Securing an ASP.NET application requires a clear understanding of all the security options provided in ASP.NET, and how all the various security subsystems interact.
How ASP.NET Security Works
The ASP.NET security framework accomplishes this by working in conjunction with the various security subsystems present in the machine where ASP.NET is installed. This includes security provided by the operating system ( NTFS file access permissions ) as well as security provided by IIS ( host or IP address authorization ).
And since ASP.NET is built on the Microsoft .NET Framework, the ASP.NET application developer also has access to all of the built-in security features of the .NET Framework, such as code access security and role-based user-access security.
It is imperative to understand how the various security subsystems interact, to be able to secure your ASP.NET application effectively.
ASP.NET Security Architecture.
IIS always assumes that a set of credentials maps to a Windows NT account and uses them to authenticate a user. There are three different kinds of authentication available in IIS 5.0: basic, digest, and Integrated Windows Authentication ( NTLM or Kerberos ). You can select the type of authentication to use in the IIS administrative services
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment