Fig. 1 Security flow of IIS and ASP. NET,
DELPHI+SQL SEVER 2000小区物业管理信息系统 ASP. NET provides built-in support for user authentication through several authentication providers. [1,4] These are Forms based authentication , which is the application that is secured by using a custom authentication model with cookie support , Passport authentication , an application that is secured by using Microsoft Passport authentication. Passport is a single sign on technology developed by Microsoft for use on the web and the Windows authentication which is an application secured by using integrated windows authentication where access to a web application is allowed only to those users who are able to verify their windows credentials.
There are scenarios where some applications do not use the authentication at all or the developer may want to develop custom authentication code. In this case , ASP. NET can set the authentication mode to none. This article will briefly cover the Formsbased , passport and windows authentications.
2.1 FormsBased Authentication
Formsbased authentication is used to implement customized logic for authenticating users without having to worry about session management using a cookie. It gives a developer more access to specify which files on the site can be accessed and by whom , and allows identification of a login page . [3 ]This mechanism will automatically redirect the unauthenticated user to login page and ask them to provide proper credentials ( e. g. username/ password combination) . If login is successful , ASP. NET then issues the cookie to the user and redirect them to specific resources that they originally requested. This cookie allows the user to revisit particular protected resources without having to repeatedly login. The mechanism is shown as below :
Fig. 2 Form authentication flow
In figure above , the user requests the restricted resources first . This request will go to IIS first and the user is authenticated by IIS. If the anonymous access is enabled in IIS or the user is successfully authenticated , it will hand off the request to ASP. NET application. ASP. NET checks to see whether a valid authentication cookie is attached to the request . If it is , it means the user credentials has been previously authenticated. ASP. NET will then perform the authorization check. If the user is authorized to access those resources , the access will be granted. Otherwise , the“accessdenied”message is sent . If the request does not have any cookie attached , ASP. NET redirects the user to the login page and solicits the credentials then resubmits for authentication. The application code checks those credentials. If authenticated , ASP. NET will attach the authentication ticket in the form of cookie to the response. If failed , the user can be redirected back to the login page telling the user that the username/ password is invalid.
Set Up FormsBased Authentication
Generally, setting up the Formsbased authentication involves 4 steps [2] namely (i) Enable anonymous access in IIS (ii) Configure < authentication > section in Web. config file (iii) Configure < authorization > section in Web. config file and (iv) Create Login Page.
(i) Enable anonymous access in IIS :
This has to be done as most of the users are considered to be non-Windows users , so they can get through IIS to get to ASP. NET . ASP. NET will always allow anonymous access to the login page though.
(ii) Configure <authentication> section in Web. config file :
Web. config file contains the information related to the level and type of authentication service that is provided for a web application. The Formsbased authentication is enabled for a web application by setting the authentication mode attribute to Forms[3]:
上一页 [1] [2] [3] [4] [5] 下一页
ASP. NET 中认证安全特征英文论文文献和翻译 第2页下载如图片无法显示或论文不完整,请联系qq752018766
