ASP.NET Web Application Security

2013 年 1 月 25 日3570

Most Web sites need to selectively restrict access to some portions of the site. You can think of a Web site as somewhat analogous to an art gallery. The gallery is open for the public to come in and browse, but there are certain parts of the facility, such as the business offices, that are accessible only to people with certain credentials, such as employees. When a Web site stores its customers' credit card information in a database, for example, access to the database must be restricted. ASP.NET security features help you address this and many other security issues.

ASP.NET, in conjunction with Microsoft Internet Information Services (IIS), can authenticate user credentials such as names and passwords using any of the following authentication methods:

ASP.NET controls access to site information by comparing authenticated credentials, or representations of them, to NTFS file system permissions or to an XML file that lists authorized users, authorized roles (groups), or authorized HTTP verbs.

This section and the following sections describe the specifics of ASP.NET security. For more information about the types of security attacks Web sites experience and how you can help protect your site from attack, see Security Considerations for ASP.NET Web Applications.

In This Section

How ASP.NET Security Works

Provides an overview of ASP.NET security.

ASP.NET Architecture

Provides an overview of ASP.NET infrastructure and subsystem relationships, as related to security.

ASP.NET Data Flow

Describes the security data flow for two common scenarios.

ASP.NET Authentication

Describes ASP.NET authentication providers.

ASP.NET Authorization

Describes two fundamental ways to authorize access to a resource.

ASP.NET Impersonation

Describes how and when to use ASP.NET Impersonation.

Designing Secure ASP.NET Applications

Describes how to create ASP.NET applications with incorporated security.

ASP.NET Application Security in Hosted Environments

Describes ASP.NET security features for multi-application Web servers.

Related Sections

System.Web.Security Namespace

Describes the classes you need for ASP.NET security features.
Security Considerations for ASP.NET Web Applications
Describes common types of Web site security attacks and how to help prevent them.

Securing Applications

Describes general .NET Framework security concepts, services, and best practices.
0 0