GridViewGuy

asp.netPRO “Best ASP.NET Host” – DiscountASP.NET

Categories
Advanced Articles (RSS)
Ajax (RSS)
Application Architecture (RSS)
ASP.NET 2.0 (RSS)
Asp.net 2.0 Data Access (RSS)
Asp.net Miscellaneous (RSS)
ASP.NET MVC Framework (RSS)
Blog (RSS)
Caching (RSS)
Client Side Development (RSS)
Datagrid, DataList and Repeator Control (RSS)
Developing Server Controls (RSS)
Email (RSS)
GridView Articles (RSS)
InfoPath & WSS (RSS)
LINQ, DLINQ and XLINQ (RSS)
ListView Articles (RSS)
Microsoft Application Blocks (RSS)
Network Functions (RSS)
Non Technical Articles (RSS)
OR Mapping (RSS)
Podcasts (RSS)
Security (RSS)
Silverlight (RSS)
State Management (RSS)
Test Driven Development (RSS)
T-SQL (RSS)
Videos (RSS)
Visual C#.NET (RSS)
WCF (RSS)
Web Services (RSS)
Windows PowerShell (RSS)
Windows Workflow (RSS)

Security in ASP.Net Sites
By PIYALI SENGUPTA Views: 2062
Security in ASP.Net Sites Introduction For mainstream web applications, the basic tasks for implementing security involve: · Authentication: It is the process of discovering a user’s identity and ensuring the authenticity of this identity. It determines who is working with your application. In ASP.Net application authentication is implemented through one of the four authentication system— 1. Windows Authentication 2. Forms Authentication 3. Passport Authentication 4. Custom Authentication · Authorization: It is process using which your application decides which operation the user may execute and which resources the user may access. · Confidentiality: This is the process of encrypting the channel between the client’s browser and the web server. In some applications, you need to encrypt the data in the backend (credit card number etc.) also. · Integrity: This ensures that the data transmitted between the client and the server is not changed by unauthorized users. Digital signature provides this. In this article we will discuss Forms Authentication and Authorization and IIS and Secure Sockets Layer. Basic Forms Authentication ASP.Net 1.0 and 1.1 had a straightforward method of authenticating users. Forms authentication involved editing the Web.Config file and adding a login page with appropriate authentication code. Our first example explains one such simple login example. The Web.Config file is edited to force authentication and looks like: <configuration> <appSettings/> <connectionStrings/> <system.web> <authentication mode="Forms"> <forms loginUrl ="login.aspx"/> </authentication> <authorization> <deny users="?"/> </authorization> </system.web> </configuration> In our simple application the username and the password is hardcoded in the application. The login.aspx page has the following functions inside <script/> tag. protected bool authenticate(String uname, String pass) { if(uname == "Tom") { if(pass == "tom123") return true; } if(uname == "Dick") { if(pass == "dick123") return true; } if(uname == "Harry") { if(pass == "har123") return true; } return false; } public void OnLogin(Object src, EventArgs e) { if (authenticate(txtuser.Text, txtpwd.Text)) { FormsAuthentication.RedirectFromLoginPage(txtuser.Text, chkrem.Checked); } else { Response.Write("Invalid login: Check the User Name and Password"); } } When you run the program the login page appears On clicking the login page it takes you to the default.aspx The above example is simple and shows you the basic of a login page. ASP.Net includes a great deal of support for authentication. Most of it comes fro the FormsAuthentication class. In the above code snippet we used it: FormsAuthentication.RedirectFromLoginPage(txtuser.Text, chkrem.Checked); This method is used to issue an authentication cookie and render the originally requested page i.e. default.aspx. Creating Users and Roles In a real application you would require to assign user identities to different clients visiting your site. For his ASP.Net and Visual Studio provides facilities for managing user identities and roles. In our second example we will look into this aspect. You can download the project files for the entire application. Let me take you to a tour of ASP.Net’s administration tools using which you can create users and roles as well as assign the users some roles. The Web.Config file is not required to be edited manually. The user profiles are stored inside your application’s APP_DATA folder, using the selected provider. Follow the steps: 1. Go to the ASP.Net Administration Tool by selecting Website\|ASP.Net Configuration from the main menu of the website. Go to the Security tab. First click on the Select authentication type link and select From the internet as the access method. This will make your site use Forms Authentication. 2. Select the Enable Roles and then select Create or manage roles. In our example, we have created three roles. 3. You can add some users and assign them some roles At this stage your web.config looks like the following: <configuration> <system.web> <authorization> <deny users="?" /> </authorization> <roleManager enabled="true" /> </system.web> </configuration> 4. click on Create Access Rules link to authenticate your user authorize your users individually to use some part of the site.