Presentation is loading. Please wait.

Presentation is loading. Please wait.

Authentication and Authorization

Published byRosalind Charity Cunningham Modified over 7 years ago

Similar presentations

Presentation on theme: "Authentication and Authorization"— Presentation transcript:

1 Authentication and Authorization
CS 3870/CS 5870: Note 11 Authentication and Authorization Membership Provider

2 Membership Provider Authentication Authorization
To identify the user Authorization To give permission to the user Membership Provider ASP.NET approach for Authentication and authorization

3 Web.Config Machine.config Machine level settings
Default settings for all Web applications Application Web.config Under the application main Web site directory Apply to the entire application Overwrite some settings set in Machine.config Local Web.config Each folder under the main Web site can have its own Web.config file Overwrite some settings set in higher level Web.config Not every setting can be set in local Web.config AUTHENTICATION must be set in application Web.config AUTHORIZATION can be different for different folders Page Directives Apply to the page only Overwrite settings set in Web.config

4 Machine.config on Xray C:\Windows\Microsoft.NET\Framework\v \Config <membership> <providers> <add name="AspNetSqlMembershipProvider" type="System.Web.Security.SqlMembershipProvider, System.Web, Version= , Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" connectionStringName="LocalSqlServer" enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="true" applicationName="/" requiresUnique ="false" passwordFormat="Hashed" maxInvalidPasswordAttempts="5" minRequiredPasswordLength="7" minRequiredNonalphanumericCharacters="1" passwordAttemptWindow="10" passwordStrengthRegularExpression=""/> </providers> </membership>

5 Machine.config on Xray C:\Windows\Microsoft.NET\Framework\v \Config <connectionStrings> <add name="LocalSqlServer" connectionString="data source=.\SQLEXPRESS;Integrated Security=SSPI;AttachDBFilename=|DataDirectory|aspnetdb.mdf; User Instance=true" providerName="System.Data.SqlClient"/> </connectionStrings>

6 Web.Config Application Configuration File in the main web site
<system.web> <authentication mode="Forms" > <forms name="formsAuth" loginUrl="Prog5/login.aspx" path="/" requireSSL="false" slidingExpiration="true" protection="All" defaultUrl="~/Prog5/Default.aspx" timeout="30" cookieless="UseDeviceProfile" /> </authentication> </system.web>

7 Authentication To identify the user Four Modes Windows: IntraNet
Forms : Internet Passport: MS None

8 Forms Based Authentication
name : cookie's name loginUrl : default is login.aspx path : the location to save the cookie, default is / protection: the amount of protection applied to the cookie Encryption Validation All (both, default) None timeout : minutes (default 30) a durable cookie could be issued

9 Forms Based Authentication
defaultUrl: if the user requests the login.aspx page Otherwise, go to the requested page requiresSSL: credential be sent over an encrypted wire (SSL) slidingExpiration: timeout of the cookie is on a sliding scale cookieless: UseDeviceProfile: default UseCookies: require to use cookies UseUri: force to store credential within Uri AutoDetect: sending a test cookie first

10 Form Login Create form Login in the main Web site folder
Add control Login from tab Login All pages are still accessible to the public

11 Authorization Application Configuration File in the main folder
</system.web> <authentication mode="Forms"> </authentication> <authorization> <deny users="?" /> </authorization>

12 Authorization Application Configuration File in the main folder
</system.web> <authentication mode="Forms"> </authentication> <location path=“Prog5"> <system.web> <authorization> <deny users="?" /> </authorization> </location> <!–- could have multiple locations -->

13 Control CreateUserWizard
Add a form CreateUser.aspx under the main folder Add control CreateUserWizard Toolbox/Login Create one user UserName: csse Password: Your Your choices for others

14 Event ContinueButtonClick
In CreateUser.aspx.vb Select CreateUserWizard1 Select event ContinueButtonClick Code Response.Redirect(“Prog5/Login.aspx")

15 Authorization <deny users="*" /> <allow users="*" />
<allow users="[comma separated list of users]" roles="[comma separated list of roles]" verbs="[comma separated list of roles]"/> <deny users="[comma separated list of users]" * : everyone ? : anonymous verbs: POST, GET, HEADER, DEBUG

16 Other Login Controls Toolbox/Login ChangePassword LoginName
LoginStatus LoginView PasswordRecovery

17 Prog5MasterPage Add LoginName and LoginStatus

18 Correct All Mistakes of Prog4
If you make the same mistakes in Prog5 as you did in Prog4, the number of points you lose will be doubled!

Download ppt "Authentication and Authorization"

Similar presentations

Forms Authentication, Users, Roles, Membership Ventsislav Popov Crossroad Ltd.

Forms Authentication, Users, Roles, Membership Ventsislav Popov Crossroad Ltd.
Forms Authority Database Store Username and Passwords: ASP.NET framework allows you to control access to pages, classes, or methods based on username and.

Forms Authority Database Store Username and Passwords: ASP.NET framework allows you to control access to pages, classes, or methods based on username and.
ASP.Net Security Chapter 10 Jeff Prosise’s Book. Authentication To ascertain the caller’s identity –Windows authentication –Forms authentication –Passport.

ASP.Net Security Chapter 10 Jeff Prosise’s Book. Authentication To ascertain the caller’s identity –Windows authentication –Forms authentication –Passport.
ASP.NET Web Application Security Hannes Preishuber ppedv AG

ASP.NET Web Application Security Hannes Preishuber ppedv AG
ASP.NET Security MacDonald Ch. 18 MIS 424 MIS 424 Professor Sandvig Professor Sandvig.

ASP.NET Security MacDonald Ch. 18 MIS 424 MIS 424 Professor Sandvig Professor Sandvig.
Authenticating Users in an ASP.NET Application. Web Site Administration Tool From VS 2008, click Website/ ASP.Net Configuration to open Web Site Administration.

Authenticating Users in an ASP.NET Application. Web Site Administration Tool From VS 2008, click Website/ ASP.Net Configuration to open Web Site Administration.
Website Security ISYS 512. Authentication Authentication is the process that determines the identity of a user. Web.config file – node Options: –Windows.

Website Security ISYS 512. Authentication Authentication is the process that determines the identity of a user. Web.config file – node Options: –Windows.
Microsoft ASP.NET Security Venkat Chilakala Support Professional Microsoft Corporation.

Microsoft ASP.NET Security Venkat Chilakala Support Professional Microsoft Corporation.
Building ASP.NET Applications 2 Lecture 3,4 T. Ahlam Algharasi 4 th Level.

Building ASP.NET Applications 2 Lecture 3,4 T. Ahlam Algharasi 4 th Level.
Membership, Role Manager and Profile Membership, Role Manager and Profile Matt Gibbs ASP.NET Development Manager.

Membership, Role Manager and Profile Membership, Role Manager and Profile Matt Gibbs ASP.NET Development Manager.
ASP.NET 2.0 Chapter 6 Securing the ASP.NET Application.

ASP.NET 2.0 Chapter 6 Securing the ASP.NET Application.
Chapter 13 – Site Security. Internet Information Server ASP.NET Applications.NET Framework Windows NT/2000 Operating System Forms Passport Windows Certificates.

Chapter 13 – Site Security. Internet Information Server ASP.NET Applications.NET Framework Windows NT/2000 Operating System Forms Passport Windows Certificates.
Website Security ISYS 512. Cookies Data in Cookies System.Web Which web site set the cookie Expiration date –DateTime data type –TimeSpan data type One.

Website Security ISYS 512. Cookies Data in Cookies System.Web Which web site set the cookie Expiration date –DateTime data type –TimeSpan data type One.
Building Applications using ASP.NET and C# / Session 14 / 1 of 18 Session 14.

Building Applications using ASP.NET and C# / Session 14 / 1 of 18 Session 14.
Jonas Thomsen, Ph.d. student Computer Science University of Aarhus Best Practices and Techniques for Building Secure Microsoft.

Jonas Thomsen, Ph.d. student Computer Science University of Aarhus Best Practices and Techniques for Building Secure Microsoft.
Delivering Excellence in Software Engineering ® 2006. EPAM Systems. All rights reserved. ASP.NET Authentication.

Delivering Excellence in Software Engineering ® EPAM Systems. All rights reserved. ASP.NET Authentication.
1 ASP.NET SECURITY Presenter: Van Nguyen. 2 Introduction Security is an integral part of any Web-based application. Understanding ASP.NET security will.

1 ASP.NET SECURITY Presenter: Van Nguyen. 2 Introduction Security is an integral part of any Web-based application. Understanding ASP.NET security will.
Session 11: Security with ASP.NET

Session 11: Security with ASP.NET

Forms Authentication, Users, Roles, Membership Svetlin Nakov Telerik Corporation www.telerik.com.

Forms Authentication, Users, Roles, Membership Svetlin Nakov Telerik Corporation

Similar presentations

Ads by Google