首頁 > 開發者 > ASP

ASP.NET 2.0 Security FAQs

來源:互聯網
上載者:User
創建阿里雲帳戶,並獲得超過 40 款產品的免費試用版;而企業帳戶則可以享有總值 $1200 的免費試用版。立即註冊!
文章目錄
  • ASP.NET 2.0 Security FAQ s
看到園子裡好些同學為了一些基礎問題(如:如何設定ASPNETDB資料庫、如何設定Membership密碼規範等)苦苦掙紮,實在是有點遺憾。大家對英文的東西大概都有點排斥,很多問題在MSDN(English)或者達人(Scott Guthrie、Fredrik Normén等)的Weblog上都能很輕鬆的找到解答。

Channel9上的MS Security Wiki 還專設了ASP.NET 2.0 Security FAQ s ,常見的ASP.NET 2.0問題都可以找到(這裡的Security是很寬泛的,不止是通常意義的安全問題)。翻譯了現有FAQ的目錄,放在這裡。準備陸續翻譯其中的一部分(篇幅較長、難啃的)。如果您也有興趣加入,請給我留言。我會把您的連結和您的大名加進來。當然在翻譯中您可以加入您自己的感受和經驗等。也歡迎指出我翻譯中的不妥之處。

請在您翻譯的文章標題前面加上[ASP.NET 2.0 Security FAQs] ,我看到後就會把您的文章鏈進來,謝謝。

ASP.NET 2.0 Security FAQ s

Welcome to the ASP.NET 2.0 Security FAQ page. This page provides an index to common questions and answers. The questions act as another index into the security guidance.

Authentication 許可權驗證

  1. What's new in ASP.NET 2.0 in terms of Authentication?
    ASP.NET 2.0 許可權驗證新特性
  2. How do I decide my Authentication strategy in ASP.NET?
    如何選擇ASP.NET中的驗證策略?
  3. How do I use Forms Authentication with SQL Server database?
    如何使用基於SQL Server資料庫的Form驗證?
  4. How do I use Forms Authentication with Active Directory?
    如何使用基於活動目錄的Form驗證?
  5. How do I enable Forms Authentication to work with multiple Active Directory domains?
    如何使Form驗證在多個活動目錄域中有效?
  6. How do I protect Forms Authentication?
    如何保護Form驗證?
  7. How do I enforce strong passwords using membership feature in ASP.NET 2.0
    如何在membership中強制使用安全性高的密碼? 中文
  8. How do I protect passwords in user store?
    如何保護儲存介質中的密碼?
  9. What are the issues with Forms Authentication in Web Farm Scenario?
    在網站群中使用Form認證
  10. How do I implement single sign on using forms authentication?
    如何在Form驗證中實現一次性登陸?
  11. How do I use my custom user / identity store with forms authentication?
    如何自訂Form驗證中的使用者驗證資訊存貯介質?
  12. How do I configure account lockout using membership feature in ASP.Net 2.0?
    如何使用membership中的帳號鎖定?
  13. When and how do I use windows authentication in ASP.NET 2.0?
    如何使用Windows驗證?
  14. When and how do I use Kerberos authentication in ASP.NET 2.0?
    如何使用Kerberos驗證?
Authorization 授權
  1. What's new in ASP.NET 2.0 in terms of Authorization?
    ASP.NET 2.0中的授權新特性?
  2. What is the difference between URL authorization, File authorization and Role authorization??
    URL授權、檔案授權、和Role授權之間的區別?
  3. How do I use URL Authorization in ASP.NET 2.0?
    如何使用基於URL的授權?
  4. How do I use File Authorization in ASP.NET 2.0?
    如何使用基於檔案的授權?
  5. How do I use Role Authorization in ASP.NET 2.0?
    如何使用基於Role的授權?
  6. How is the AuthorizationStoreRoleProvider different from Authorization Manager APIs?
    AuthorizationStoreRoleProvider和Authorization Manager APIs的區別
  7. How do I use Windows Groups for role authorization in ASP.NET 2.0?
    如何使用Windows使用者組作為role?
  8. How do I use my custom role store for roles authorization?
    如何使用自訂的role存貯介質?
  9. How do I cache roles in ASP.NET 2.0?
    如何緩衝role?
  10. How do I protect authorization cookie when using role caching in ASP.NET 2.0?
    如何在使用role緩衝時保護cookie中的授權資訊?
  11. How do I lock authorization settings?
    如何鎖定授權設定?
  12. How do I use RoleManager in my application?
    如何使用RoleManager ?
Auditing and Logging 審核和日誌
  1. What's new in ASP.NET 2.0 in terms of Auditing and Logging?
    ASP.NET 2.0中的審核和日誌新特性?
  2. How do I use the Health monitoring feature in ASP.NET 2.0?
    如何使用Health monitoring?
  3. What all security events do health monitoring feature logs by default?
    Health monitoring預設會把所有的安全事件記入日誌嗎?
  4. How do I instrument my application for security?
    提高程式安全的措施
  5. When writing to a new event source from my ASP.NET application running under the Network service security context, I get registry permission exception. Why is this and how do I correct this
    如何解決在Network Service安全環境下寫入新日誌源時得到的註冊表授權異常?
  6. How do I protect audit and log files?
    如何保護審核檔案和記錄檔?
Code Access Security 程式碼存取安全性
  1. What's new in ASP.NET 2.0 in terms of Code Access Security?
    ASP.NET 2.0中的代碼訪問安全新特性
  2. How do I use code access security with ASP.NET?
    如何使用CAS?
  3. How do I create a custom trust level for ASP.NET?
    如何建立一個自訂的安全層級?
  4. What are the permissions at the various trust levels?
    不同信任層級中的許可有什麼區別?
  5. How do I write partial trust applications?
    如何編寫部分信任程式?
  6. When should I put assemblies in GAC, what are security implications?
    何時需要把assembly放入全域assembly緩衝?會有什麼樣的安全問題?
Impersonation / Delegation 類比和委託
  1. When do I use impersonation in ASP.NET 2.0?
    何時在ASP.NET中使用類比(impersonation)?
  2. How do I impersonate the original caller?
    如何類比原始訪問者?
  3. How do I temporarily impersonate the original caller?
    如何臨時類比原始訪問者?
  4. How do I impersonate a specific (fixed) identity?
    如何模仿一個特殊的認證生分?
  5. When should I use programmatic impersonation?
    何時需要使用可程式化的類比?
  6. How do I use programmatic impersonation?
    如何使用可程式化的類比?
  7. What is protocol transition and when do I care?
    何時已經如何使用protocol transtion?
  8. What is Constrained Delegation?
    什麼是Constrained Delegation?
  9. How can I retain impersonation in the new thread created from ASP.NET application?
    如何在新的線程中保持impersonation?
  10. How do I flow the original user identity to different layers?
    如何在不同的層間傳遞原始使用者身份?
  11. Can impersonation be used with Forms authentication?
    impersionation可以和Form驗證一起使用嗎?
  12. What are the requirements for using Kerberos delegation?
    使用Kerberos委託的條件
Configuration 配置
  1. What does a secure web.config look like?
    怎樣才是安全的web.config檔案?
  2. How do I encrypt sensitive data in machine.config or web.config file?
    如何加密machine.config和web.config中的敏感性資料?
  3. How do I run an ASP.NET application with a particular identity?
    如何用一個單獨的執行個體允許ASP.NET程式?
  4. How do I create a service account for running my ASP.NET applications?
    如何在伺服器上配置運行ASP.NET程式的帳號?
  5. Do I need to create a unique user account for each application pool?
    需要為每個應用程式集區(IIS)配置獨立的帳號嗎?
  6. How do I lock configuration settings?
    如何鎖定設定檔?
Exception Handling 異常處理
  1. How do I handle exceptions securely?
    如何安全的進行異常處理?
  2. How do I prevent detailed errors from returning to the client?
    如何防止異常資訊被發送到用戶端?
  3. How do I use structured exception handling?
    如何使用結構話的異常處理(try/catch/finnally)?
  4. How do I setup a global exception handler for my application?
    如何設定全域性的異常處理
  5. How do I enable my ASP.NET application to write to new event source?
    如何把ASP.NET程式的事件記錄寫入自訂的事件來源?
Data Access 資料訪問
  1. How do I protect the database connection strings in web.config file?
    如何保護Web.config檔案中的資料庫連接串?
  2. How do I use windows authentication for connecting to SQL server?
    如何使用Windows驗證串連SQL Server?
  3. How do I use SQL authentication for connecting to SQL server?
    如何使用SQL帳號串連SQL Server?
  4. When using Windows authentication, how can I give the default ASP.NET worker process access to a remote database server?
    何時使用Windows驗證串連SQL Server,如何串連遠端資料庫?
Input / Data Validation 輸入資料驗證
  1. What are the types of input I need to validate in my ASP.NET application?
    什麼樣的輸入需要驗證?
  2. How do I validate input in server-side controls?
    如何驗證通過伺服器控制項輸入的資料?
  3. How do I validate input in HTML controls, QueryString, cookies, and HTTP headers?
    如何驗證通過HTML控制項、QueryStirng、cookies和HTTP頭輸入的資料?
  4. What is SQL injection and how do I protect my application from SQL injection attacks?
    什麼是SQL注入,如何防止SQL注入攻擊?
  5. What is cross-site scripting and how do I protect my ASP.NET application from it?
    什麼是誇站指令碼,如何防止誇站指令碼攻擊?
Sensitive Data 敏感性資料
  1. How do I protect my web application's ViewState?
    如何保護我的ViewState?
  2. What care should I take when securing ViewState in a web farm scenario?
    如何在網站群環境下保護ViewState?
  3. How do I protect sensitive data in the database?
    如何保護資料庫裡的敏感性資料?
  4. How do I protect sensitive data in configuration files?
    如何保護設定檔裡的敏感性資料?
  5. How do I protect sensitive data in memory?
    如何保護記憶體中的敏感性資料?
  6. How do I protect passwords?
    如何保護密碼?
  7. How do I secure Session State information?
    如何保護Session資料?
Strong Naming and Signing 強式名稱和簽名
  1. How do I strong-name an ASP.NET application assembly?
    如何強式名稱化一個ASP.NET assembly?
  2. How do I delay sign an ASP.NET application assembly?
    如何延遲簽名一個ASP.NET assembly?
  3. When should I use .pfx files?
    何時需要使用.pfx檔案?
  4. When should I pre-compile my ASP.NET application?
    何時需要先行編譯我的ASP.NET程式?
  5. How do I pre-compile my ASP.NET application?
    如何先行編譯我的ASP.NET程式?
  6. How do I strong name an ASP.NET application?
    如何強式名稱化一個ASP.NET程式?
  7. How do I Sign .Net assemblies with Authenticode signature?
    如何和assembliy加上籤名?
Obfuscation 混淆
  1. How should I prevent someone from disassembling code?
    如何防止IL代碼被反編譯?
Others 其他
  1. How do I set up a SQL Server or SQL Express database for Membership, Profiles and Role Management?
    如何設定SQL Server或SQL Express資料庫,試其支援Membership、Profiles和Role? 中文

 

本文章原先以中文撰寫並發佈於 aliyun.com,亦設英文版本,僅作資訊用途。本網站不對文章的準確性,完整性或可靠性或其任何翻譯作出任何明示或暗示的陳述或保證。如對該文章有任何疑慮或投訴,請傳送電郵至 info-contact@alibabacloud.com 並提供相關疑慮或投訴的詳細說明。職員會於 5 個工作天內與您聯絡,一經驗證之後,即會刪除該侵權內容。

相關關鍵詞:
smr security gms security blowfish security chm security chown security gcd security mssql security
相關文章
ASP學習總結:錯誤碼
反爬蟲:利用ASP.NET MVC的Filter和緩衝(入坑出坑)
ASP.NET Core 2.0利用MassTransit整合RabbitMQ
實戰中的asp.net core結合Consul叢集&Docker實現服務治理
asp DateDiff實現文字在特定時間後消失
設定和讀取ASP.Net全域變數的方法

聯繫我們

該頁面正文內容均來源於網絡整理,並不代表阿里雲官方的觀點,該頁面所提到的產品和服務也與阿里云無關,如果該頁面內容對您造成了困擾,歡迎寫郵件給我們,收到郵件我們將在5個工作日內處理。

如果您發現本社區中有涉嫌抄襲的內容,歡迎發送郵件至: info-contact@alibabacloud.com 進行舉報並提供相關證據,工作人員會在 5 個工作天內聯絡您,一經查實,本站將立刻刪除涉嫌侵權內容。

熱門內容

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More