Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security In your webSite.

Published byEverett Small Modified over 6 years ago

Similar presentations

Presentation on theme: "Security In your webSite."— Presentation transcript:

1 Security In your webSite

2 Introducing Scurity Who are you? How Can you Prove that?
What are you allowed to do in the system?

3 Identity :Who are you? An identity is what makes you,YOU
An identity depends upon the context in which it is used No matter what you include in your identity,it is a way to refer to you , But how does anyone else know you? And how can they be sure it’s really you when you log on to a web site, for example? This is where authentication enters the game.

4 Authentication How can you prove ,who are you.? We would use user name and password for authentication

5 Authorization(what are you allowed to do)
Depending on who you are, a system grants you more or fewer privileges to access certain areas. To determine what a user is allowed to do, a system needs to know two things: the permissions for the current user and the authorization rules for the resource a user is trying to access

6 ASP.NET APPLICATION SERVICES
Membership: Enables you to manage and work with user accounts in your system. Roles: Enables you to manage the roles that your users can be assigned to. Profile: Enables you to store user-specific data in a back-end database.

7 Difference between authentication and authorization
Authentication is all about proving your identity to a system like a web site. After you have been authenticated, authorization then determines what you can and cannot do in the system.

8 LOGIN CONTROLS The available login controls effectively encapsulate all the code and logic you need to validate and manage users. These controls work by communicating with the configured provider through the Application services, instead of talking to a database directly the Login control enables a user to log in to the site. control talks to the configured membership provider through the application services to see if the user name and password represent a valid user in the system. If the user is validated, a cookie is issued that is sent to the user’s browser. On subsequent requests the browser resubmits the cookie to the server so the system knows it’s still dealing with a valid user. The different settings for the membership provider are all configured in the <membership /> element of the web.config file.

9 Property(login control)
Description DestinationPageUrl Defines the URL the user is sent to after a successful login attempt CreateUserText Controls the text that is displayed to invite users to sign up for a new account. CreateUserUrl Controls the URL where users are taken to sign up for a new account. DisplayRememberMe Specifies whether the control displays the Remember Me option. When set to False or when the check box is not checked when logging in, users need to re-authenticate every time they close and reopen the browser. RememberMeSet Specifies whether the Remember Me option is initially checked. PasswordRecoveryText Controls the text that is displayed to tell users they can reset or recover their password. PasswordRecoveryUrl Specifies the URL where users are taken to get their (new) password. VisibleWhenLoggedIn Determines whether the control is visible when the current user is logged in. True by default.

10 Loginin control (continued)
The authentication mechanism of ASP.NET by default assumes you have a page called Login.aspx in the root of your site that is used to let users log in. To be functional, the minimum that this page requires is a Login control. If you want to use a different page, you can specify its path in the <forms /> element under <authentication /> like this: <authentication mode=”Forms”> <forms loginUrl=”MyLoginPage.aspx” /> </authentication>

11 How to redirect the user
If you want to redirect all users to the same page, all you need to set is the DestinationPageUrl: <asp:Login ID=”Login1” runat=”server” DestinationPageUrl=”~/MyProfile.aspx”> When a user is logged in successfully, she’s taken to MyProfile.aspx automatically.

12 LogininView Control The LoginView is a handy control that lets you display different data to different users. It enables you to differentiate between anonymous and logged-in users, and you can even differentiate between users in different roles. The LoginView is template driven and as such lets you define different templates that are shown to different users.

13 LoginStatus Control LoginStatus control provides information about the current status of the user. It provides a Login link when the user is not authenticated and a Logout link when the user is already logged in. You control the actual text being displayed by setting the LoginText and LogoutText properties. Alternatively, you can set the LoginImageUrl and LogoutImageUrl properties to display an image instead of text. Finally, you can set the LogoutAction property to determine whether the current page refreshes if the user logs out, or whether the user is taken to another page after logging out. You determine this destination page by setting the LogoutPageUrl.

14 Diff between loginView and LoginStatus Control
The LoginStatus simply displays a simple text that indicates whether or not the user is logged in.By default the text that is displayed is Login when the user is currently not logged in, and Logout when the user is already logged in. Clicking the link either sends the user to the default Login page,or logs the user out. The LoginView is somewhat similar in that it displays different content depending on whether the user is currently logged in. However, because the control is completely template driven, you can fully control the content that is displayed. To enable you to differentiate between different user roles, you can use the RoleGroups element to set up templates that are only shown to users in specific roles.

Download ppt "Security In your webSite."

Similar presentations

Editorial roles Members of a Manila site can be assigned an editorial role if you want to grant them access to write stories or modify the appearance of.

Editorial roles Members of a Manila site can be assigned an editorial role if you want to grant them access to write stories or modify the appearance of.
Forms Authentication, Users, Roles, Membership Ventsislav Popov Crossroad Ltd.

Forms Authentication, Users, Roles, Membership Ventsislav Popov Crossroad Ltd.
Members Only & Login Modules Members Only works with the Login module to provide password protection to Web pages and files. Login Groups may be created.

Members Only & Login Modules Members Only works with the Login module to provide password protection to Web pages and files. Login Groups may be created.
ASP.NET Security MacDonald Ch. 18 MIS 424 MIS 424 Professor Sandvig Professor Sandvig.

ASP.NET Security MacDonald Ch. 18 MIS 424 MIS 424 Professor Sandvig Professor Sandvig.
Authenticating Users in an ASP.NET Application. Web Site Administration Tool From VS 2008, click Website/ ASP.Net Configuration to open Web Site Administration.

Authenticating Users in an ASP.NET Application. Web Site Administration Tool From VS 2008, click Website/ ASP.Net Configuration to open Web Site Administration.
Building ASP.NET Applications 2 Lecture 3,4 T. Ahlam Algharasi 4 th Level.

Building ASP.NET Applications 2 Lecture 3,4 T. Ahlam Algharasi 4 th Level.
ASP.NET 2.0 Chapter 6 Securing the ASP.NET Application.

ASP.NET 2.0 Chapter 6 Securing the ASP.NET Application.
1 Chapter Overview Creating User and Computer Objects Maintaining User Accounts Creating User Profiles.

1 Chapter Overview Creating User and Computer Objects Maintaining User Accounts Creating User Profiles.
Delivering Excellence in Software Engineering ® 2006. EPAM Systems. All rights reserved. ASP.NET Authentication.

Delivering Excellence in Software Engineering ® EPAM Systems. All rights reserved. ASP.NET Authentication.
1 ASP.NET SECURITY Presenter: Van Nguyen. 2 Introduction Security is an integral part of any Web-based application. Understanding ASP.NET security will.

1 ASP.NET SECURITY Presenter: Van Nguyen. 2 Introduction Security is an integral part of any Web-based application. Understanding ASP.NET security will.
Edwin Sarmiento Microsoft MVP – Windows Server System Senior Systems Engineer/Database Administrator Fujitsu Asia Pte Ltd

Edwin Sarmiento Microsoft MVP – Windows Server System Senior Systems Engineer/Database Administrator Fujitsu Asia Pte Ltd
Scottish Legal Aid Board Content Management using OpenCms Martin Spinks CTO Navyblue Tuesday, March 16, 2010.

Scottish Legal Aid Board Content Management using OpenCms Martin Spinks CTO Navyblue Tuesday, March 16, 2010.
Reading Data in Web Pages tMyn1 Reading Data in Web Pages A very common application of PHP is to have an HTML form gather information from a website's.

Reading Data in Web Pages tMyn1 Reading Data in Web Pages A very common application of PHP is to have an HTML form gather information from a website's.
Session 11: Security with ASP.NET

Session 11: Security with ASP.NET
Cookies Set a cookie – setcookie() Extract data from a cookie - $_COOKIE Augment user authentication script with a cookie.

Cookies Set a cookie – setcookie() Extract data from a cookie - $_COOKIE Augment user authentication script with a cookie.
Forms Authentication, Users, Roles, Membership Svetlin Nakov Telerik Corporation www.telerik.com.

Forms Authentication, Users, Roles, Membership Svetlin Nakov Telerik Corporation
Chapter 13 – Advanced Topics Dr. Stephanos Mavromoustakos.

Chapter 13 – Advanced Topics Dr. Stephanos Mavromoustakos.
Robinson_CIS_285_2005 HTML FORMS CIS 285 Winter_2005 Instructor: Mary Robinson.

Robinson_CIS_285_2005 HTML FORMS CIS 285 Winter_2005 Instructor: Mary Robinson.
© FPT SOFTWARE – TRAINING MATERIAL – Internal use 04e-BM/NS/HDCV/FSOFT v2/3 Securing a Microsoft ASP.NET Web Application.

© FPT SOFTWARE – TRAINING MATERIAL – Internal use 04e-BM/NS/HDCV/FSOFT v2/3 Securing a Microsoft ASP.NET Web Application.
1 Web services and security ---discuss different ways to enforce security Presenter: Han, Xue.

1 Web services and security ---discuss different ways to enforce security Presenter: Han, Xue.

Similar presentations

Ads by Google