【導(dǎo)讀】書(shū)和視窗認(rèn)證.綜述文獻(xiàn)僅限于上述三個(gè)領(lǐng)域.安全是開(kāi)發(fā)人員和應(yīng)用程序架構(gòu)師首要關(guān)注的問(wèn)題。由于不同類型的網(wǎng)站有。選擇適當(dāng)?shù)陌踩Ｊ?。有些網(wǎng)站發(fā)布的信息不來(lái)自用戶，而是通過(guò)搜索引擎等廣。另外一些網(wǎng)站，可能要收集用戶的敏感信息，比如信用卡號(hào)碼，這些網(wǎng)站需要非常嚴(yán)格的安全措施，以避免來(lái)自外部的惡意攻擊。驗(yàn)證的過(guò)程中認(rèn)證用戶身份,允許或拒絕請(qǐng)求。驗(yàn)證是Web應(yīng)用程序的安全一個(gè)重要的特征。當(dāng)用戶請(qǐng)求特定資源時(shí)，這一要求將發(fā)送到IIS。工作進(jìn)程將模擬驗(yàn)證使用者。請(qǐng)求的服務(wù);否者他將一個(gè)“拒絕登入”的錯(cuò)誤訊息傳回給用戶。這一請(qǐng)求將先到達(dá)IIS，由IIS進(jìn)行用戶身。將執(zhí)行授權(quán)檢查。將以附加驗(yàn)證的形式返回Cookie。Cookie保護(hù)設(shè)置為所有，這導(dǎo)致時(shí)不僅加密Cookie的內(nèi)容，證cookie的數(shù)據(jù)未作改動(dòng)的，而不是加密Cookie的內(nèi)容。著在10分鐘后身份驗(yàn)證Cookie將過(guò)期。這樣做的目的是減少通過(guò)驗(yàn)證Cookie偷竊。過(guò)對(duì)比數(shù)據(jù)庫(kù)來(lái)驗(yàn)證遞交的身份證書(shū)。

　　

【正文】 n capability to the users Set Up Passport Authentication To implement this authentication mode , Passport SDK ( Software Development Kit ) has to be installed on the server and register with Microsoft (r) Passport. [1 ,2]The following code is specified in the Web. config file where the authentication mode is set to Passport : The redirectURL attribute of Passport section is set to internal , which means the unauthenticated request will receive mon error message. The value of redirectURL may contain a string other than internal , which is considered to be a URL , which the unauthenticated request will be sent to. Windows Authentication This type of authentication is possibly the easiest of all to implement . Windows authentication can be used in conjunction with almost all authentication methods provided by IIS (e. g. Basic , Digest , NTLM or Kerberos Authentication) , except Anonymous Authentication . [2 ,4] There is no need to write any code to validate the user as IIS has already authenticated their Windows credentials. Basically , Windows authentication mode =″ Passport″ passport redirectURL =″ internal″/ / authentication authentication makes use of the authentication capabilities of IIS. IIS will plete it s authentication first then ASP. NET will use the authenticated identity’ s token to decide whether the access is granted or denied. This mechanism is usually implemented when the users are part of Windows domain and the authenticated users are to be impersonated so that the code is executed in the same security context of the user’s Windows account. [4]When a user requests specific resources , this request will go to IIS. IIS authenticates the user and attaches the security token to it . It will then pass the authenticated request and security token to ASP. NET. If impersonation is enabled , ASP. NET impersonates the user using the security token attached and sees whether the user is authorized to access the resources in the authorization section in Web. config file. If the access is granted , ASP. NET will send the requested resources through IIS , or else , it sends error message to the user. Set Up Windows Authentication The only step in implementing the Windows Authentication is to set the authentication mode to Windows and deny access to anonymous user in Web. config file as shown below : The impersonation is enabled only if the code is to be under same security context as that of the user account . Again , this is done in the configuration file. 2． 4 Conclusion Authentication in ASP. NET is one of the best features of the web application’ s security. It is divided into 3 different builtin providers : Formsbased , Passport and Windows Authentication. The Formsbased and passport authentication do not require the users to be as Windows users. The windows authentication is designed for users authentication mode =″ Windows″ ?? / authentication authorization deny users =″ ?″ / / authorization that are part of Windows domain. Formsbased authentication provides the unauthenticated users with the login page to ask them for their credentials , and it will validate those credentials against the designated authority. If the users are not authorized to access specific resources , it will send the access denied message back to the users. For Passport authentication , the Passport SDK is simply installed on the server and registered with Microsoft Passport. This mechanism offers a single signin provided by Microsoft to allow access to the member sites. The Windows authentication is the easiest to implement , as it does not require writing any code for authentication. References : [1] Bell ,J . , et al ,2020 ,ASP. NET Programmer’s Reference ,Wrox Press Ltd. ,USA. [2] Chilakala ,V. ,2020 ,Microsoft ASP. NET Security ,Microsoft Support WebCasts. [3] Gonzales ,J . ,2020 ,15 Seconds : Using Forms Authentication in ASP. NET Part 1 [4] Kercher ,J . ,2020 ,Authentication in ASP. NET : . NET, Security Guidance ,MSDN Magazine August 2020. [5] Lassan ,R. ,Smith , E. ,2020 ,ASP. NET Bible ,Hungry ,Minds Inc. ,USA. [6] Leinecker , R. , 2020 ,Using ASP. NET ,Que Corporation , Indiana. [7] NET Framework Developer’s Guide : ASP. NET Security ,Link. [8] Kieley ,J . ,2020 ,Migrating to ASP. NET : Key Consid2eration ,MSDN Magazine November 2020.