2310 b 16

Module 16: Securing a Microsoft ASP.NET Web Application

Overview ,[object Object],[object Object],[object Object],[object Object]

Lesson: Web Application Security Overview ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

Authentication vs. Authorization ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

What Are ASP.NET Authentication Methods? ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

Multimedia: ASP.NET Authentication Methods

Comparing the ASP.NET Authentication Methods ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],Advantages ,[object Object],[object Object],Microsoft Passport Authentication ,[object Object],Forms-based Authentication ,[object Object],Windows-based Authentication Disadvantages Method

What Are the IIS Authentication Mechanisms? High Medium Low (Medium with SSL) None Security Level ,[object Object],[object Object],[object Object],Integrated Windows ,[object Object],[object Object],[object Object],Digest ,[object Object],[object Object],[object Object],Basic ,[object Object],Anonymous Description Mechanisms

Demonstration: Using IIS Authentication Mechanisms ,[object Object],[object Object],[object Object],[object Object],methods

What Is Secure Sockets Layer? ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

Lesson: Working with Windows-Based Authentication ,[object Object],[object Object],[object Object]

How to Enable Windows-Based Authentication ,[object Object],[object Object],[object Object],[object Object],[object Object],1 2 <system.web> <authentication mode="Windows" /> </system.web>

How to Enable Windows-Based Authentication ( continued ) ,[object Object],[object Object],<location path="ShoppingCart.aspx"> <system.web> <authorization> <deny users="?"/> </authorization> </system.web> </location> 4 3

Reading User Information ,[object Object],lblAuthUser.Text = User.Identity.Name lblAuthType.Text = User.Identity.AuthenticationType lblIsAuth.Text = User.Identity.IsAuthenticated lblAuthUser.Text = User.Identity.Name; lblAuthType.Text = User.Identity.AuthenticationType; lblIsAuth.Text = User.Identity.IsAuthenticated;

Demonstration: Using Windows-Based Authentication ,[object Object],[object Object],[object Object],[object Object],[object Object]

Lesson: Working with Forms-Based Authentication ,[object Object],[object Object],[object Object],[object Object],[object Object]

Overview of Forms-Based Authentication Client requests page Authorized ASP.NET Forms Authentication Not Authenticated Authenticated Logon Page (Users enter their credentials) Authenticated Authentication Cookie Authorized Not Authenticated Access Denied Requested Secure Page IIS Username Password Someone *********** Submit 1 2 3 4 6 5 7  

Multimedia: Forms-Based Authentication

How to Enable Forms-Based Authentication ,[object Object],[object Object],[object Object],[object Object],1 2 3 4 <authentication mode="Forms" > < forms name=".namesuffix" loginUrl="login.aspx" /> </authentication>

[object Object],[object Object],[object Object],[object Object],Creating a Logon Page Sub cmdLogin_Click(s As Object, e As eventArgs) If (login(txtEmail.Text, txtPassword.Text)) FormsAuthentication.RedirectFromLoginPage(txtEmail.Text, False) End If End Sub private void cmdLogin_Click(object sender, EventArgs e) { if (login(txtEmail.Text, txtPassword.Text)) FormsAuthentication.RedirectFromLoginPage(txtEmail.Text, false); }

Demonstration: Using Forms-Based Authentication ,[object Object],[object Object],[object Object],[object Object],[object Object]

Lesson: Overview of Microsoft Passport Authentication ,[object Object],[object Object]

How Microsoft Passport Works Website.msft Client Passport.com The client requests a page from the host 1 2 3 4 5 The site redirects the client to Passport.com The client is redirected and logs on to Passport.com Passport returns a cookie with the ticket information 6 The client accesses the host, this time with ticket information The host returns a Web Form and possibly a new cookie that it can read and write

Other Microsoft Passport Resources ,[object Object],[object Object],[object Object]

Review ,[object Object],[object Object],[object Object],[object Object]

Lab 16: Securing a Microsoft ASP.NET Web Application Medical Medical.aspx Benefits Home Page Default.aspx Life Insurance Life.aspx Retirement Retirement.aspx Dental Dental.aspx Dentists Doctors Doctors.aspx Doctors Logon Page Login.aspx Registration Register.aspx Coho Winery Prospectus Prospectus.aspx XML Web Service dentalService1.asmx Page Header Header.ascx ASPState tempdb Lab Web Application User Control namedate.ascx Menu Component Class1.vb or Class1.cs XML Files Web. config

2310 b 16

Recomendados

Recomendados

Más contenido relacionado

La actualidad más candente

La actualidad más candente (20)

Similar a 2310 b 16

Similar a 2310 b 16 (20)

Más de Krazy Koder

Más de Krazy Koder (20)

Último

Último (20)

2310 b 16