Asp. NET security issues--asp.net security Architecture

In developing Web programs, we can choose to implement a secure strategy in our own way, or we can buy Third-party security code and products, which, however, are costly, and fortunately, there is already a secure solution built into the. NET framework.

Asp. NET and. NET Framework Federated IIS provides an infrastructure for Web application security. One of the obvious advantages of it is that we don't have to write our own security architecture that we can use. NET security architecture, and the entire security architecture is tested and time tested.

. The net security architecture contains a number of classes that handle authentication, authorization, role-based authorization, impersonation (impersonation), code access security, and a basic architecture for building a custom solution.

In this article we mainly discuss some of the following topics:

Asp. NET security architecture's main features

Authentication and authorization

Identities and principals in the security context

The operation of the authentication module

The operation of the authorization module

Here's the start:

An ASP. NET implementation of the security process

The ASP.net security architecture is divided into several key security processes: Authentication, authorization, counterfeiting, and encryption provides the necessary functionality. Take a look at some explanations:

Authentication--Indicates who is going to visit our site again

Authorize----who can manipulate and access what resources? is the user accessing the site authorized to use the resource he requested?

What role is counterfeit----ready to impersonate? (Note: Counterfeiting is not a derogatory term, not that we often say counterfeit goods, because different user roles have different permissions, if our current users can not access a particular resource, we will be able to access specific resources of the user to impersonate, or rather imitate the right to access specific resources of users, In short: User A wants to access the C resource but does not have permission, but User B can access it, so A and B are consulted and a is accessed with B. Specific later explanation)

Here's a look at each of the security processes:

1. Authentication

Authentication is the disclosure of the user identity (note: The concept of identity we will speak immediately after, in short, the user's ID and name) and to determine the identity of the authenticity of the process. Very well understood, for example (note some of the terms in the example): We have to take a meeting, we will take a registration to provide some of our documents that identity (indicate our identity), once the logo is confirmed, we will get the meeting pass, we can take the pass to attend the meeting. And everyone in the meeting can get some information about us through our pass, such as our name, the company. Authentication is: Once the logo is identified, we will get a token to identify us, so in a particular area, wherever we are, our identities can be identified.

In ASP.net, there are 4 modes of authentication:

Widows Authentication (Windows authentication)

Forms Authentication (Form authentication)

Passpot Authentication (Passport authentication)

Custom Authentication

For each authentication, the user will need to provide credentials when logged in, and once the identity is verified, the user gets an authentication token, in forms validation, the entire token is formsauthenticationticket and the entire token is placed in the cookie. Each time a resource is requested, the token provides the user's identity information.