ASP. NET security question -- ASP. NET Security Architecture -- How to Implement. NET Security

Source: Internet
Author: User

ASP. NET security architecture-how to implement. NET Security

Are you often confused by many concepts when using Forms verification? Do you really understand what is Principal, Identity, and IPrincipan ...? Many documents seldom mention what these items are. They are just about how to use them, and the results are problematic. As a result, many friends simply stop at the surface and use them as a result. I believe there will be some gains after reading this article.

 

The ASP. NET security architecture provides an object model for implementing the security mode of Web applications. No matter which authentication mode we choose, many of the elements are the same. Users logging on to the application are granted Principal and Identity according to the creden。 they provide. The Principal object indicates the current security context of the user, including the user's identity and roles. The Identity object indicates the current user. The Principal object is created using the Identity object (indicating the user's Identity), and it adds some additional information, such as role or custom data.


Let's talk about it as follows:


The Identity object indicates the authenticated user. The type of the Identity object depends on the authentication in use. For example, Windows Authentication uses the WindowsIdentity object, while Froms authentication uses the FormsIdentity object.


It is a little uncomfortable to get started with the concept of Identity. In fact, Identity is a user's Identity. What is the Identity? It indicates what the user is and what the user name is. It's just a little more professional here.
 
In addition, the Principal object indicates the members of the group or role of the user who passes Identity Authentication: that is, the security context of the current user. In security context, the white point is the information that this object contains many user identities. The Principal object is automatically created for Windows Authentication in IIS, but we can also create a common Principal object (which you will understand later ).
During programming, you have used the HttpContent. Currrent. User attribute more or less. In fact, it represents a Principal object. The Principal object implements the IPrincipal interface.
 
 
Different authentication modes have different security context requirements. We can use the Principal object to represent the current security context. The IPrincipal interface defines the basic functions of the Principal object. You can also customize the Security context object as long as the System. Security. Principal interface is implemented:


-- The Identity of the current Principal object can be obtained. As mentioned earlier, Principal contains Identity, which is the reason.
(String roleName) Method -- determines whether the current Principal object belongs to a specified role. You have also used a similar HttpContent. Current. User. Identity. IsInRole ("Admin") statement.
 
The Principal object can be accessed through the HttpContent. Current. User attribute. The following code should be used:

LblUserName. Text}



The following code is more common: determine whether the current user is an administrator role.

{

 

Next, let's take a look at the object that implements the IPrincipal interface built in ASP. NET:
 
GenericPrincipal class
 
The GenericPrincipal class implements the IPrincipal interface. From the name, we can see that the GenericPrincipal object represents a general and basic security context. It only defines the role of the current user. That is to say, this object only partially implements the IPrincipal interface. (In the future, we will call the object implementing the IPrincipal interface as the subject ). For a Windows Authentication mode, WindowsPrincipal is used, because WindowsPrincipal implements IPrincipal more specifically. In Forms authentication, only GenericPrincipal is used. That is to say, we can implement custom Principal objects according to our requirements. As mentioned below.
 
Every implementation of the IPrincipal interface must rewrite the Identity attribute and IsInRole method. The IsInRole method of the GenericPrincipal class compares the role value with the role defined in the string, the IsInRole method of the WindowsPrincipal class compares the role with the role assigned to the Windows user account.

We can create an instance of the GenericPrincipal class to be used throughout the lifecycle of the Current request, and assign it to the HttpContent. Current. User attribute.
The GenericPrincipal constructor has two parameters: the user's GenericIdentity (the user identity GenericIdentity implements the IIdentity Interface) and a string array that represents the user role. So we previously said: Principal = Identity + role is the reason.
Once a GenericPrincipal object is created, it can be assigned to the HttpContent. Current. User attribute to indicate the security context of the currently requested User.
 
The following is an example of the created code:




 

 

After talking about Principal, let's talk about what the user identity is.
 


Like the IPrincipal interface, this interface must be implemented for all objects identified by the user. The IIdentity interface defines the structure of the basic amount of the Identity object, which is defined as follows:


String type) Property -- it can obtain the type of identity authentication used, for example, if the Forms authentication is used, this property returns the "Forms" string, therefore, the custom identifier can return the "mimidentity" string.
(Bool type) Property -- identifies whether a user passes identity authentication. We can often use HttpContext. Current. User. Identity. IsAuthenticated to determine whether the User has logged on.
Name (string type) attribute -- obtains the user Name. I believe it is no stranger to HttpContext. Current. User. Identity. Name.


Next, let's take a look at our own identity class that implements the IIdentity interface.

 







{
{
}

{
}

{
}

{
}

}










The above code is just a demonstration, and you can expand according to your own requirements.
 
 
As before, let's take a look at the built-in Identity class in ASP. NET:
PasswordIdentity -- Used in Passport verification
GenericIdentity -- a common identifier
WindowsIdentity -- used for Windows Authentication
 
Let's take a look at the use of GenericIdentity, and other usage.
 

In fact, GenericIdentity identifies a basic Identity object. It is basic for Identity objects. We have seen an example of GenericPrincipal before. In this example, we create an instance of the GenericIdentity class,

 
We can also provide more specific Identity objects, such as FormsIdentity mentioned earlier, to provide specific user information.
 

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.