Presentation is loading. Please wait.

Presentation is loading. Please wait.

Chapter 13 – Site Security. Internet Information Server ASP.NET Applications.NET Framework Windows NT/2000 Operating System Forms Passport Windows Certificates.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Chapter 13 – Site Security. Internet Information Server ASP.NET Applications.NET Framework Windows NT/2000 Operating System Forms Passport Windows Certificates."— Presentation transcript:

1 Chapter 13 – Site Security

2 Internet Information Server ASP.NET Applications.NET Framework Windows NT/2000 Operating System Forms Passport Windows Certificates Anonymous Standard Windows Digest Code Access Security Active Directory File Permissions Web Clients SSL

3 Web Clients Get Default.aspx Security Authority Windows Forms Passport Custom user id=GlennJ password=hi2u2! Who are you? Provide proof. Ok, here is Default.aspx Authentication

4 Web Clients GlennJ says: Select * from Orders Is GlennJ Authorized to retrieve the Orders? Here are the Orders. Authorization

5 Workgroup Client Workgroup Client Workgroup Client Workgroup Client Directory Users Administrator Randy Gary Sue Directory Groups Users Managers Directory Users Administrator Randy Gary Sue Directory Groups Users Managers Directory Users Administrator Randy Gary Sue Directory Groups Users Managers Directory Users Administrator Randy Gary Sue Directory Groups Users Managers

6 Local User Account Creation

7 Domain Workstation Domain Workstation Domain Workstation Domain Workstation Active Directory Users Administrator Randy Gary Sue Active Directory Groups Domain Users Managers Domain Controller Directory Groups Users Printer Users Directory Groups Users Scanner Users Directory Groups Users File System Users Directory Groups Users HR Users

8 Discretionary Access Control List (DACL) Managers Read and Execute, Write Users Read and Execute Sue Full Control, Member of Users Glenn Deny Write, Member of Users, Managers SalesData.xml Glenn Sue Effective Permissions Read and Execute Effective Permissions Full Control Access Control Entries (ACEs)

9 IIS Security

10 Browser Client Web Site Server Initiate Conversation - Can we talk? Here is an encrypted session key Hi - here's my certificate containing the public key, signed by CA's private key Communication with session key Validate Digital Certificate

11 IIS Certificate Wizard

12 Certificate Backup

13 Certificate Restore

14 SSL Configuration

15 ASP.NET Authentication Run as User Account or IUSR Run Using Account (ASPNET) Internet Information Server Authentication IP and Domain Acceptable? User Authentication Impersonation Enabled? Yes No Perform ASP.NET Security Checks Check Windows DACL for Resource Permissions Request is Authorized - Respond to User

16 Browser Client Web Site Server 1. Request protected resource GET mydoc.aspx 3. Get login page - login.aspx?RETURNURL=/mydoc.aspx 5. POST login.aspx?RETURNURL=/mydoc.aspx 2. Redirect to login page http://www.site.com/login.aspx?RETURNURL=/mydoc.aspx 4. login.aspx 7. Redirect to mydoc.aspx with authentication cookie 6.Authenticate User 8. Request protected resource with authentication cookie GET mydoc.aspx 9. mydoc.asmx

17 Login Page

18 machine.config allow users="*" Web.config at / ( root ) Web.config at / ( root ) ( no entries ) Web.config at /customers allow users="Joe" deny users="*" Web.config at /customers/sales allow users="Mary" Web.config at /customers/sales/reports allow users="Mary,Joe" deny users="*"

19 AuthenticationType Name IsAuthenticated IIdentity AuthenticationType Name IsAuthenticated Ticket FormsIdentity AuthenticationType Name IsAuthenticated IsGuest IsSystem Token GetAnonymous( ) GetCurrent( ) Impersonate( ) WindowsIdentity AuthenticationType Name IsAuthenticated HasTicket GetProfileObject( ) PassportIdentity AuthenticationType Name IsAuthenticated GenericIdentity

20 Identity IsInRole( ) IPrincipal Identity IsInRole( ) WindowsPrincipal Identity IsInRole( ) GenericPrincipal

21 Forms Authentication Using Database Access

22 Populated Database

23 Database Access

24 Permissions Retrieve Evidence From Assembly Retrieve Evidence From Assembly Code Groups 3 Strong Name My_Computer_Zone Assign into Code Groups UNIONed Permissions Intersect Policy Permissions Enterprise Machine User Application Domain Code Access Security

25 Security Policy Administration

26 Testing Code Access Security

27

28 Lab Require Login to Customer site

Download ppt "Chapter 13 – Site Security. Internet Information Server ASP.NET Applications.NET Framework Windows NT/2000 Operating System Forms Passport Windows Certificates."

Similar presentations

.NET Framework Application Security Overview

.NET Framework Application Security Overview
Forms Authentication, Users, Roles, Membership Ventsislav Popov Crossroad Ltd.

Forms Authentication, Users, Roles, Membership Ventsislav Popov Crossroad Ltd.
ASP.Net Security Chapter 10 Jeff Prosise’s Book. Authentication To ascertain the caller’s identity –Windows authentication –Forms authentication –Passport.

ASP.Net Security Chapter 10 Jeff Prosise’s Book. Authentication To ascertain the caller’s identity –Windows authentication –Forms authentication –Passport.
DESIGNING A PUBLIC KEY INFRASTRUCTURE

DESIGNING A PUBLIC KEY INFRASTRUCTURE
16.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.

16.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 9: Planning and Managing Certificate Services.

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 9: Planning and Managing Certificate Services.
PKI 2: Protezione del traffico Web tramite SSL Fabrizio Grossi.

PKI 2: Protezione del traffico Web tramite SSL Fabrizio Grossi.
1 Configuring Web services (Week 15, Monday 4/17/2006) © Abdou Illia, Spring 2006.

1 Configuring Web services (Week 15, Monday 4/17/2006) © Abdou Illia, Spring 2006.
ASP.NET Security MacDonald Ch. 18 MIS 424 MIS 424 Professor Sandvig Professor Sandvig.

ASP.NET Security MacDonald Ch. 18 MIS 424 MIS 424 Professor Sandvig Professor Sandvig.
Authenticating Users in an ASP.NET Application. Web Site Administration Tool From VS 2008, click Website/ ASP.Net Configuration to open Web Site Administration.

Authenticating Users in an ASP.NET Application. Web Site Administration Tool From VS 2008, click Website/ ASP.Net Configuration to open Web Site Administration.
Security in.NET Jørgen Thyme Microsoft Denmark. Topics & non-topics  Cryptography  App domains  Impersonation / delegation  Authentication  Authorization.

Security in.NET Jørgen Thyme Microsoft Denmark. Topics & non-topics  Cryptography  App domains  Impersonation / delegation  Authentication  Authorization.
Microsoft ASP.NET Security Venkat Chilakala Support Professional Microsoft Corporation.

Microsoft ASP.NET Security Venkat Chilakala Support Professional Microsoft Corporation.
Using Internet Information Server And Microsoft ® Internet Explorer To Implement Security On The Intranet HTTP.

Using Internet Information Server And Microsoft ® Internet Explorer To Implement Security On The Intranet HTTP.
ASP.NET Security 9/9/2002 LA.NET Users Group Presented by David Henson

ASP.NET Security 9/9/2002 LA.NET Users Group Presented by David Henson
11 SHARING FILE SYSTEM RESOURCES Chapter 9. Chapter 9: SHARING FILE SYSTEM RESOURCES2 CHAPTER OVERVIEW  Create and manage file system shares and work.

11 SHARING FILE SYSTEM RESOURCES Chapter 9. Chapter 9: SHARING FILE SYSTEM RESOURCES2 CHAPTER OVERVIEW  Create and manage file system shares and work.
ASP.NET 2.0 Chapter 6 Securing the ASP.NET Application.

ASP.NET 2.0 Chapter 6 Securing the ASP.NET Application.
Access Control in IIS 6.0 Windows 2003 Server Prepared by- Shamima Rahman School of Science and Computer Engineering University of Houston - Clear Lake.

Access Control in IIS 6.0 Windows 2003 Server Prepared by- Shamima Rahman School of Science and Computer Engineering University of Houston - Clear Lake.
Jonas Thomsen, Ph.d. student Computer Science University of Aarhus Best Practices and Techniques for Building Secure Microsoft.

Jonas Thomsen, Ph.d. student Computer Science University of Aarhus Best Practices and Techniques for Building Secure Microsoft.
Configuring and Troubleshooting Identity and Access Solutions with Windows Server® 2008 Active Directory®

Configuring and Troubleshooting Identity and Access Solutions with Windows Server® 2008 Active Directory®
Role based Security in.NET By By Aasia Riasat Aasia RiasatCS-795.

Role based Security in.NET By By Aasia Riasat Aasia RiasatCS-795.

Similar presentations

Ads by Google