Analysis of ASP. NET application Resource Access Security Model

1. Introduction to the ASP. NET application Resource Access Security Model

ASP.. net web applications generally belong to multi-layer architecture. Generally, they can be divided into presentation layer, business logic layer, and data access layer. The client needs to access application resources, its identity authentication and authorization must go beyond multiple layers. This article mainly discusses the Resource Access Security Model of SP. NET applications.

2. ASP. NET application resource access identity

Typical resources provided by WEB applications to clients include:

Web Server resources, such as Web pages, Web Services, and static resource HTML pages and images ).

Database resources, such as data for each user or application-level data.

Network resources, such as remote file system resources.

System resources, such as the registry, event logs, and configuration files.

When the client accesses these resources across the application layer, there must be an identifier that flows through each layer. The Resource Access identifier includes:

The identity of the original caller is obtained and then passes through each layer of the system.

Process Identity: local resource access and downstream calls are performed using the current process identity. The feasibility of this method depends on the boundaries to be crossed, because the process identification must be recognized by the target system. This requires calling in either of the following two ways:

In the same Windows Security Domain

Cross-Windows Security Domain-Use TRUST and domain account, or use duplicate user names and passwords without a trust relationship.

A fixed) service account is used in this way. For example

For database access, a component connected to the database may indicate a fixed SQL user name and password.

When a fixed Windows identity is required, the Enterprise Services server application should be used.

When a Windows account is not available, you can use Iprincipal and Iidentity to construct your own identity, which can contain detailed information about the security context.

3. ASP. NET application Resource Access Model

3.1 trusted subsystem model

1. In this model, the security context of the original caller does not flow through the service at the operating system level, but uses a fixed identifier at the intermediate service layer to access downstream services and resources. The trusted subsystem model is named after the fact that a downstream service may be a database) trusts upstream services and allows callers to authorize them. As shown in figure 1, the database trust middle layer authorizes callers and only allows authorized callers to access the database using trusted identifiers.

3.1.1 Resource Access Mode

In the trusted subsystem model, the resource access mode is as follows:

Verify the user

Map users to roles

Authorization based on the role Member relationship

Use a fixed trusted identity to access downstream Resources

3.1.2 fixed ID

It is a fixed identifier used to access the downstream system and resource manager. It can be provided by a process identifier or a preset Windows Account-service account. For SQL Server Resource Manager, this means Windows authentication for SQL Server.

ASP. NET Process Identity is often used to identify the ASPNET account by default when using process identity ). In actual applications, you often need to change the ASPNET account to a safer password, and create a Windows account that matches the ASP. NET Process account on the SQL Server computer image. The specific method is as follows:

Edit the Machine. CONFIG file in the directory % windr % \ Microsoft. NET \ Framework \ v1.1.4322 \ config, reconfigure the Password attribute on the <processModel> element, and set its default value <! -UserName = "machine" password = "AutoGenerate" --> changed to <! -UserName = "machine" password = "NewPassword" --> allow or use the aspnet_setreg.exe tool to save the user name and password to the Registry. The configuration is changed to: <! -Enable = "true" UserName = "Registry: HKLM \ SOFTWARE \ YourAPP \ processsModel \ ASPNET_SETREG, userName" password = "Registry: HKLM \ SOFTWARE \ YourAPP \ processsModel \ ASPNET_SETREG, password "-->

In addition, some applications use the specified SQL account in the connection string specified by the user name and password) to access SQL Server. In this case, the database must be configured with SQL authentication. The connection strings saved in the configuration file must be encrypted and protected.

3.2 simulation/Delegation Model

2. When a simulated/delegated model is used, a service or component is usually located in the logical business service layer.) before accessing the next downstream service, the operating system simulation function is used to simulate the Client ID. If the service is located on the same computer, simulation is enough. If the downstream service is located on a remote computer, delegation is required. The security context for downstream resource access is the client context.

3.3 select Resource Access Model

Table 1 compares the two resource access models.

Trusted subsystem model simulation/delegated Model

The review function trusts the upper-layer services at the backend. If the middle layer is compromised, the backend resources are vulnerable to attacks. The backend service can verify and authorize each caller, ensuring security.

Scalability supports connection pools, which are highly scalable. The connection pool is not supported, and the scalability is poor.

The backend ACL management ACL is configured for a single object, with less management work. Each user must be granted an access level. As the number of backend resources and users increases, management is cumbersome.

You do not need to delegate technical questions. Yes. Most security service providers do not support delegation.

The trusted subsystem model is used in most Internet applications and large intranet applications, mainly because this model supports scalability. Simulation/delegation models tend to be used in small systems. For these applications, scalability is not a major consideration, but a major consideration is review.

1. Code Analysis of Cookie deletion in ASP. NET
2. Syntax analysis of nested If statements in ASP. NET Programming
3. Analysis of Date and Time Processing in ASP. NET Programming
4. Analysis of the pop-up window alarm prompt for ASP. NET Programming
5. Meanings and benefits of ASP. NET stored procedure calls