Asp. NET Application security Scheme (iii)-Secure communication
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more ＞
Absrtact: This paper asp.net the concept of application security, introduces various secure communication technologies and compares them.
Keywords: Secure communications SSL IPSec RPC asp.net web application
Any successful application security policy is based on solid authentication and authorization, as well as secure communications that provide confidentiality and integrity of confidential data.
Many applications transmit confidential data between tiers of the application: from the database to the browser, or vice versa. Examples of confidential information include details of bank accounts, credit card numbers and payroll data. In addition, when the logon credentials are transmitted over the network, the application must secure the credential information.
2. Characteristics of Secure communications
2.1. Confidentiality (privacy)
Confidentiality is used to ensure the confidentiality of data and not be seen by eavesdroppers who may have network monitoring software installed. Confidentiality is usually provided through encryption.
2.2 Integrity (Integrity)
Secure communication channels must ensure that data is not intentionally or unintentionally modified during transmission. Integrity is usually provided through a message authentication code (mac,message authentication code).
3. Secure Communication Technology
3.1 Secure Sockets Layer
Secure Sockets Layer (secure Sockets Layer) technology is most commonly used to protect channels between browsers and Web servers. However, it can also be used to protect database servers and Web service messages and traffic that are running back and forth from SQL Server 2000.
When SSL is applied, the client uses the HTTP protocol and specifies a https://URL, and the server listens on TCP port 443.
With SSL, because SSL uses complex encryption to encrypt and decrypt data, it has an impact on the performance of your application, so you should optimize the pages that use SSL.
When you use Basic authentication and form authentication, you should use SSL because the user name and password are passed in clear text. Generally speaking, you should use SSL not only on the login page, but also on subsequent pages.
3.2 Internet Protocol security
Internet Protocol security (IPSEC, Internet Protocol Security) provides a transport-layer secure communication solution that protects between two computers-for example, between an application server and a database server-to pass data back and forth.
IPSec can be used to:
Provides the confidentiality of messages by encrypting all data sent back and forth between the two computers.
Provides message integrity between two computers (no encryption of data).
Provides mutual authentication between two computers (not between users).
Restrict which computers can communicate with each other. You can also restrict traffic to the use of specific IP protocols and TCP/UDP ports.
3.3 Remote Procedure Call encryption
Remote Procedure invocation (Rpc,remote Procedure Call) encryption, a level of authentication provided by the RPC protocol used by Distributed COM (DCOM), that will allow each packet to be sent between the client and the server to be encrypted.
4. The role of the licensing model
The ASP. NET application security Scheme (i)-authentication.
The ASP. NET application security Scheme (ii)-authorization.
This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or
reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or
complaint, to firstname.lastname@example.org. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
and provide relevant evidence. A staff member will contact you within 5 working days.