Building Secure ASP.NET Applications - People Search Directory

More documents

Recommendations

Info

376 Building Secure ASP.NET Applications 7. Return to the Logon Web page, re-enter the password, and then click Logon. You should see the message “Logon successful: User is authenticated.” 8. Now enter an invalid password (leaving the user name the same). You should see the message “Invalid username or password.” 9. Close Internet Explorer. Additional Resources For more information, see the following: ● ● ● “How To: Use DPAPI (Machine Store) from ASP.NET” “How To: Use Forms Authentication with GenericPrincipal Objects” “SQL Injection Attacks” in Chapter 12, “Data Access Security”
How To: Create GenericPrincipal Objects with Forms Authentication Applications that use Forms authentication will often want to use the GenericPrincipal class (in conjunction with the FormsIdentity class), to create a non-Windows specific authorization scheme, independent of a Windows domain. For example, an application may: ● Use Forms authentication to obtain user credentials (user name and password). ● Validate the supplied credentials against a data store; for example, a database or Microsoft® Active Directory® directory service. ● Create GenericPrincipal and FormsIdentity objects based on values retrieved from the data store. These may include a user’s role membership details. ● Use these objects to make authorization decisions. This How To describes how to create a Forms-based Web application that authenticates users and creates a custom Forms authentication ticket that contains user and role information. It also shows you how to map this information into GenericPrincipal and FormsIdentity objects and associate the new objects with the HTTP Web request context, allowing them to be used for authorization logic within your application. This How To focuses on the construction of the GenericPrincipal and FormsIdentity objects together with the processing of the forms authentication ticket. For details about how to authenticate users against Active Directory and SQL Server 2000, see the following related How Tos in the Reference section of this guide: ● “How to use Forms authentication with Active Directory” ● “How to use Forms authentication with SQL Server 2000”
Page 1 and 2:
Building Secure ASP.NET Application
Page 3 and 4:
Contents About This Book Summary .
Page 5 and 6:
Contents v Role-Based Authorization
Page 7 and 8:
Contents vii Chapter 7 Internet Sec
Page 9 and 10:
Contents ix Configuring Security .
Page 11 and 12:
Contents xi Accessing System Resour
Page 13 and 14:
Contents xiii Troubleshooting Tools
Page 15 and 16:
Contents xv How To: Create a DPAPI
Page 17 and 18:
Contents xvii 6. Export the Client
Page 19 and 20:
Contents xix Reference Hub 517 Sear
Page 21 and 22:
About This Book Summary This guide
Page 23 and 24:
About This Book xxiii Who Should Re
Page 25:
About This Book xxv ● ● ● Spe
Page 28 and 29:
xxviii Building Secure ASP.NET Appl
Page 30 and 31:
xxx Building Secure ASP.NET Applica
Page 32 and 33:
xxxii Building Secure ASP.NET Appli
Page 34 and 35:
xxxiv Building Secure ASP.NET Appli
Page 36 and 37:
xxxvi Building Secure ASP.NET Appli
Page 38 and 39:
xxxviiiBuilding Secure ASP.NET Appl
Page 40 and 41:
xl Building Secure ASP.NET Applicat
Page 42 and 43:
2 Building Secure ASP.NET Applicati
Page 44 and 45:
Page 46 and 47:
Page 49 and 50:
2 Security Model for ASP.NET Applic
Page 51 and 52:
Chapter 2: Security Model for ASP.N
Page 53 and 54:
Page 55 and 56:
Page 57 and 58:
Page 59 and 60:
Page 61 and 62:
Page 63 and 64:
Page 65 and 66:
Page 67:
Page 70 and 71:
30 Building Secure ASP.NET Applicat
Page 72 and 73:
Page 74 and 75:
Page 76 and 77:
Page 78 and 79:
Page 80 and 81:
Page 82 and 83:
Page 84 and 85:
Page 86 and 87:
Page 88 and 89:
Page 90 and 91:
Page 92 and 93:
Page 94 and 95:
Page 96 and 97:
Page 98 and 99:
Page 100 and 101:
Page 102 and 103:
Page 104 and 105:
Page 106 and 107:
Page 108 and 109:
Page 110 and 111:
Page 112 and 113:
Page 114 and 115:
Page 116 and 117:
Page 118 and 119:
Page 120 and 121:
Page 122 and 123:
Page 124 and 125:
Page 126 and 127:
Page 128 and 129:
Page 130 and 131:
Page 132 and 133:
Page 134 and 135:
Page 136 and 137:
Page 138 and 139:
Page 140 and 141:
100 Building Secure ASP.NET Applica
Page 143 and 144:
6 Extranet Security Extranet applic
Page 145 and 146:
Chapter 6: Extranet Security 105 Se
Page 147 and 148:
Chapter 6: Extranet Security 107
Page 149 and 150:
Chapter 6: Extranet Security 109 Co
Page 151 and 152:
Chapter 6: Extranet Security 111 Re
Page 153 and 154:
Chapter 6: Extranet Security 113 Th
Page 155 and 156:
Chapter 6: Extranet Security 115 Co
Page 157:
Chapter 6: Extranet Security 117 Pi
Page 160 and 161:
Page 162 and 163:
Page 164 and 165:
Page 166 and 167:
Page 168 and 169:
Page 170 and 171:
Page 172 and 173:
Page 174 and 175:
Page 176 and 177:
Page 178 and 179:
Page 180 and 181:
Page 182 and 183:
Page 184 and 185:
Page 186 and 187:
Page 188 and 189:
Page 190 and 191:
Page 192 and 193:
Page 194 and 195:
Page 196 and 197:
Page 198 and 199:
Page 200 and 201:
Page 202 and 203:
Page 204 and 205:
Page 206 and 207:
Page 208 and 209:
Page 210 and 211:
Page 212 and 213:
Page 214 and 215:
Page 216 and 217:
Page 218 and 219:
Page 220 and 221:
Page 222 and 223:
Page 224 and 225:
Page 226 and 227:
Page 228 and 229:
Page 230 and 231:
Page 232 and 233:
Page 235 and 236:
9 Enterprise Services Security Trad
Page 237 and 238:
Chapter 9: Enterprise Services Secu
Page 239 and 240:
Page 241 and 242:
Page 243 and 244:
Page 245 and 246:
Page 247 and 248:
Page 249 and 250:
Page 251 and 252:
Page 253 and 254:
Page 255 and 256:
Page 257 and 258:
Page 259 and 260:
Page 261 and 262:
Page 263 and 264:
Page 265 and 266:
Page 267 and 268:
10 Web Services Security This chapt
Page 269 and 270:
Chapter 10: Web Services Security 2
Page 271 and 272:
Page 273 and 274:
Page 275 and 276:
Page 277 and 278:
Page 279 and 280:
Page 281 and 282:
Page 283 and 284:
Page 285 and 286:
Page 287 and 288:
Page 289 and 290:
Page 291 and 292:
Page 293 and 294:
Page 295 and 296:
Page 297 and 298:
Page 299:
Page 302 and 303:
Page 304 and 305:
Page 306 and 307:
Page 308 and 309:
Page 310 and 311:
Page 312 and 313:
Page 314 and 315:
Page 316 and 317:
Page 318 and 319:
Page 320 and 321:
Page 322 and 323:
Page 324 and 325:
Page 326 and 327:
Page 328 and 329:
Page 330 and 331:
Page 333 and 334:
12 Data Access Security When you bu
Page 335 and 336:
Chapter 12: Data Access Security 29
Page 337 and 338:
Page 339 and 340:
Page 341 and 342:
Page 343 and 344:
Page 345 and 346:
Page 347 and 348:
Page 349 and 350:
Page 351 and 352:
Page 353 and 354:
Page 355 and 356:
Page 357 and 358:
Page 359 and 360:
Page 361 and 362:
Page 363 and 364:
Page 365 and 366: Chapter 12: Data Access Security 32
Page 371 and 372: 13 Troubleshooting Security Issues
Page 373 and 374: Chapter 13: Troubleshooting Securit
Page 389 and 390: How To: Index ASP.NET Building Secu
Page 391 and 392: How To: Create a Custom Account to
Page 397 and 398: How To: Use Forms Authentication wi
Page 415: How To: Use Forms Authentication wi
Page 419 and 420: How To: Create GenericPrincipal Obj
Page 425 and 426: How To: Implement Kerberos Delegati
Page 427: How To: Implement Kerberos Delegati
Page 430 and 431: 390 Building Secure ASP.NET Applica
Page 449 and 450: How To: Use DPAPI (Machine Store) f
Page 455 and 456: How To: Use DPAPI (User Store) from
Page 467 and 468:
How To: Use DPAPI (User Store) from
Page 469 and 470:
How To: Create an Encryption Librar
Page 471 and 472:
Page 473 and 474:
Page 475 and 476:
Page 477 and 478:
Page 479 and 480:
How To: Store an Encrypted Connecti
Page 481 and 482:
Page 483 and 484:
Page 485 and 486:
How To: Use Role-based Security wit
Page 487 and 488:
Page 489 and 490:
Page 491:
Page 494 and 495:
Page 496 and 497:
Page 498 and 499:
Page 500 and 501:
Page 502 and 503:
Page 504 and 505:
Page 506 and 507:
Page 508 and 509:
Page 510 and 511:
Page 512 and 513:
Page 514 and 515:
Page 516 and 517:
Page 518 and 519:
Page 520 and 521:
Page 522 and 523:
Page 525 and 526:
How To: Set Up Client Certificates
Page 527 and 528:
How To: Set Up Client Certificates
Page 529 and 530:
How To: Use IPSec to Provide Secure
Page 531 and 532:
Page 533 and 534:
Page 535 and 536:
Page 537 and 538:
Page 539 and 540:
How To: Use SSL to Secure Communica
Page 541 and 542:
Page 543 and 544:
Page 545 and 546:
Page 547:
Page 551 and 552:
Configuration Stores and Tools The
Page 553 and 554:
Configuration Stores and Tools 513
Page 555 and 556:
Configuration Stores and Tools 515
Page 557 and 558:
Reference Hub This section provides
Page 559 and 560:
Reference Hub 519 Key Notes ● ●
Page 561 and 562:
Reference Hub 521 ● ● HOW TO: A
Page 563 and 564:
Reference Hub 523 How Tos ● ● R
Page 565:
Reference Hub 525 ● ● Best Prac
Page 568 and 569:
Page 570 and 571:
Page 572 and 573:
Page 574 and 575:
Page 577 and 578:
ASP.NET Identity Matrix Principal o
Page 579:
ASP.NET Identity Matrix 539 Table 3
Page 582 and 583:
Page 584 and 585:
Page 586 and 587:
Page 589:
.NET Web Application Security The t
Page 592 and 593:
Page 594 and 595:
Page 596 and 597:
Page 598 and 599:
Page 600 and 601:
Page 602 and 603:
Page 604 and 605:
Page 606 and 607:
show all

Building Secure ASP.NET Applications - People Search Directory

Create successful ePaper yourself

Delete template?

Save as template?