An Authorization Service using.NET Passport ™ as underlying Authentication Scheme Bar-Hen Ron Hochberger Daniel Winter 2002 Technion – Israel Institute.

Slides:

Advertisements

Similar presentations

Using EBSCOs Search Box Builder Tool Tutorial. Would you like to promote your EBSCOhost resources by adding an easy-to-use search box to your website?

Advertisements

HINARI – Accessing Articles: Problems and Solutions.

Creating a Login Process Creating a users table and a login form that denies access to unauthorized users.

User Registration. Click on ‘Sign Up’ button. Enter Registration details and click on submit button.

Forms Authentication, Users, Roles, Membership Ventsislav Popov Crossroad Ltd.

DESIGNING A PUBLIC KEY INFRASTRUCTURE

 Key exchange o Kerberos o Digital certificates  Certificate authority structure o PGP, hierarchical model  Recovery from exposed keys o Revocation.

Authenticating Users in an ASP.NET Application. Web Site Administration Tool From VS 2008, click Website/ ASP.Net Configuration to open Web Site Administration.

Securing and Sharing Files Over The Internet (Content Server Security) By Amihay Schwarz Instructor: Viktor Kulikov Software System Laboratory Department.

An Authorization Service using.NET Passport ™ as underlying Authentication Scheme Bar-Hen Ron Hochberger Daniel Winter 2002 Technion – Israel Institute.

Microsoft Passport Waldemar Swiercz.

Client State Management & Application Security  Client State Management  Concept  ASP Examples  Application Security  Database Based Approach 

ASP.NET 2.0 Chapter 6 Securing the ASP.NET Application.

Role based Security in.NET By By Aasia Riasat Aasia RiasatCS-795.

Web-based Document Management System By Group 3 Xinyi Dong Matthew Downs Joshua Ferguson Sriram Gopinath Sayan Kole.

Login Screen This is the Sign In page for the Dashboard Enter Id and Password to sign In New User Registration.

Delivering Excellence in Software Engineering ® EPAM Systems. All rights reserved. ASP.NET Authentication.

ARCHIBUS Log On Instructions. Log Into ARCHIBUS Web Central Log In Screen 1.Open your Internet browser. 2.Enter the URL to view the ARCHIBUS Login Page.

Copyright © 2007, SAS Institute Inc. All rights reserved. SAS Activity-Based Management Survey Kit (ASK): User Management & Security.

Reading Data in Web Pages tMyn1 Reading Data in Web Pages A very common application of PHP is to have an HTML form gather information from a website's.

Session 11: Security with ASP.NET

Session 5: Working with MySQL iNET Academy Open Source Web Development.

Open Source Server Side Scripting ECA 236 Open Source Server Side Scripting Cookies & Sessions.

Login Screen This is the Sign In page for the Dashboard New User Registration Enter Id and Password to sign In.

Forms Authentication, Users, Roles, Membership Svetlin Nakov Telerik Corporation

Lecture 14 – Web Security SFDV3011 – Advanced Web Development 1.

Module 10: Configuring Windows XP Professional to Operate in Microsoft Networks.

© FPT SOFTWARE – TRAINING MATERIAL – Internal use 04e-BM/NS/HDCV/FSOFT v2/3 Securing a Microsoft ASP.NET Web Application.

1 Web services and security ---discuss different ways to enforce security Presenter: Han, Xue.

COMP3121 E-Commerce Technologies Richard Henson University of Worcester November 2011.

authenticated networked guided environment for learning - secure integration of learning environments with digital libraries - Current.

Copyright © 2013 Curt Hill Database Security An Overview with some SQL.

Dr. Mustafa Cem Kasapbaşı Security in ASP.NET. Determining Security Requirements Restricted File Types.

Effective Security in ASP.Net Applications Jatin Sharma: Summer 2005.

Simplify TeleHealth - Copyright 2012 Emerge.MD inc - Confidential Single Sign On via Active Directory Federation Services 4.6 Release (March 2014) Updates.

Module 11: Securing a Microsoft ASP.NET Web Application.

Building Secure Web Applications With ASP.Net MVC.

Granite School District Crosspointe Gradebook Parent/Student Portal

MEMBERSHIP AND IDENTITY Active server pages (ASP.NET) 1 Chapter-4.

 Registry itself is easy and straightforward in implementation  The objects of registry are actually complicated to store and manage  Objects of Registry.

IIS and.Net security -Vasudha Bhat. What is IIS? Why do we need IIS? Internet Information Services (IIS) is a Web server, its primary job is to accept.

Configuring and Troubleshooting Identity and Access Solutions with Windows Server® 2008 Active Directory®

Copyright © 2006, Infinite Campus, Inc. All rights reserved. User Security Administration.

1 Chapter Overview Creating Web Sites and FTP Sites Creating Virtual Directories Managing Site Security Troubleshooting IIS.

Enigma Mutiara Sdn Bhd Computer Based Learning (CBL) HSE Procedures.

© Copyright 2009 SSLPost 01. © Copyright 2009 SSLPost 02 a recipient is sent an encrypted that contains data specific to that recipient the data.

MassHealth Medicaid Management Information System (MMIS) Provider Online Service Center (POSC) Technical Upgrade January 13, 2016.

1 Visalia Unified School District Principal & Area Administrator Service Request Approval Processing Using The SRTS November 16, 2005 Administrative Services.

STEP S  Follow the steps that you see in this section of the slide. Medicaid Electronic Health Record (EHR) Incentive Program Getting Started: Login Go.

Securing Web Applications Lesson 4B / Slide 1 of 34 J2EE Web Components Pre-assessment Questions 1. Identify the correct return type returned by the doStartTag()

Session 11: Cookies, Sessions ans Security iNET Academy Open Source Web Development.

American Diploma Project Administrative Site Training.

American Diploma Project Administrative Site Training.

U.S. Department of Agriculture eGovernment Program eAuthentication Initiative eAuthentication Solution Screens Review Meeting October 7, 2003.

American Diploma Project Administrative Site Training New Jersey.

V 0.1Slide 1 Security - User Account How to maintain user account ? Access Control Other Information Configuration  maintain user group and access rights.

19 Copyright © 2008, Oracle. All rights reserved. Security.

Logging Into Windows XP for first time (labs only!)

Unit 7 Learning Objectives

CAS and Web Single Sign-on at UConn

Jim Fawcett CSE686 – Internet Programming Summer 2005

Using SSL – Secure Socket Layer

Web Systems Development (CSC-215)

Created by : Asst. Prof. Ashish Shah

This is the Sign In page for the Dashboard

Management Application for all segments

Presentation transcript:

An Authorization Service using.NET Passport ™ as underlying Authentication Scheme Bar-Hen Ron Hochberger Daniel Winter 2002 Technion – Israel Institute of Technology

Motivations Creating a generic Authorization service for the Technion which takes advantage of the.NET Passport ™ Authentication Scheme:  Building a generic Administrator Software for setting permissions  Finding an interesting real-world application and integrating it into the application: The Software Systems Lab – users are students, instructors, lecturers, secretaries, administrators and so on…  Creating participating sites which support multiple levels of access: A “Grades” system in which students see their grades, instructors and lecturers set grades, and secretaries create new projects.

Prerequisites Learn Microsoft™.NET environment Learn the C# Programming Language Be familiar with the concepts of ADO.NET Study Microsoft™ Passport SDK Learn how to configure a new participating site

Authentication vs. Authorization Authentication: are you who you pretend you are?  performed by.NET Passport Authorization: if you are who you pretend you are, do you have access to a given page?  performed locally by the participating site’s authorization scheme

How Microsoft Passport ™ works? Participating sites should register their URL and returned URL to be assigned a site ID and a secret encryption key shared with Microsoft. Users should have an account on Microsoft Passport: a universal login name and a password used for accessing each participating site. users are identified by a Unique User ID (PUID).

How Microsoft Passport ™ works? (cont.) When a user clicks the sign in logo or tries to access a protected webpage, a silent “HTTP redirect” displays the sign in page. If the user has previously log in to a.NET Passport participating site (namely, he has valid cookies), all the process described below is silent. On the sign in page, the user is asked to enter his sign in name and password. If they match an entry in the Microsoft database, the user is authenticated and the Passport login server creates three.NET Passport cookies which include the PUID of the user, a timestamp, and other required information. The browser automatically redirects the user to the participating site, and the encrypted.NET Passport cookies are passed to the participating site as query string parameters. The participating site decrypts cookie information, receives the PUID which authenticates the user and can process the authorization scheme using PUID.

How Microsoft Passport ™ works? (cont.)

Authentication and Authorization implementation Each time a page is loaded, it performs silent authentication:  the authentication process is implemented in the base class of all the frames in the site using.NET Passport function calls. if the page is not restricted, this page will be opened even if no user is signed-in, but in case it is restricted, the user will be forced to sign-in and the authorization process will take place

Authentication and Authorization implementation (cont.) A user which has no passport will be denied to access a restricted page. A new user which attempt to access a restricted page for the first time, has a legal Passport account, but is still not a registered user of the Lab. is redirected to a special web form, asking him to enter his details. This user, referred to as a "Pending User", will become a legal user only when an administrator will allow him through the Administrator program. A legal user of the Lab. attempting to access a restricted page is checked against the Authorization Database to decide whether he is allowed to view it. If this is not the case, he is redirected to a "Permission denied" page, otherwise, the restricted page is opened.

Involved entities Data repository Permissions repository

Registration Form

Administrator S/W GUI (users related)

Administrator S/W GUI (groups related)

Administrator S/W GUI (total permissions)

The “Grades” System A special restricted page, typically accessible by secretaries, permits to create new projects, fixing the two students, the instructor and the lecturer participating to this project. A restricted page called "Grades" presents to the currently signed-in user all the grades he is allowed to view or to set according to the Data Repository database and the group he belongs to as specified in the Authorization database.  Typically, a student should be able to see his grades, an instructor and a lecturer should be able respectively to set 90% and 10% of the grade of each one of their students.  The grade system is totally generic: an instructor can be a student, a lecturer can be an instructor and so on: in all the cases, the currently logged in user can view or set only what he is allowed to and all this appears in one single table.

Create project page

The grades page