Chapter 13 – Site Security. Internet Information Server ASP.NET Applications.NET Framework Windows NT/2000 Operating System Forms Passport Windows Certificates.

Slides:



Advertisements
Similar presentations
.NET Framework Application Security Overview
Advertisements

Forms Authentication, Users, Roles, Membership Ventsislav Popov Crossroad Ltd.
ASP.Net Security Chapter 10 Jeff Prosise’s Book. Authentication To ascertain the caller’s identity –Windows authentication –Forms authentication –Passport.
DESIGNING A PUBLIC KEY INFRASTRUCTURE
16.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 9: Planning and Managing Certificate Services.
PKI 2: Protezione del traffico Web tramite SSL Fabrizio Grossi.
1 Configuring Web services (Week 15, Monday 4/17/2006) © Abdou Illia, Spring 2006.
ASP.NET Security MacDonald Ch. 18 MIS 424 MIS 424 Professor Sandvig Professor Sandvig.
Authenticating Users in an ASP.NET Application. Web Site Administration Tool From VS 2008, click Website/ ASP.Net Configuration to open Web Site Administration.
Security in.NET Jørgen Thyme Microsoft Denmark. Topics & non-topics  Cryptography  App domains  Impersonation / delegation  Authentication  Authorization.
Microsoft ASP.NET Security Venkat Chilakala Support Professional Microsoft Corporation.
Using Internet Information Server And Microsoft ® Internet Explorer To Implement Security On The Intranet HTTP.
ASP.NET Security 9/9/2002 LA.NET Users Group Presented by David Henson
11 SHARING FILE SYSTEM RESOURCES Chapter 9. Chapter 9: SHARING FILE SYSTEM RESOURCES2 CHAPTER OVERVIEW  Create and manage file system shares and work.
ASP.NET 2.0 Chapter 6 Securing the ASP.NET Application.
Access Control in IIS 6.0 Windows 2003 Server Prepared by- Shamima Rahman School of Science and Computer Engineering University of Houston - Clear Lake.
Jonas Thomsen, Ph.d. student Computer Science University of Aarhus Best Practices and Techniques for Building Secure Microsoft.
Configuring and Troubleshooting Identity and Access Solutions with Windows Server® 2008 Active Directory®
Role based Security in.NET By By Aasia Riasat Aasia RiasatCS-795.
APACHE SERVER By Innovationframes.com »
Understanding Security Lesson 6. Objective Domain Matrix Skills/ConceptsMTA Exam Objectives Understanding the System.Security Namespace Understand the.
Configuring Active Directory Certificate Services Lesson 13.
Internet Information Server 6.0. Overview  What’s New in IIS 6.0?  Built-in Accounts and IIS 6.0  IIS Pass-Through Authentication  Securing Web Traffic.
11 SHARING FILE SYSTEM RESOURCES Chapter 9. Chapter 9: SHARING FILE SYSTEM RESOURCES2 CHAPTER OVERVIEW Create and manage file system shares and work with.
Delivering Excellence in Software Engineering ® EPAM Systems. All rights reserved. ASP.NET Authentication.
1 ASP.NET SECURITY Presenter: Van Nguyen. 2 Introduction Security is an integral part of any Web-based application. Understanding ASP.NET security will.
Edwin Sarmiento Microsoft MVP – Windows Server System Senior Systems Engineer/Database Administrator Fujitsu Asia Pte Ltd
70-294: MCSE Guide to Microsoft Windows Server 2003 Active Directory Chapter 9: Active Directory Authentication and Security.
Session 11: Security with ASP.NET
Forms Authentication, Users, Roles, Membership Svetlin Nakov Telerik Corporation
Module 10: Configuring Windows XP Professional to Operate in Microsoft Networks.
© FPT SOFTWARE – TRAINING MATERIAL – Internal use 04e-BM/NS/HDCV/FSOFT v2/3 Securing a Microsoft ASP.NET Web Application.
Windows Security. Security Windows 2000/XP Professional security oriented Authentication Authorization Internet Connection Firewall.
1 Web services and security ---discuss different ways to enforce security Presenter: Han, Xue.
Module 5 Configuring Authentication. Module Overview Lesson 1: Understanding Classic SharePoint Authentication Providers Lesson 2: Understanding Federated.
Active Directory. Computers in organizations Computers are linked together for communication and sharing of resources There is always a need to administer.
Chapter 9: SHARING FILE SYSTEM RESOURCES1 CHAPTER OVERVIEW  Create and manage file system shares and work with share permissions.  Use NTFS file system.
Dr. Mustafa Cem Kasapbaşı Security in ASP.NET. Determining Security Requirements Restricted File Types.
SECURITY ISSUES. Introduction The.NET Framework includes a comprehensive set of security tools –Low-level classes and an overall framework –Managing code.
The.NET Runtime and IIS Presented by Chris Dickey – cdickey.net consulting
Module 9: Designing Public Key Infrastructure in Windows Server 2008.
Module 11: Securing a Microsoft ASP.NET Web Application.
Slide 1 ASP Authentication There are basically three authentication modes Windows Passport Forms There are others through WCF You choose an authentication.
CS795.Net Impersonation… why & How? Presented by: Vijay Reddy Mara.
Ins and Outs of Authenticating Users Requests to IIS 6.0 and ASP.NET Chris Adams Program Manager IIS Product Unit Microsoft Corporation.
GUDURU PRAVEEN REDDY.NET IMPERSONATION. Contents Introduction Impersonation Enabled Impersonation Disabled Impersonation Class Libraries Impersonation.
Web Access. Overview  Purpose  Prerequisites  Install Components  Enable Virtual Directories  IIS Configuration & Security  Troubleshooting.
IIS and.Net security -Vasudha Bhat. What is IIS? Why do we need IIS? Internet Information Services (IIS) is a Web server, its primary job is to accept.
Configuring and Troubleshooting Identity and Access Solutions with Windows Server® 2008 Active Directory®
Module 2: Introducing Windows 2000 Security. Overview Introducing Security Features in Active Directory Authenticating User Accounts Securing Access to.
Creating and Managing Digital Certificates Chapter Eleven.
Security E-Learning Chapter 08. Security Control access to your web site –3 Techinques for Identifying users Giving users access to your site Securing.
Understanding Security
Active Directory. Computers in organizations Computers are linked together for communication and sharing of resources There is always a need to administer.
Windows Security -- Archana Galipalli. Agenda  Windows Security  Windows Security and CLR  Implementing Windows Security for IIS  Configuring Security.
Security. Agenda ASP.NET security basics AuthenticationAuthorization Security principals Forms authentication Membership service Login controls Role Management.
©Richard L. Goldman Public Key Policies for Windows 2000 ©Richard Goldman December 5, 2001.
IS 4506 Windows NTFS and IIS Security Features.  Overview Windows NTFS Server security Internet Information Server security features Securing communication.
Business Objects XIr2 Windows NT Authentication Single Sign-on 18 August 2006.
Basharat Institute of Higher Education
Agenda Introduction Security flow for a request Authentication
System.Security.Principal Namespace
Jim Fawcett CSE686 – Internet Programming Summer 2005
Common Security Mistakes
Introduction to .net Impersonation
Created by : Asst. Prof. Ashish Shah
Designing IIS Security (IIS – Internet Information Service)
Presentation transcript:

Chapter 13 – Site Security

Internet Information Server ASP.NET Applications.NET Framework Windows NT/2000 Operating System Forms Passport Windows Certificates Anonymous Standard Windows Digest Code Access Security Active Directory File Permissions Web Clients SSL

Web Clients Get Default.aspx Security Authority Windows Forms Passport Custom user id=GlennJ password=hi2u2! Who are you? Provide proof. Ok, here is Default.aspx Authentication

Web Clients GlennJ says: Select * from Orders Is GlennJ Authorized to retrieve the Orders? Here are the Orders. Authorization

Workgroup Client Workgroup Client Workgroup Client Workgroup Client Directory Users Administrator Randy Gary Sue Directory Groups Users Managers Directory Users Administrator Randy Gary Sue Directory Groups Users Managers Directory Users Administrator Randy Gary Sue Directory Groups Users Managers Directory Users Administrator Randy Gary Sue Directory Groups Users Managers

Local User Account Creation

Domain Workstation Domain Workstation Domain Workstation Domain Workstation Active Directory Users Administrator Randy Gary Sue Active Directory Groups Domain Users Managers Domain Controller Directory Groups Users Printer Users Directory Groups Users Scanner Users Directory Groups Users File System Users Directory Groups Users HR Users

Discretionary Access Control List (DACL) Managers Read and Execute, Write Users Read and Execute Sue Full Control, Member of Users Glenn Deny Write, Member of Users, Managers SalesData.xml Glenn Sue Effective Permissions Read and Execute Effective Permissions Full Control Access Control Entries (ACEs)

IIS Security

Browser Client Web Site Server Initiate Conversation - Can we talk? Here is an encrypted session key Hi - here's my certificate containing the public key, signed by CA's private key Communication with session key Validate Digital Certificate

IIS Certificate Wizard

Certificate Backup

Certificate Restore

SSL Configuration

ASP.NET Authentication Run as User Account or IUSR Run Using Account (ASPNET) Internet Information Server Authentication IP and Domain Acceptable? User Authentication Impersonation Enabled? Yes No Perform ASP.NET Security Checks Check Windows DACL for Resource Permissions Request is Authorized - Respond to User

Browser Client Web Site Server 1. Request protected resource GET mydoc.aspx 3. Get login page - login.aspx?RETURNURL=/mydoc.aspx 5. POST login.aspx?RETURNURL=/mydoc.aspx 2. Redirect to login page 4. login.aspx 7. Redirect to mydoc.aspx with authentication cookie 6.Authenticate User 8. Request protected resource with authentication cookie GET mydoc.aspx 9. mydoc.asmx

Login Page

machine.config allow users="*" Web.config at / ( root ) Web.config at / ( root ) ( no entries ) Web.config at /customers allow users="Joe" deny users="*" Web.config at /customers/sales allow users="Mary" Web.config at /customers/sales/reports allow users="Mary,Joe" deny users="*"

AuthenticationType Name IsAuthenticated IIdentity AuthenticationType Name IsAuthenticated Ticket FormsIdentity AuthenticationType Name IsAuthenticated IsGuest IsSystem Token GetAnonymous( ) GetCurrent( ) Impersonate( ) WindowsIdentity AuthenticationType Name IsAuthenticated HasTicket GetProfileObject( ) PassportIdentity AuthenticationType Name IsAuthenticated GenericIdentity

Identity IsInRole( ) IPrincipal Identity IsInRole( ) WindowsPrincipal Identity IsInRole( ) GenericPrincipal

Forms Authentication Using Database Access

Populated Database

Database Access

Permissions Retrieve Evidence From Assembly Retrieve Evidence From Assembly Code Groups 3 Strong Name My_Computer_Zone Assign into Code Groups UNIONed Permissions Intersect Policy Permissions Enterprise Machine User Application Domain Code Access Security

Security Policy Administration

Testing Code Access Security

Lab Require Login to Customer site

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.