authentication, authorization, and secure communications
j.d Meier, Alex Mackman, Michael dunner and Srinath Vasireddy
Microsoft Corporation
October 2002
Overview
This section provides an overview of the general content and scope of each chapter of this guide.
1th Chapter-Introduction
This chapter highlights the objectives of this guide, introduces key terminology, and presents the central principles followed by the following chapter guidelines.
2nd Chapter-.net WEB Application security model
This chapter introduces the common characteristics of. NET Web applications from a security perspective, introduces the. NET Web Application security model, and describes the core implementation technologies that will be used when building secure. NET Web applications.
at the same time, this chapter describes the various gatekeeper programs that can be used to develop defense-in-depth security policies, and explains the concept of using principal objects and identity objects for host-based authorization.
This chapter will help you answer the following questions:
What are the deployment patterns commonly used by
. NET Web applications?
What are the security features provided by the various technologies used by
to build. NET Web applications?
What kind of gatekeeper should I know? How do you use them to provide defense-in-depth security policy?
what is a principal object and an identity object? Why are they so important?
What is the relationship between
. NET security and Windows security?
3rd Chapter-Authentication and authorization
designing a consistent authentication and authorization strategy across application tiers is a critical task. This chapter provides guidance to help you develop appropriate policies for specific application scenarios, and also helps you choose the most appropriate authentication and authorization technologies and apply them to your application in the right way.
read this chapter to learn how to perform the following tasks:
Select the appropriate authentication mechanism to identify the user.
develop an effective authorization policy.
Select the appropriate role-based security type.
Compare and contrast the. NET role and the Enterprise Services (COM +) role.
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.