting started with Microsoft
Presentation transcript:

Security In your webSite

Introducing Scurity Who are you? How Can you Prove that? What are you allowed to do in the system?

Identity :Who are you? An identity is what makes you,YOU An identity depends upon the context in which it is used No matter what you include in your identity,it is a way to refer to you , But how does anyone else know you? And how can they be sure it’s really you when you log on to a web site, for example? This is where authentication enters the game.

Authentication How can you prove ,who are you.? We would use user name and password for authentication

Authorization(what are you allowed to do) Depending on who you are, a system grants you more or fewer privileges to access certain areas. To determine what a user is allowed to do, a system needs to know two things: the permissions for the current user and the authorization rules for the resource a user is trying to access

ASP.NET APPLICATION SERVICES Membership: Enables you to manage and work with user accounts in your system. Roles: Enables you to manage the roles that your users can be assigned to. Profile: Enables you to store user-specific data in a back-end database.

Difference between authentication and authorization Authentication is all about proving your identity to a system like a web site. After you have been authenticated, authorization then determines what you can and cannot do in the system.

LOGIN CONTROLS The available login controls effectively encapsulate all the code and logic you need to validate and manage users. These controls work by communicating with the configured provider through the Application services, instead of talking to a database directly the Login control enables a user to log in to the site. control talks to the configured membership provider through the application services to see if the user name and password represent a valid user in the system. If the user is validated, a cookie is issued that is sent to the user’s browser. On subsequent requests the browser resubmits the cookie to the server so the system knows it’s still dealing with a valid user. The different settings for the membership provider are all configured in the <membership /> element of the web.config file.

Property(login control) Description DestinationPageUrl Defines the URL the user is sent to after a successful login attempt CreateUserText Controls the text that is displayed to invite users to sign up for a new account. CreateUserUrl Controls the URL where users are taken to sign up for a new account. DisplayRememberMe Specifies whether the control displays the Remember Me option. When set to False or when the check box is not checked when logging in, users need to re-authenticate every time they close and reopen the browser. RememberMeSet Specifies whether the Remember Me option is initially checked. PasswordRecoveryText Controls the text that is displayed to tell users they can reset or recover their password. PasswordRecoveryUrl Specifies the URL where users are taken to get their (new) password. VisibleWhenLoggedIn Determines whether the control is visible when the current user is logged in. True by default.

Loginin control (continued) The authentication mechanism of ASP.NET by default assumes you have a page called Login.aspx in the root of your site that is used to let users log in. To be functional, the minimum that this page requires is a Login control. If you want to use a different page, you can specify its path in the <forms /> element under <authentication /> like this: <authentication mode=”Forms”> <forms loginUrl=”MyLoginPage.aspx” /> </authentication>

How to redirect the user If you want to redirect all users to the same page, all you need to set is the DestinationPageUrl: <asp:Login ID=”Login1” runat=”server” DestinationPageUrl=”~/MyProfile.aspx”> When a user is logged in successfully, she’s taken to MyProfile.aspx automatically.

LogininView Control The LoginView is a handy control that lets you display different data to different users. It enables you to differentiate between anonymous and logged-in users, and you can even differentiate between users in different roles. The LoginView is template driven and as such lets you define different templates that are shown to different users.

LoginStatus Control LoginStatus control provides information about the current status of the user. It provides a Login link when the user is not authenticated and a Logout link when the user is already logged in. You control the actual text being displayed by setting the LoginText and LogoutText properties. Alternatively, you can set the LoginImageUrl and LogoutImageUrl properties to display an image instead of text. Finally, you can set the LogoutAction property to determine whether the current page refreshes if the user logs out, or whether the user is taken to another page after logging out. You determine this destination page by setting the LogoutPageUrl.

Diff between loginView and LoginStatus Control The LoginStatus simply displays a simple text that indicates whether or not the user is logged in.By default the text that is displayed is Login when the user is currently not logged in, and Logout when the user is already logged in. Clicking the link either sends the user to the default Login page,or logs the user out. The LoginView is somewhat similar in that it displays different content depending on whether the user is currently logged in. However, because the control is completely template driven, you can fully control the content that is displayed. To enable you to differentiate between different user roles, you can use the RoleGroups element to set up templates that are only shown to users in specific roles.