毕业论文论文范文课程设计实践报告法律论文英语论文教学论文医学论文农学论文艺术论文行政论文管理论文计算机安全
您现在的位置: 毕业论文 >> 论文 >> 正文

ASP. NET 中认证安全特征英文论文文献和翻译

更新时间:2014-4-19:  来源:毕业论文
Fig. 1  Security flow of IIS and ASP. NET,DELPHI+SQL SEVER 2000小区物业管理信息系统
ASP. NET provides built-in support for user authentication through several authentication providers. [1,4] These are Forms based authentication , which is the application that is secured by using a custom authentication model with cookie support , Passport authentication , an application that is secured by using Microsoft  Passport authentication. Passport is a single sign on technology developed by Microsoft for use on the web and the Windows authentication which is an application secured by using integrated windows authentication where access to a web application is allowed only to those users who are able to verify their windows credentials.
There are scenarios where some applications do not use the authentication at all or the developer may want to develop custom authentication code. In this case , ASP. NET can set the authentication mode to none. This article will briefly cover the Formsbased , passport and windows authentications.
2.1 FormsBased Authentication
Formsbased authentication is used to implement customized logic for authenticating users without having to worry about session management using a cookie. It gives a developer more access to specify which files on the site can be accessed and by whom , and allows identification of a login page . [3 ]This mechanism will automatically redirect the unauthenticated user to login page and ask them to provide proper credentials ( e. g. username/ password combination) . If login is successful , ASP. NET then issues the cookie to the user and redirect them to specific resources that they originally requested. This cookie allows the user to revisit particular protected resources without having to repeatedly login. The mechanism is shown as below :
 
Fig. 2  Form authentication flow
In figure above , the user requests the restricted resources first . This request will go to IIS first and the user is authenticated by IIS. If the anonymous access is enabled in IIS or the user is successfully authenticated , it will hand off the request to ASP. NET application. ASP. NET checks to see whether a valid authentication cookie is attached to the request . If it is , it means the user credentials has been previously authenticated. ASP. NET will then perform the authorization check. If the user is authorized to access those resources , the access will be granted. Otherwise , the“accessdenied”message is sent . If  the request does not have any cookie attached , ASP. NET redirects the user to the login page and solicits the credentials then resubmits for authentication. The application code checks those credentials. If authenticated , ASP. NET will attach the authentication ticket in the form of cookie to the response. If failed , the user can be redirected back to the login page telling the user that the username/ password is invalid.
Set Up FormsBased Authentication
Generally, setting up the Formsbased authentication  involves  4 steps [2] namely (i) Enable anonymous access in IIS (ii) Configure <  authentication > section in Web. config file (iii) Configure < authorization > section in Web. config file and (iv) Create Login Page.
(i) Enable anonymous access in IIS :
This has to be done as most of the users are considered to be non-Windows users , so they can  get through IIS to get to ASP. NET . ASP. NET will always allow anonymous access to the login page though.
 (ii) Configure <authentication> section in Web. config file :
Web. config file contains the information related to the level and type of authentication service that is provided for a web application. The Formsbased authentication is enabled for a web application by setting the authentication mode attribute to Forms[3]:

上一页  [1] [2] [3] [4] [5] 下一页

ASP. NET 中认证安全特征英文论文文献和翻译 第2页下载如图片无法显示或论文不完整,请联系qq752018766
设为首页 | 联系站长 | 友情链接 | 网站地图 |

copyright©751com.cn 辣文论文网 严禁转载
如果本毕业论文网损害了您的利益或者侵犯了您的权利,请及时联系,我们一定会及时改正。