2.2 Passport Authentication
As stated above , this authentication mechanism provides a centralized authentication service that offers single sign-in for access the member sites. The following scenarios support the use of Passport Authentication : [2](i) The username and password database or login page is not maintained ; (ii) Willing to provide personalized content ; ( iii) the site will be used in conjunction with other Passport sites ; and (iv) Willing to give single sign-in capability to the users
Set Up Passport Authentication
To implement this authentication mode , Passport SDK ( Software Development Kit ) has to be installed on the server and register with Microsoft (r) Passport. [1 ,2]The following code is specified in the Web. config file where the authentication mode is set to Passport :
The redirectURL attribute of Passport section is set to internal , which means the unauthenticated request will receive common error message. The value of redirectURL may contain a string other than internal , which is considered to be a URL , which the unauthenticated request will be sent to.
2.3 Windows Authentication
This type of authentication is possibly the easiest of all to implement . Windows authentication can be used in conjunction with almost all authentication methods provided by IIS (e. g. Basic , Digest , NTLM or Kerberos Authentication) , except Anonymous Authentication . [2 ,4] There is no need to write any code to validate the user as IIS has already authenticated their Windows credentials. Basically , Windows authentication makes use of the authentication capabilities of IIS. IIS will complete it s authentication first then ASP. NET will use the authenticated identity’s token to decide whether the access is granted or denied.
This mechanism is usually implemented when the users are part of Windows domain and the authenticated users are to be impersonated so that the code is executed in the same security context of the user’s Windows account. [4]When a user requests specific resources , this request will go to IIS. IIS authenticates the user and attaches the security token to it . It will then pass the authenticated request and security token to ASP. NET. If impersonation is enabled , ASP. NET impersonates the user using the security token attached and sees whether the user is authorized to access the resources in the < authorization > section in Web. config file. If the access is granted , ASP. NET will send the requested resources through IIS , or else , it sends error message to the user.
Set Up Windows Authentication本文来自优.文,论-文·网原文请找腾讯752018766
The only step in implementing the Windows Authentication is to set the authentication mode to Windows and deny access to anonymous user in Web. config file as shown below :
The impersonation is enabled only if the code is to be under same security context as that of the user account . Again , this is done in the configuration file.
2.4 Conclusion
微机原理课程设计_产生随机数并运算的程序_汇编语言课程设计Authentication in ASP. NET is one of the best features of the web application’s security. It is divided into 3 different built-in providers : Formsbased , Passport and Windows Authentication. The Forms-based and passport authentication do not require the users to be as Windows users. The windows authentication is designed for users that are part of Windows domain. Formsbased authentication provides the unauthenticated users with the login page to ask them for their credentials , and it will validate those credentials against the designated authority. If the users are not authorized to access specific resources , it will send the access denied message back to the users. For Passport authentication , the Passport SDK is simply installed on the server and registered with Microsoft Passport. This mechanism offers a single sign-in provided by Microsoft to allow access to the member sites. The Windows authentication is the easiest to implement , as it does not require writing any code for authentication.
References :
[1] Bell ,J . , et al ,2001 ,ASP. NET Programmer’s Reference ,Wrox Press Ltd. ,USA.
[2] Chilakala ,V. ,2001 ,Microsoft ASP. NET Security ,Microsoft Support WebCasts.
[3] Gonzales ,J . ,2002 ,15 Seconds : Using Forms Authentication in ASP. NET Part 1
[4] Kercher ,J . ,2001 ,Authentication in ASP. NET : . NET, Security Guidance ,MSDN Magazine August 2001.
[5] Lassan ,R. ,Smith , E. ,2002 ,ASP. NET Bible ,Hungry ,Minds Inc. ,USA.
[6] Leinecker , R. , 2002 ,Using ASP. NET ,Que Corporation , Indiana.
[7] NET Framework Developer’s Guide : ASP. NET Web.Application Security ,Link.
[8] Kieley ,J . ,2001 ,Migrating to ASP. NET : Key Consid2eration ,MSDN Magazine November 2001.
上一页 [1] [2] [3] [4] [5] 下一页
ASP. NET 中认证安全特征英文论文文献和翻译 第4页下载如图片无法显示或论文不完整,请联系qq752018766