1 Web services and security ---discuss different ways to enforce security Presenter: Han, Xue.

Slides:



Advertisements
Similar presentations
Enabling Secure Internet Access with ISA Server
Advertisements

Forms Authentication, Users, Roles, Membership Ventsislav Popov Crossroad Ltd.
ASP.Net Security Chapter 10 Jeff Prosise’s Book. Authentication To ascertain the caller’s identity –Windows authentication –Forms authentication –Passport.
National Center for Supercomputing Applications Integrating MyProxy with Site Authentication Jim Basney Senior Research Scientist National Center for Supercomputing.
PKI 2: Protezione del traffico Web tramite SSL Fabrizio Grossi.
Authenticating Users in an ASP.NET Application. Web Site Administration Tool From VS 2008, click Website/ ASP.Net Configuration to open Web Site Administration.
Microsoft ASP.NET Security Venkat Chilakala Support Professional Microsoft Corporation.
Using Internet Information Server And Microsoft ® Internet Explorer To Implement Security On The Intranet HTTP.
ASP.NET Security 9/9/2002 LA.NET Users Group Presented by David Henson
Introduction To Windows NT ® Server And Internet Information Server.
ASP.NET 2.0 Chapter 6 Securing the ASP.NET Application.
Chapter 13 – Site Security. Internet Information Server ASP.NET Applications.NET Framework Windows NT/2000 Operating System Forms Passport Windows Certificates.
Internet Information Server (IIS)
Access Control in IIS 6.0 Windows 2003 Server Prepared by- Shamima Rahman School of Science and Computer Engineering University of Houston - Clear Lake.
Jonas Thomsen, Ph.d. student Computer Science University of Aarhus Best Practices and Techniques for Building Secure Microsoft.
Esri UC2013. Technical Workshop. Technical Workshop 2013 Esri International User Conference July 8–12, 2013 | San Diego, California Building Secure Applications.
Internet Information Server 6.0. Overview  What’s New in IIS 6.0?  Built-in Accounts and IIS 6.0  IIS Pass-Through Authentication  Securing Web Traffic.
Delivering Excellence in Software Engineering ® EPAM Systems. All rights reserved. ASP.NET Authentication.
1 ASP.NET SECURITY Presenter: Van Nguyen. 2 Introduction Security is an integral part of any Web-based application. Understanding ASP.NET security will.
Edwin Sarmiento Microsoft MVP – Windows Server System Senior Systems Engineer/Database Administrator Fujitsu Asia Pte Ltd
Smart Card Single Sign On with Access Gateway Enterprise Edition
Ins and Outs of Authenticating Users Requests to IIS 6.0 and ASP.NET Chris Adams Program Manager IIS Product Unit Microsoft Corporation.
Understanding Integrated Authentication in IIS Chris Adams IIS Supportability Lead Microsoft Corp.
Copyright 2007, Information Builders. Slide 1 WebFOCUS Authentication Mark Nesson, Vashti Ragoonath Information Builders Summit 2008 User Conference June.
Session 11: Security with ASP.NET
Forms Authentication, Users, Roles, Membership Svetlin Nakov Telerik Corporation
MCSE Guide to Microsoft Exchange Server 2003 Administration Chapter Four Configuring Outlook and Outlook Web Access.
Author: Bill Buchanan. Work Schedule Author: Bill Buchanan.
Christopher Chapman | MCT Content PM, Microsoft Learning, PDG Planning, Microsoft.
Chapter 13 – Network Security
Copyright 2000 eMation SECURITY - Controlling Data Access with
© FPT SOFTWARE – TRAINING MATERIAL – Internal use 04e-BM/NS/HDCV/FSOFT v2/3 Securing a Microsoft ASP.NET Web Application.
ArcGIS Server and Portal for ArcGIS An Introduction to Security
.Net and Web Services Security CS795. Web Services A web application Does not have a user interface (as a traditional web application); instead, it exposes.
Module 5 Configuring Authentication. Module Overview Lesson 1: Understanding Classic SharePoint Authentication Providers Lesson 2: Understanding Federated.
SharePoint Security Fundamentals Introduction to Claims-based Security Configuring Claims-based Security Development Opportunities.
Dr. Mustafa Cem Kasapbaşı Security in ASP.NET. Determining Security Requirements Restricted File Types.
Effective Security in ASP.Net Applications Jatin Sharma: Summer 2005.
Securing Your ASP.NET Application Presented by: Rob Bagby Developer Evangelist Microsoft ( )
SECURITY ISSUES. Introduction The.NET Framework includes a comprehensive set of security tools –Low-level classes and an overall framework –Managing code.
The.NET Runtime and IIS Presented by Chris Dickey – cdickey.net consulting
1 Chapter Overview Password Protection Security Models Firewalls Security Protocols.
Module 8: Designing Security for Authentication. Overview Creating a Security Plan for Authentication Creating a Design for Security of Authentication.
Module 11: Securing a Microsoft ASP.NET Web Application.
Slide 1 ASP Authentication There are basically three authentication modes Windows Passport Forms There are others through WCF You choose an authentication.
CS795.Net Impersonation… why & How? Presented by: Vijay Reddy Mara.
Ins and Outs of Authenticating Users Requests to IIS 6.0 and ASP.NET Chris Adams Program Manager IIS Product Unit Microsoft Corporation.
© FPT SOFTWARE – TRAINING MATERIAL – Internal use 04e-BM/NS/HDCV/FSOFT v2/3 The SqlConnection Object ADO.NET - Lesson 02  Training time: 10 minutes 
Copyright © 2006 Pilothouse Consulting Inc. All rights reserved. Impersonation in SharePoint Developers use impersonation when an application needs to.
MEMBERSHIP AND IDENTITY Active server pages (ASP.NET) 1 Chapter-4.
GUDURU PRAVEEN REDDY.NET IMPERSONATION. Contents Introduction Impersonation Enabled Impersonation Disabled Impersonation Class Libraries Impersonation.
Web Access. Overview  Purpose  Prerequisites  Install Components  Enable Virtual Directories  IIS Configuration & Security  Troubleshooting.
SharePoint in the Education Space Presented by: Daniel Petersen Director of Business Solutions Applied Tech.
IIS and.Net security -Vasudha Bhat. What is IIS? Why do we need IIS? Internet Information Services (IIS) is a Web server, its primary job is to accept.
Configuring and Troubleshooting Identity and Access Solutions with Windows Server® 2008 Active Directory®
Impersonation Bharat Kadia CS-795. What is Impersonation ? Dictionary-: To assume the character or appearance of someone ASP.NET-: Impersonation is the.
Security E-Learning Chapter 08. Security Control access to your web site –3 Techinques for Identifying users Giving users access to your site Securing.
Configuring and Deploying Web Applications Lesson 7.
15 Copyright © 2004, Oracle. All rights reserved. Adding JAAS Security to the Client.
Designing a Secure Extranet with Sharepoint Russ Basiura Principal Consultant RJB Technical Consulting
Securing Web Applications Lesson 4B / Slide 1 of 34 J2EE Web Components Pre-assessment Questions 1. Identify the correct return type returned by the doStartTag()
Unit 7 Learning Objectives
Agenda Introduction Security flow for a request Authentication
Jim Fawcett CSE686 – Internet Programming Summer 2005
Authentication in ASP.NET
Introduction to .net Impersonation
Created by : Asst. Prof. Ashish Shah
ASP.NET Module Subtitle.
Presentation transcript:

1 Web services and security ---discuss different ways to enforce security Presenter: Han, Xue

2 INTRODUCTION Security Concepts ASP.NET Security Different security schemes offered by both ASP.NET and IIS Demo

3 Security Concepts Impersonation Authentication Authorization

4 Cont.. Impersonation Impersonation is a process in which a user accesses the resources by using the identity of another user Example: An example of impersonation is the use of the IUSR_machinename account that is created by IIS. When a Web site has anonymous access enabled, then IIS runs all the users' requests using the identity of the IUSR_machinename account Show IUSR_machinename

5 Cont.. Authentication Authentication is a process in which the security infrastructure makes sure that the users are who they say they are How it works: The security infrastructure collects the user's credentials, usually in the form of user ID and password, checks those credentials against any credentials' store. If the credentials provided by the user are valid, then the user is considered an authenticated user.

6 Cont.. Authorization Authorization is a process in which the security infrastructure checks whether the authenticated user has sufficient rights to access the requested resource Example: If Bob wants to access a resource, it will first check if Bob has sufficient right to access, then, if Bob wants to write to a file, if he has the write right on this file, the operation succeeds otherwise the operation fails.

7 ASP.NET Security ASP.NET works with IIS and the Windows operating system in order to implement the security services ASP.NET applications use configuration files for security and other Web application settings Snapshot Show Application Configuration Required File mapped to aspnet_isapi.dll forwards to aspnet_wp.exe

8 ASP.NET Security (Cont..) ASP.NET Impersonation Three ways by using the tag in the Web.config file This means impersonation for the ASP.NET worker thread is enabled. This means impersonation for the ASP.NET worker thread is not enabled

9 ASP.NET Security (Cont..) ASP.NET Authentication The authentication option for the ASP.NET application is specified by using the tag in the Web.config file <authentication mode= "Windows | Forms | Passport | None">

10 Ways to secure a Web Service Windows Authentication Forms authentication Passport authentication None

11 Windows Authentication Integrated Windows authentication Basic and basic with SSL authentication Digest authentication Client Certificate authentication

12 Integrated Windows authentication Integrated Windows authentication is a secure way of passing a user‘s credentials on wire. It can use either NT LAN Manager (NTLM) or Kerberos authentication. Contrast Table This is the best scheme that can be used for intranet environments using Windows, but this scheme cannot be used for Internet because it works only with Windows clients. Snapshot

13 Basic and basic with SSL authentication In basic authentication, the user is prompted for a username and password. This information is then transmitted to the server, but first it is encoded using base64 encoding. Most of the browsers, proxy servers, and Web servers support this method, but it is not secure. Anyone who knows how to decode a base64 string can decode users' credentials Snapshot for Basic Authentication Snapshot Snapshot for SSL Snapshot

14 Forms authentication In the “Web.config” file

15 None If we don't want ASP.NET to perform any authentication, we can set the authentication mode to "none". We don't want to authenticate our users, and our Web site is open for all to use We want to provide our own custom authentication. Login.aspx DEMO

16 ASP.NET Authorization Windows NTFS File Authorization  Access Control List (ACL): Anything that is stored in the NTFS file system has an ACL associated with it  Snapshot Snapshot ASP.NET URL Authorization

17 Conclusion Out of the authentication methods described previously, except for Forms and Passport authentications, all other methods require Windows accounts for implementing security. Combined with IIS, ASP.NET offers a more robust and flexible security model that can be leveraged, configured, and programmed according to our needs

18 References b.htm b.htm px?PostID=22990&SiteID=1 px?PostID=22990&SiteID=1

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.