Building Secure ASP.NET Applications - People Search Directory

More documents

Recommendations

Info

364 How To: Use Forms Authentication with Active <strong>Directory</strong> // Add the cookie to the outgoing cookies collection. Response.Cookies.Add(authCookie); // Redirect the user to the originally requested page Response.Redirect( FormsAuthentication.GetRedirectUrl(txtUserName.Text, false)); } else { lblError.Text = "Authentication failed, check username and password."; } } catch(Exception ex) { lblError.Text = "Error authenticating. " + ex.Message; } 6. Implement an Authentication Request Handler to Construct a GenericPrincipal Object This procedure implements the Application_AuthenticateRequest event handler within global.asax and creates a GenericPrincipal object for the currently authenticated user. This will contain the list of groups that the user is a member of, retrieved from the FormsAuthenticationTicket contained in the authentication cookie. Finally, you will associate the GenericPrincipal object with the current HttpContext object that is created for each Web request. To implement an authentication request handler to construct a GenericPricipal object 1. Use Solution Explorer to open global.asax.cs. 2. Add the following using statements to the top of the file. using System.Web.Security; using System.Security.Principal; 3. Locate the Application_AuthenticateRequest event handler and add the following code to obtain the cookie that contains the encrypted FormsAuthenticationTicket, from the cookie collection passed with the request. // Extract the forms authentication cookie string cookieName = FormsAuthentication.FormsCookieName; HttpCookie authCookie = Context.Request.Cookies[cookieName]; if(null == authCookie) {
How To: Use Forms Authentication with Active <strong>Directory</strong> 365 } // There is no authentication cookie. return; 4. Add the following code to extract and decrypt the FormsAuthenticationTicket from the cookie. FormsAuthenticationTicket authTicket = null; try { authTicket = FormsAuthentication.Decrypt(authCookie.Value); } catch(Exception ex) { // Log exception details (omitted for simplicity) return; } if (null == authTicket) { // Cookie failed to decrypt. return; } 5. Add the following code to parse out the pipe separate list of group names attached to the ticket when the user was originally authenticated. // When the ticket was created, the UserData property was assigned a // pipe delimited string of group names. String[] groups = authTicket.UserData.Split(new char[]{'|'}); 6. Add the following code to create a GenericIdentity object with the user name obtained from the ticket name and a GenericPrincipal object that contains this identity together with the user’s group list. // Create an Identity object GenericIdentity id = new GenericIdentity(authTicket.Name, "LdapAuthentication"); // This principal will flow throughout the request. GenericPrincipal principal = new GenericPrincipal(id, groups); // Attach the new principal object to the current HttpContext object Context.User = principal;
Page 1 and 2:
Building Secure ASP.NET Application
Page 3 and 4:
Contents About This Book Summary .
Page 5 and 6:
Contents v Role-Based Authorization
Page 7 and 8:
Contents vii Chapter 7 Internet Sec
Page 9 and 10:
Contents ix Configuring Security .
Page 11 and 12:
Contents xi Accessing System Resour
Page 13 and 14:
Contents xiii Troubleshooting Tools
Page 15 and 16:
Contents xv How To: Create a DPAPI
Page 17 and 18:
Contents xvii 6. Export the Client
Page 19 and 20:
Contents xix Reference Hub 517 Sear
Page 21 and 22:
About This Book Summary This guide
Page 23 and 24:
About This Book xxiii Who Should Re
Page 25:
About This Book xxv ● ● ● Spe
Page 28 and 29:
xxviii Building Secure ASP.NET Appl
Page 30 and 31:
xxx Building Secure ASP.NET Applica
Page 32 and 33:
xxxii Building Secure ASP.NET Appli
Page 34 and 35:
xxxiv Building Secure ASP.NET Appli
Page 36 and 37:
xxxvi Building Secure ASP.NET Appli
Page 38 and 39:
xxxviiiBuilding Secure ASP.NET Appl
Page 40 and 41:
xl Building Secure ASP.NET Applicat
Page 42 and 43:
2 Building Secure ASP.NET Applicati
Page 44 and 45:
Page 46 and 47:
Page 49 and 50:
2 Security Model for ASP.NET Applic
Page 51 and 52:
Chapter 2: Security Model for ASP.N
Page 53 and 54:
Page 55 and 56:
Page 57 and 58:
Page 59 and 60:
Page 61 and 62:
Page 63 and 64:
Page 65 and 66:
Page 67:
Page 70 and 71:
30 Building Secure ASP.NET Applicat
Page 72 and 73:
Page 74 and 75:
Page 76 and 77:
Page 78 and 79:
Page 80 and 81:
Page 82 and 83:
Page 84 and 85:
Page 86 and 87:
Page 88 and 89:
Page 90 and 91:
Page 92 and 93:
Page 94 and 95:
Page 96 and 97:
Page 98 and 99:
Page 100 and 101:
Page 102 and 103:
Page 104 and 105:
Page 106 and 107:
Page 108 and 109:
Page 110 and 111:
Page 112 and 113:
Page 114 and 115:
Page 116 and 117:
Page 118 and 119:
Page 120 and 121:
Page 122 and 123:
Page 124 and 125:
Page 126 and 127:
Page 128 and 129:
Page 130 and 131:
Page 132 and 133:
Page 134 and 135:
Page 136 and 137:
Page 138 and 139:
Page 140 and 141:
100 Building Secure ASP.NET Applica
Page 143 and 144:
6 Extranet Security Extranet applic
Page 145 and 146:
Chapter 6: Extranet Security 105 Se
Page 147 and 148:
Chapter 6: Extranet Security 107
Page 149 and 150:
Chapter 6: Extranet Security 109 Co
Page 151 and 152:
Chapter 6: Extranet Security 111 Re
Page 153 and 154:
Chapter 6: Extranet Security 113 Th
Page 155 and 156:
Chapter 6: Extranet Security 115 Co
Page 157:
Chapter 6: Extranet Security 117 Pi
Page 160 and 161:
Page 162 and 163:
Page 164 and 165:
Page 166 and 167:
Page 168 and 169:
Page 170 and 171:
Page 172 and 173:
Page 174 and 175:
Page 176 and 177:
Page 178 and 179:
Page 180 and 181:
Page 182 and 183:
Page 184 and 185:
Page 186 and 187:
Page 188 and 189:
Page 190 and 191:
Page 192 and 193:
Page 194 and 195:
Page 196 and 197:
Page 198 and 199:
Page 200 and 201:
Page 202 and 203:
Page 204 and 205:
Page 206 and 207:
Page 208 and 209:
Page 210 and 211:
Page 212 and 213:
Page 214 and 215:
Page 216 and 217:
Page 218 and 219:
Page 220 and 221:
Page 222 and 223:
Page 224 and 225:
Page 226 and 227:
Page 228 and 229:
Page 230 and 231:
Page 232 and 233:
Page 235 and 236:
9 Enterprise Services Security Trad
Page 237 and 238:
Chapter 9: Enterprise Services Secu
Page 239 and 240:
Page 241 and 242:
Page 243 and 244:
Page 245 and 246:
Page 247 and 248:
Page 249 and 250:
Page 251 and 252:
Page 253 and 254:
Page 255 and 256:
Page 257 and 258:
Page 259 and 260:
Page 261 and 262:
Page 263 and 264:
Page 265 and 266:
Page 267 and 268:
10 Web Services Security This chapt
Page 269 and 270:
Chapter 10: Web Services Security 2
Page 271 and 272:
Page 273 and 274:
Page 275 and 276:
Page 277 and 278:
Page 279 and 280:
Page 281 and 282:
Page 283 and 284:
Page 285 and 286:
Page 287 and 288:
Page 289 and 290:
Page 291 and 292:
Page 293 and 294:
Page 295 and 296:
Page 297 and 298:
Page 299:
Page 302 and 303:
Page 304 and 305:
Page 306 and 307:
Page 308 and 309:
Page 310 and 311:
Page 312 and 313:
Page 314 and 315:
Page 316 and 317:
Page 318 and 319:
Page 320 and 321:
Page 322 and 323:
Page 324 and 325:
Page 326 and 327:
Page 328 and 329:
Page 330 and 331:
Page 333 and 334:
12 Data Access Security When you bu
Page 335 and 336:
Chapter 12: Data Access Security 29
Page 337 and 338:
Page 339 and 340:
Page 341 and 342:
Page 343 and 344:
Page 345 and 346:
Page 347 and 348:
Page 349 and 350:
Page 351 and 352:
Page 353 and 354: Chapter 12: Data Access Security 31
Page 371 and 372: 13 Troubleshooting Security Issues
Page 373 and 374: Chapter 13: Troubleshooting Securit
Page 389 and 390: How To: Index ASP.NET Building Secu
Page 391 and 392: How To: Create a Custom Account to
Page 397 and 398: How To: Use Forms Authentication wi
Page 403: How To: Use Forms Authentication wi
Page 417 and 418: How To: Create GenericPrincipal Obj
Page 425 and 426: How To: Implement Kerberos Delegati
Page 427: How To: Implement Kerberos Delegati
Page 430 and 431: 390 Building Secure ASP.NET Applica
Page 449 and 450: How To: Use DPAPI (Machine Store) f
Page 455 and 456:
How To: Use DPAPI (User Store) from
Page 457 and 458:
Page 459 and 460:
Page 461 and 462:
Page 463 and 464:
Page 465 and 466:
Page 467 and 468:
Page 469 and 470:
How To: Create an Encryption Librar
Page 471 and 472:
Page 473 and 474:
Page 475 and 476:
Page 477 and 478:
Page 479 and 480:
How To: Store an Encrypted Connecti
Page 481 and 482:
Page 483 and 484:
Page 485 and 486:
How To: Use Role-based Security wit
Page 487 and 488:
Page 489 and 490:
Page 491:
Page 494 and 495:
Page 496 and 497:
Page 498 and 499:
Page 500 and 501:
Page 502 and 503:
Page 504 and 505:
Page 506 and 507:
Page 508 and 509:
Page 510 and 511:
Page 512 and 513:
Page 514 and 515:
Page 516 and 517:
Page 518 and 519:
Page 520 and 521:
Page 522 and 523:
Page 525 and 526:
How To: Set Up Client Certificates
Page 527 and 528:
How To: Set Up Client Certificates
Page 529 and 530:
How To: Use IPSec to Provide Secure
Page 531 and 532:
Page 533 and 534:
Page 535 and 536:
Page 537 and 538:
Page 539 and 540:
How To: Use SSL to Secure Communica
Page 541 and 542:
Page 543 and 544:
Page 545 and 546:
Page 547:
Page 551 and 552:
Configuration Stores and Tools The
Page 553 and 554:
Configuration Stores and Tools 513
Page 555 and 556:
Configuration Stores and Tools 515
Page 557 and 558:
Reference Hub This section provides
Page 559 and 560:
Reference Hub 519 Key Notes ● ●
Page 561 and 562:
Reference Hub 521 ● ● HOW TO: A
Page 563 and 564:
Reference Hub 523 How Tos ● ● R
Page 565:
Reference Hub 525 ● ● Best Prac
Page 568 and 569:
Page 570 and 571:
Page 572 and 573:
Page 574 and 575:
Page 577 and 578:
ASP.NET Identity Matrix Principal o
Page 579:
ASP.NET Identity Matrix 539 Table 3
Page 582 and 583:
Page 584 and 585:
Page 586 and 587:
Page 589:
.NET Web Application Security The t
Page 592 and 593:
Page 594 and 595:
Page 596 and 597:
Page 598 and 599:
Page 600 and 601:
Page 602 and 603:
Page 604 and 605:
Page 606 and 607:
show all

Building Secure ASP.NET Applications - People Search Directory

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?