外文翻譯---一個(gè)為構(gòu)建更安全asp.net和iis網(wǎng)站的入門指南_第1頁(yè)
已閱讀1頁(yè),還剩5頁(yè)未讀, 繼續(xù)免費(fèi)閱讀

下載本文檔

版權(quán)說(shuō)明:本文檔由用戶提供并上傳,收益歸屬內(nèi)容提供方,若內(nèi)容存在侵權(quán),請(qǐng)進(jìn)行舉報(bào)或認(rèn)領(lǐng)

文檔簡(jiǎn)介

1、英文文獻(xiàn) 英文文獻(xiàn)An Introductory Guide to Building and Deploying More Secure Sites with ASP.NET and IISSUMMARYASP.NET and Microsoft Internet Information Services (IIS) work together to make building secure Web sites a breeze. Bu

2、t to do it right, you have to know how the two interrelate and what options they provide for securing access to a Web site's resources. This article, the first in a two-part series, explains the ABCs of Web security

3、as seen through the eyes of ASP.NET and includes a hands-on tutorial demonstrating Windows authentication and ACL authorizations. A range of security measures and authentication methods are discussed, including basic aut

4、hentication, digest authentication, and role-based security.There's an old adage among developers that says building security into software is like paying taxes. You know it's important and you know you must do i

5、t sooner or later, but you put it off as long as you can and when you finally do it, you do so only because you have to. You might not go to jail for building insecure applications, but security is no less important beca

6、use of it. In many applications—Web applications in particular—security isn't a luxury; it's a necessity.Security is a big deal in network applications because by nature those applications are available to (and v

7、ulnerable to misuse by and attacks from) a larger population of users. When the network to which an application is deployed is the Internet, security becomes even more important because the list of potential users grows

8、to about four billion. Web security is a broad and complicated subject. Much of the ongoing research in the field has to do with hardening Web servers against attacks. Microsoft® Internet Information Services (IIS)

9、administrators are all too aware of the past security holes in IIS and of several patches and security updates from Redmond. But this article isn't about protecting servers from buffer overruns and other hack attacks

10、; rather, this article is about using ASP.NET to build secure sites that serve up pages only to authorized users.At a slightly deeper level, you might want to know who requested the page so you can personalize it for tha

11、t individual. Either form of protection requires two overt actions on the part of the application: identify the originator of each request and define rules that govern who can access which pages.A Web server identifies c

12、allers using a mechanism called authentication. Once a caller is identified, authorization determines which pages that particular caller is allowed to view. ASP.NET supports a variety of authentication and authorization

13、models. Understanding the options that are available to you and how they interrelate is an important first step in designing a site that restricts access to some or all of its resources or that personalizes content for i

14、ndividual users.AuthenticationAuthentication enables the recipient of a request to ascertain the caller's identity. The caller might claim to be Bob, but you don't know he really is Bob unless you authenticate hi

15、m. ASP.NET supports three types of authentication: Windows authentication, Passport authentication, and forms authentication.When Windows authentication is selected, ASP.NET looks to IIS for help. IIS does the hard part

16、by authenticating the caller. Then it makes the caller's identity available to ASP.NET. Let's say Windows authentication is enabled and Bob requests an ASPX file. IIS authenticates Bob and forwards the request to

17、 ASP.NET along with an access token identifying Bob. ASP.NET uses the token to make sure Bob has permission to retrieve the page he requested. ASP.NET also makes the token available to the application that handles the re

18、quest so that at its discretion, the application can impersonate Bob—that is, temporarily assume Bob's identity—to prevent code executed within the request from accessing resources that Bob lacks permission to access

19、.For Web applications, Windows authentication is typically used in the following scenarios:Your application is deployed on the company's intranet and everyone who uses it has an account that they can use to log in an

溫馨提示

  • 1. 本站所有資源如無(wú)特殊說(shuō)明,都需要本地電腦安裝OFFICE2007和PDF閱讀器。圖紙軟件為CAD,CAXA,PROE,UG,SolidWorks等.壓縮文件請(qǐng)下載最新的WinRAR軟件解壓。
  • 2. 本站的文檔不包含任何第三方提供的附件圖紙等,如果需要附件,請(qǐng)聯(lián)系上傳者。文件的所有權(quán)益歸上傳用戶所有。
  • 3. 本站RAR壓縮包中若帶圖紙,網(wǎng)頁(yè)內(nèi)容里面會(huì)有圖紙預(yù)覽,若沒(méi)有圖紙預(yù)覽就沒(méi)有圖紙。
  • 4. 未經(jīng)權(quán)益所有人同意不得將文件中的內(nèi)容挪作商業(yè)或盈利用途。
  • 5. 眾賞文庫(kù)僅提供信息存儲(chǔ)空間,僅對(duì)用戶上傳內(nèi)容的表現(xiàn)方式做保護(hù)處理,對(duì)用戶上傳分享的文檔內(nèi)容本身不做任何修改或編輯,并不能對(duì)任何下載內(nèi)容負(fù)責(zé)。
  • 6. 下載文件中如有侵權(quán)或不適當(dāng)內(nèi)容,請(qǐng)與我們聯(lián)系,我們立即糾正。
  • 7. 本站不保證下載資源的準(zhǔn)確性、安全性和完整性, 同時(shí)也不承擔(dān)用戶因使用這些下載資源對(duì)自己和他人造成任何形式的傷害或損失。

評(píng)論

0/150

提交評(píng)論