Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 ASP.NET SECURITY Presenter: Van Nguyen. 2 Introduction Security is an integral part of any Web-based application. Understanding ASP.NET security will.

Published bySybil Nicholson Modified over 9 years ago

Similar presentations

Presentation on theme: "1 ASP.NET SECURITY Presenter: Van Nguyen. 2 Introduction Security is an integral part of any Web-based application. Understanding ASP.NET security will."— Presentation transcript:

1 1 ASP.NET SECURITY Presenter: Van Nguyen

2 2 Introduction Security is an integral part of any Web-based application. Understanding ASP.NET security will help in building secure Web applications. This document provides a brief overview of security in ASP.NET.

3 3 Introduction I.ASP.NET Web application security II.FormsAuthentication III.Manager Users Using Membership IV.Managing Authorization using Roles

4 4 I. ASP.NET Web application security  ASP.NET architecture  ASP.NET Data Flow  ASP.NET Authentication  ASP.NET Authorization  ASP.NET impersonation

5 5 I. ASP.NET Web application security  ASP.NET architecture

6 6 I. ASP.NET Web application security  ASP.NET Data Flow  The security data flow for two common scenarios: 1. Impersonation. 2. Forms authentication using cookies.

7 7 I. ASP.NET Web application security 1.Impersonation

8 8 I. ASP.NET Web application security 2.FormsAuthentication

9 9  ASP.NET Authentication: − Authentication is the process of obtaining identification credentials such as name and password from a user and validating those credentials against some authority. Windows Authentication Provider. (Asp.net Impersonation) Forms Authentication Provider. (FormsAuthentication) I. ASP.NET Web application security

10 10 I. ASP.NET Web application security  Authorization determines whether an identity should be granted access to a specific resource.  In ASP.NET Authorization, there are two ways to authorize access to a given resource: File authorization URL authorization

11 11 I. ASP.NET Web application security File authorization is performed by the FileAuthorizationModule. It checks the access control list (ACL) of the.aspx or.asmx handler file to determine whether a user should have access to the file. ACL permissions are verified for the user's Windows identity (if Windows authentication is enabled) or for the Windows identity of the ASP.NET process. FileAuthorizationModule

12 12 I. ASP.NET Web application security URL authorization: URL authorization is performed by the UrlAuthorizationModule, which maps users and roles to URLs in ASP.NET applications. This module can be used to selectively allow or deny access to arbitrary parts of an application (typically directories) for specific users or roles.UrlAuthorizationModule

13 13 I. ASP.NET Web application security  ASP.NET impersonation: − ASP.NET impersonation is disabled by default. If impersonation is enabled for an ASP.NET application, that application runs in the context of the identity whose access token IIS passes to ASP.NET. That token can be either an authenticated user token, such as a token for a logged-in Windows user, or the token that IIS provides for anonymous users (typically, the IUSR_MACHINENAME identity).

14 14 II. FormAuthentication  Forms authentication uses an authentication ticket that is created when a user logs on to a site, and then it tracks the user throughout the site. The forms authentication ticket is usually contained inside a cookie.  Configuration FormsAuthentication in web.config:

15 15 II. FormAuthentication  Credentials Store in web.config: Forms authentication credentials that are used to validate users at logon can be stored in an external data source or in the application configuration file.

16 16 II. FormAuthentication  Logging In, Logging Out using FormsAuthentication. Logging In: Logging Out: FormsAuthentication.SignOut(); FormsAuthentication.RedirectToLoginPage(); if (FormsAuthentication.Authenticate(model.UserName, model.Password) || Membership.ValidateUser(model.UserName, model.Password)) { FormsAuthentication.SetAuthCookie(model.UserName, model.RememberMe); //FormsAuthentication.RedirectFromLoginPage(userName,isPresistentC ookie); }

17 17 II. FormAuthentication  Understanding Persistent tickets: The forms authentication ticket was always stored in a cookie. So, the decision between using a persistent versus nonpersistent ticket is a choice between using persistent or session-based cookie.  The following code issues a persistent ticket: FormsAuthentication.RedirectFromLoginPage("testuser", true);

18 18 III. Manager Users Using Membership  ASP.NET membership therefore helps you manage user authentication in your Web sites. You can use ASP.NET membership with ASP.NET forms authentication by using with the ASP.NET login controls to create a complete system for authenticating users.  Benefit of ASP.NET membership: Create new user and password. Using the Login controls in asp.net. Storing membership information in database. Authenticating users who visit your site. Managing passwords (creating, changing and resetting them). Specifying a custom membership provider.

19 19 III. Manager Users Using Membership  Configuration Membership:

20 20 III. Manager Users Using Membership  Install DataBase: Run file C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_regsql.exe

21 21 III. Manager Users Using Membership Finish:  Membership class.

22 22  Role management lets you treat groups of users as a unit by assigning users to roles.  Role management helps you manage authorization, which enables you to specify the resources that users in your application are allowed to access.  Using RoleProvider to make a custom Role management. IV. Managing Authorization using Roles

23 23 IV. Managing Authorization using Roles  Configuration RoleProvider:  Authorization using Role:

24 24 Thanks for your listening

Download ppt "1 ASP.NET SECURITY Presenter: Van Nguyen. 2 Introduction Security is an integral part of any Web-based application. Understanding ASP.NET security will."

Similar presentations

Windows 2000 Security --Kerberos COSC513 Project Sihua Xu June 13, 2014.

Windows 2000 Security --Kerberos COSC513 Project Sihua Xu June 13, 2014.
METALOGIC s o f t w a r e © Metalogic Software Corporation 2004-2006 DACS Developer Overview DACS – the Distributed Access Control System.

METALOGIC s o f t w a r e © Metalogic Software Corporation DACS Developer Overview DACS – the Distributed Access Control System.
Forms Authentication, Users, Roles, Membership Ventsislav Popov Crossroad Ltd.

Forms Authentication, Users, Roles, Membership Ventsislav Popov Crossroad Ltd.
Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network.

Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network.
ASP.NET Security MacDonald Ch. 18 MIS 424 MIS 424 Professor Sandvig Professor Sandvig.

ASP.NET Security MacDonald Ch. 18 MIS 424 MIS 424 Professor Sandvig Professor Sandvig.
Authenticating Users in an ASP.NET Application. Web Site Administration Tool From VS 2008, click Website/ ASP.Net Configuration to open Web Site Administration.

Authenticating Users in an ASP.NET Application. Web Site Administration Tool From VS 2008, click Website/ ASP.Net Configuration to open Web Site Administration.
Microsoft ASP.NET Security Venkat Chilakala Support Professional Microsoft Corporation.

Microsoft ASP.NET Security Venkat Chilakala Support Professional Microsoft Corporation.
Introduction To Windows NT ® Server And Internet Information Server.

Introduction To Windows NT ® Server And Internet Information Server.
Membership, Role Manager and Profile Membership, Role Manager and Profile Matt Gibbs ASP.NET Development Manager.

Membership, Role Manager and Profile Membership, Role Manager and Profile Matt Gibbs ASP.NET Development Manager.
ASP.NET 2.0 Chapter 6 Securing the ASP.NET Application.

ASP.NET 2.0 Chapter 6 Securing the ASP.NET Application.
Managing Identity and Permissions

Managing Identity and Permissions
Internet Information Server (IIS)

Internet Information Server (IIS)
Website Security ISYS 512. Cookies Data in Cookies System.Web Which web site set the cookie Expiration date –DateTime data type –TimeSpan data type One.

Website Security ISYS 512. Cookies Data in Cookies System.Web Which web site set the cookie Expiration date –DateTime data type –TimeSpan data type One.
Access Control in IIS 6.0 Windows 2003 Server Prepared by- Shamima Rahman School of Science and Computer Engineering University of Houston - Clear Lake.

Access Control in IIS 6.0 Windows 2003 Server Prepared by- Shamima Rahman School of Science and Computer Engineering University of Houston - Clear Lake.
Jonas Thomsen, Ph.d. student Computer Science University of Aarhus Best Practices and Techniques for Building Secure Microsoft.

Jonas Thomsen, Ph.d. student Computer Science University of Aarhus Best Practices and Techniques for Building Secure Microsoft.
Esri UC2013. Technical Workshop. Technical Workshop 2013 Esri International User Conference July 8–12, 2013 | San Diego, California Building Secure Applications.

Esri UC2013. Technical Workshop. Technical Workshop 2013 Esri International User Conference July 8–12, 2013 | San Diego, California Building Secure Applications.
Role based Security in.NET By By Aasia Riasat Aasia RiasatCS-795.

Role based Security in.NET By By Aasia Riasat Aasia RiasatCS-795.
Developing an ASP.NET Application and using the Mobile Internet Toolkit Bart Vande Ghinste Developer Consultant Microsoft Belux.

Developing an ASP.NET Application and using the Mobile Internet Toolkit Bart Vande Ghinste Developer Consultant Microsoft Belux.
Internet Information Server 6.0. Overview  What’s New in IIS 6.0?  Built-in Accounts and IIS 6.0  IIS Pass-Through Authentication  Securing Web Traffic.

Internet Information Server 6.0. Overview  What’s New in IIS 6.0?  Built-in Accounts and IIS 6.0  IIS Pass-Through Authentication  Securing Web Traffic.
Delivering Excellence in Software Engineering ® 2006. EPAM Systems. All rights reserved. ASP.NET Authentication.

Delivering Excellence in Software Engineering ® EPAM Systems. All rights reserved. ASP.NET Authentication.

Similar presentations

Ads by Google