Building Secure ASP.NET Applications - People Search Directory

More documents

Recommendations

Info

xiv Contents How To: Use Forms Authentication with SQL Server 2000 367 Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 368 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 368 1. Create a Web Application with a Logon Page . . . . . . . . . . . . . . . . . . . . . . . . . . . . 368 2. Configure the Web Application for Forms Authentication . . . . . . . . . . . . . . . . . . . . 369 3. Develop Functions to Generate a Hash and Salt value . . . . . . . . . . . . . . . . . . . . . 370 4. Create a User Account Database . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 371 5. Use ADO.NET to Store Account Details in the Database . . . . . . . . . . . . . . . . . . . . 372 6. Authenticate User Credentials Against the Database . . . . . . . . . . . . . . . . . . . . . . 373 7. Test the Application . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 375 Additional Resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 376 How To: Create GenericPrincipal Objects with Forms Authentication 377 Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 378 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 378 1. Create a Web Application with a Logon Page . . . . . . . . . . . . . . . . . . . . . . . . . . . . 378 2. Configure the Web Application for Forms Authentication . . . . . . . . . . . . . . . . . . . . 379 3. Generate an Authentication Ticket for Authenticated Users . . . . . . . . . . . . . . . . . . 379 4. Construct GenericPrincipal and FormsIdentity Objects . . . . . . . . . . . . . . . . . . . . . 382 5. Test the Application . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 383 Additional Resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 384 How To: Implement Kerberos Delegation for Windows 2000 385 Notes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 385 Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 386 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 386 1. Confirm that the Client Account is Configured for Delegation . . . . . . . . . . . . . . . . 386 2. Confirm that the Server Process Account is Trusted for Delegation . . . . . . . . . . . . 386 References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 387 How To: Implement IPrincipal 389 Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 390 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 390 1. Create a Simple Web Application . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 390 2. Configure the Web Application for Forms Authentication . . . . . . . . . . . . . . . . . . . . 391 3. Generate an Authentication Ticket for Authenticated Users . . . . . . . . . . . . . . . . . . 392 4. Create a Class that Implements and Extends IPrincipal . . . . . . . . . . . . . . . . . . . . 394 5. Create the CustomPrincipal Object . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 395 5. Test the Application . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 397 Additional Resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 398
Contents xv How To: Create a DPAPI Library 399 Notes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 399 Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 400 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 400 1. Create a C# Class Library. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 400 2. Strong Name the Assembly (Optional) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 406 References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 407 How To: Use DPAPI (Machine Store) from ASP.NET 409 Notes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 409 Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 410 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 410 1. Create an ASP.NET Client Web Application . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 410 2. Test the Application . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 412 3. Modify the Web Application to Read an Encrypted Connection String from Web.Config . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 413 References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 414 How To: Use DPAPI (User Store) from ASP.NET with Enterprise Services 415 Notes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 415 Why Use Enterprise Services? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 416 Why Use a Windows Service? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 417 Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 417 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 418 1. Create a Serviced Component that Provides Encrypt and Decrypt Methods . . . . . . 418 2. Call the Managed DPAPI Class Library . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 419 3. Create a Dummy Class that will Launch the Serviced Component . . . . . . . . . . . . . 420 4. Create a Windows Account to Run the Enterprise Services Application and Windows Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 420 5. Configure, Strong Name, and Register the Serviced Component . . . . . . . . . . . . . . 421 6. Create a Windows Service Application that will Launch the Serviced Component . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 422 7. Install and Start the Windows Service Application . . . . . . . . . . . . . . . . . . . . . . . . 424 8. Write a Web Application to Test the Encryption and Decryption Routines . . . . . . . . 424 9. Modify the Web Application to Read an Encrypted Connection String from an Application Configuration File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 427 References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 428
Page 1 and 2: Building Secure ASP.NET Application
Page 3 and 4: Contents About This Book Summary .
Page 5 and 6: Contents v Role-Based Authorization
Page 7 and 8: Contents vii Chapter 7 Internet Sec
Page 9 and 10: Contents ix Configuring Security .
Page 11 and 12: Contents xi Accessing System Resour
Page 13: Contents xiii Troubleshooting Tools
Page 17 and 18: Contents xvii 6. Export the Client
Page 19 and 20: Contents xix Reference Hub 517 Sear
Page 21 and 22: About This Book Summary This guide
Page 23 and 24: About This Book xxiii Who Should Re
Page 25: About This Book xxv ● ● ● Spe
Page 28 and 29: xxviii Building Secure ASP.NET Appl
Page 30 and 31: xxx Building Secure ASP.NET Applica
Page 32 and 33: xxxii Building Secure ASP.NET Appli
Page 34 and 35: xxxiv Building Secure ASP.NET Appli
Page 36 and 37: xxxvi Building Secure ASP.NET Appli
Page 38 and 39: xxxviiiBuilding Secure ASP.NET Appl
Page 40 and 41: xl Building Secure ASP.NET Applicat
Page 42 and 43: 2 Building Secure ASP.NET Applicati
Page 49 and 50: 2 Security Model for ASP.NET Applic
Page 51 and 52: Chapter 2: Security Model for ASP.N
Page 65 and 66:
Chapter 2: Security Model for ASP.N
Page 67:
Chapter 2: Security Model for ASP.N
Page 70 and 71:
30 Building Secure ASP.NET Applicat
Page 72 and 73:
Page 74 and 75:
Page 76 and 77:
Page 78 and 79:
Page 80 and 81:
Page 82 and 83:
Page 84 and 85:
Page 86 and 87:
Page 88 and 89:
Page 90 and 91:
Page 92 and 93:
Page 94 and 95:
Page 96 and 97:
Page 98 and 99:
Page 100 and 101:
Page 102 and 103:
Page 104 and 105:
Page 106 and 107:
Page 108 and 109:
Page 110 and 111:
Page 112 and 113:
Page 114 and 115:
Page 116 and 117:
Page 118 and 119:
Page 120 and 121:
Page 122 and 123:
Page 124 and 125:
Page 126 and 127:
Page 128 and 129:
Page 130 and 131:
Page 132 and 133:
Page 134 and 135:
Page 136 and 137:
Page 138 and 139:
Page 140 and 141:
100 Building Secure ASP.NET Applica
Page 143 and 144:
6 Extranet Security Extranet applic
Page 145 and 146:
Chapter 6: Extranet Security 105 Se
Page 147 and 148:
Chapter 6: Extranet Security 107
Page 149 and 150:
Chapter 6: Extranet Security 109 Co
Page 151 and 152:
Chapter 6: Extranet Security 111 Re
Page 153 and 154:
Chapter 6: Extranet Security 113 Th
Page 155 and 156:
Chapter 6: Extranet Security 115 Co
Page 157:
Chapter 6: Extranet Security 117 Pi
Page 160 and 161:
Page 162 and 163:
Page 164 and 165:
Page 166 and 167:
Page 168 and 169:
Page 170 and 171:
Page 172 and 173:
Page 174 and 175:
Page 176 and 177:
Page 178 and 179:
Page 180 and 181:
Page 182 and 183:
Page 184 and 185:
Page 186 and 187:
Page 188 and 189:
Page 190 and 191:
Page 192 and 193:
Page 194 and 195:
Page 196 and 197:
Page 198 and 199:
Page 200 and 201:
Page 202 and 203:
Page 204 and 205:
Page 206 and 207:
Page 208 and 209:
Page 210 and 211:
Page 212 and 213:
Page 214 and 215:
Page 216 and 217:
Page 218 and 219:
Page 220 and 221:
Page 222 and 223:
Page 224 and 225:
Page 226 and 227:
Page 228 and 229:
Page 230 and 231:
Page 232 and 233:
Page 235 and 236:
9 Enterprise Services Security Trad
Page 237 and 238:
Chapter 9: Enterprise Services Secu
Page 239 and 240:
Page 241 and 242:
Page 243 and 244:
Page 245 and 246:
Page 247 and 248:
Page 249 and 250:
Page 251 and 252:
Page 253 and 254:
Page 255 and 256:
Page 257 and 258:
Page 259 and 260:
Page 261 and 262:
Page 263 and 264:
Page 265 and 266:
Page 267 and 268:
10 Web Services Security This chapt
Page 269 and 270:
Chapter 10: Web Services Security 2
Page 271 and 272:
Page 273 and 274:
Page 275 and 276:
Page 277 and 278:
Page 279 and 280:
Page 281 and 282:
Page 283 and 284:
Page 285 and 286:
Page 287 and 288:
Page 289 and 290:
Page 291 and 292:
Page 293 and 294:
Page 295 and 296:
Page 297 and 298:
Page 299:
Page 302 and 303:
Page 304 and 305:
Page 306 and 307:
Page 308 and 309:
Page 310 and 311:
Page 312 and 313:
Page 314 and 315:
Page 316 and 317:
Page 318 and 319:
Page 320 and 321:
Page 322 and 323:
Page 324 and 325:
Page 326 and 327:
Page 328 and 329:
Page 330 and 331:
Page 333 and 334:
12 Data Access Security When you bu
Page 335 and 336:
Chapter 12: Data Access Security 29
Page 337 and 338:
Page 339 and 340:
Page 341 and 342:
Page 343 and 344:
Page 345 and 346:
Page 347 and 348:
Page 349 and 350:
Page 351 and 352:
Page 353 and 354:
Page 355 and 356:
Page 357 and 358:
Page 359 and 360:
Page 361 and 362:
Page 363 and 364:
Page 365 and 366:
Page 367 and 368:
Page 369 and 370:
Page 371 and 372:
13 Troubleshooting Security Issues
Page 373 and 374:
Chapter 13: Troubleshooting Securit
Page 375 and 376:
Page 377 and 378:
Page 379 and 380:
Page 381 and 382:
Page 383 and 384:
Page 385 and 386:
Page 387 and 388:
Page 389 and 390:
How To: Index ASP.NET Building Secu
Page 391 and 392:
How To: Create a Custom Account to
Page 393 and 394:
Page 395 and 396:
Page 397 and 398:
How To: Use Forms Authentication wi
Page 399 and 400:
Page 401 and 402:
Page 403 and 404:
Page 405 and 406:
Page 407 and 408:
Page 409 and 410:
Page 411 and 412:
Page 413 and 414:
Page 415 and 416:
Page 417 and 418:
How To: Create GenericPrincipal Obj
Page 419 and 420:
Page 421 and 422:
Page 423 and 424:
Page 425 and 426:
How To: Implement Kerberos Delegati
Page 427:
How To: Implement Kerberos Delegati
Page 430 and 431:
Page 432 and 433:
Page 434 and 435:
Page 436 and 437:
Page 438 and 439:
Page 440 and 441:
Page 442 and 443:
Page 444 and 445:
Page 446 and 447:
Page 449 and 450:
How To: Use DPAPI (Machine Store) f
Page 451 and 452:
Page 453 and 454:
Page 455 and 456:
How To: Use DPAPI (User Store) from
Page 457 and 458:
Page 459 and 460:
Page 461 and 462:
Page 463 and 464:
Page 465 and 466:
Page 467 and 468:
Page 469 and 470:
How To: Create an Encryption Librar
Page 471 and 472:
Page 473 and 474:
Page 475 and 476:
Page 477 and 478:
Page 479 and 480:
How To: Store an Encrypted Connecti
Page 481 and 482:
Page 483 and 484:
Page 485 and 486:
How To: Use Role-based Security wit
Page 487 and 488:
Page 489 and 490:
Page 491:
Page 494 and 495:
Page 496 and 497:
Page 498 and 499:
Page 500 and 501:
Page 502 and 503:
Page 504 and 505:
Page 506 and 507:
Page 508 and 509:
Page 510 and 511:
Page 512 and 513:
Page 514 and 515:
Page 516 and 517:
Page 518 and 519:
Page 520 and 521:
Page 522 and 523:
Page 525 and 526:
How To: Set Up Client Certificates
Page 527 and 528:
How To: Set Up Client Certificates
Page 529 and 530:
How To: Use IPSec to Provide Secure
Page 531 and 532:
Page 533 and 534:
Page 535 and 536:
Page 537 and 538:
Page 539 and 540:
How To: Use SSL to Secure Communica
Page 541 and 542:
Page 543 and 544:
Page 545 and 546:
Page 547:
Page 551 and 552:
Configuration Stores and Tools The
Page 553 and 554:
Configuration Stores and Tools 513
Page 555 and 556:
Configuration Stores and Tools 515
Page 557 and 558:
Reference Hub This section provides
Page 559 and 560:
Reference Hub 519 Key Notes ● ●
Page 561 and 562:
Reference Hub 521 ● ● HOW TO: A
Page 563 and 564:
Reference Hub 523 How Tos ● ● R
Page 565:
Reference Hub 525 ● ● Best Prac
Page 568 and 569:
Page 570 and 571:
Page 572 and 573:
Page 574 and 575:
Page 577 and 578:
ASP.NET Identity Matrix Principal o
Page 579:
ASP.NET Identity Matrix 539 Table 3
Page 582 and 583:
Page 584 and 585:
Page 586 and 587:
Page 589:
.NET Web Application Security The t
Page 592 and 593:
Page 594 and 595:
Page 596 and 597:
Page 598 and 599:
Page 600 and 601:
Page 602 and 603:
Page 604 and 605:
Page 606 and 607:
show all

Building Secure ASP.NET Applications - People Search Directory

Create successful ePaper yourself

Delete template?

Save as template?