Scribd Logo
Upload

Welcome to Scribd!

  • Securing A Web Application

    Uploaded by

    delfion
    35 views25 pages
    ASP.NET authentication enables users to authenticate against the website. ASP.net supports different types of authentications: anonymous, basic, and digest.

    Original Description:

    Original Title

    10264A_10

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Available Formats

    PPT, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    ASP.NET authentication enables users to authenticate against the website. ASP.net supports different types of authentications: anonymous, basic, and digest.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PPT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as ppt, pdf, or txt
    35 views25 pages

    Securing A Web Application

    Uploaded by

    delfion
    ASP.NET authentication enables users to authenticate against the website. ASP.net supports different types of authentications: anonymous, basic, and digest.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PPT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as ppt, pdf, or txt
    of 25

    Module 10 Securing a Web Application

    Module Overview
    Configuring Authentication Configuring ASP.NET Membership Managing Authorization by Using ASP.NET Roles

    Lesson 1: Configuring Authentication


    Internet Information Services (IIS) Authentication Types of ASP.NET Authentication Demonstration: Configuring IIS Authentication How to Configure Forms Authentication

    IIS Authentication

    Basic authentication

    Anonymous access

    IIS authentication

    Integrated Windows authentication

    Digest authentication

    Types of ASP.NET Authentication


    ASP.NET authentication enables users to authenticate

    against the website

    ASP.NET supports different types of authentications:


    Anonymous ASP.NET Impersonation Forms Windows

    Windows authentication authenticates the user against the

    Windows user account custom authentication

    Forms authentication allows the developer to implement

    Demonstration: Configuring IIS Authentication

    Configuring Anonymous authentication Configuring Basic authentication Configuring Digest authentication Configuring Windows authentication

    Notes Page Over-flow Slide. Do Not Print Slide. See Notes pane.

    How to Configure Forms Authentication


    Use Forms authentication to create a custom

    authentication engine

    The flow of authentication first checks request for session

    cookie (if the cookie is not found, the user is not authenticated) Web.config file

    Set Windows and Forms authentication using the Using the Login page, enable the user to enter the

    credentials that will be validated against the web application

    Lesson 2: Configuring ASP.NET Membership


    What is ASP.NET Membership? How to Configure ASP.NET Membership Demonstration: Managing Users by Using ASP.NET

    Membership

    How to Implement the Login Control The PasswordRecovery Control

    What is ASP.NET Membership?


    Use ASP.NET Membership to authenticate users against a

    custom data source

    By default, Membership API can authenticate against SQL

    Server and Active Directory

    Membership options include connectionStringName,

    enablePasswordReset, and other options related to the Membership API Forms in the Web.config file for membership

    Configure Forms authentication by setting the mode to Use the ASP.NET configuration tool to set up user accounts

    How to Configure ASP.NET Membership


    Configure ASP.NET Membership by using the ASP.NET Web

    Site Administration Tool, or by manually editing the Web.config file can choose the providers for the application

    By opening the configuration in the browser, the developer The updates performed by the ASP.NET Web Site

    Administration Tool are reflected in the Web.config file

    Demonstration: Managing Users by Using ASP.NET Membership

    Create a new ASP.NET web application

    Open the ASP.NET Web Site Administration Tool

    Create a user

    Notes Page Over-flow Slide. Do Not Print Slide. See Notes pane.

    How to Implement the Login Control


    The ASP.NET Login control works automatically with the The Membership provider can be enabled in the

    membership providers enabled in ASP.NET web application Web.config file Web.config file

    Specific files and folders can be protected by using the

    PasswordRecovery Control
    The PasswordRecovery control helps the user to retrieve

    the forgotten password

    Clear text passwords are sent to a specified email address The email address can be specified in the Web.config file

    in the mailSettings section

    Lesson 3: Managing Authorization by Using ASP.NET Roles


    What are ASP.NET Roles? Demonstration: Managing ASP.NET Roles How to Restrict Access to Resources Active Directory Security Web Service Authentication

    What are ASP.NET Roles?


    Authorization is the process of making sure that users can

    only access the resources that are assigned to them

    Access rules provide a way to manage access to folders

    and files, allowing you to prevent access by unauthorized users and by manually adding them in the Web.config file

    Configure access rules using the web configuration tool,

    Demonstration: Managing ASP.NET Roles

    Open solution

    Open the Web Site Administration Tool

    Enable roles

    Create admin role

    Notes Page Over-flow Slide. Do Not Print Slide. See Notes pane.

    How to Restrict Access to Resources


    Access rules provide a way to restrict user access to

    unauthorized resources

    Set up access rules by manually editing the Web.config file Use Roles API to set up access rules

    Active Directory Security


    The user can use Windows credentials to log on to the

    application

    Used heavily in corporate intranet-based applications Can be set up by specifying windows as the

    authentication mode in the Web.config file

    Lab: Securing a Web Application


    Exercise 1: Configuring ASP.NET Membership and Roles Exercise 2: Authentication Exercise 3: Authorization

    Logon information

    Estimated time: 60 minutes

    Lab Scenario

    Lab Review
    How is the ASP.NET Web Site Administration Tool

    accessed?

    Why were anonymous users allowed access to the

    EmailPassword.aspx Web Form? overridden?

    Why was the Authenticate event of the Login control

    Module Review and Takeaways


    Review Questions

    You might also like