Building Secure Microsoft® ASP.NET Applications
Building secure distributed Web applications can be challenging. It usually involves integrating several different technologies and products-yet your complete application will only be as secure as its weakest link. This guide presents a practical, scenario-driven approach to designing and building...
| Autor principal: | |
|---|---|
| Autor Corporativo: | |
| Formato: | Libro electrónico |
| Idioma: | Inglés |
| Publicado: |
Sebastopol :
Microsoft Press
2009.
|
| Edición: | 1st edition |
| Materias: | |
| Ver en Biblioteca Universitat Ramon Llull: | https://discovery.url.edu/permalink/34CSUC_URL/1im36ta/alma991009627914506719 |
Tabla de Contenidos:
- Building Secure Microsoft ASP.NET Applications: Authentication, Authorization, and Secure Communication; Preface; Who Should Read This Book?; How You Should Read This Book; Organization of this Book; Part II, Application Scenarios; Part III, Securing the Tiers; Part IV, Reference; System Requirements; Installing the Sample Files; Building Secure ASP.NET Applications-Online Version; Support; 1. Introduction; The Foundations; Authorization; Secure Communication; Tying the Technologies Together; Design Principles; Summary; 2. Security Model for ASP.NET Applications; Physical Deployment Models
- Remote Application TierImplementation Technologies; Security Architecture; Authentication; Enterprise Services Authentication; SQL Server Authentication; Authorization; Enterprise Services Authorization; SQL Server Authorization; Gatekeepers and Gates; Introducing .NET Framework Security; CAS and ASP.NET Web Applications; Principals and Identities; WindowsPrincipal and WindowsIdentity; GenericPrincipal and Associated Identity Objects; ASP.NET and HttpContext.User; More Information; Remoting and Web Services; Summary; 3. Authentication and Authorization Design; Choose an Authorization Strategy
- Choose the Identities Used for Resource AccessConsider Identity Flow; Choose an Authentication Approach; Decide How to Flow Identity; Authorization Approaches; Resource Based Authorization; Resource Access Models; The Trusted Subsystem Model; Using Multiple Trusted Identities; The Impersonation / Delegation Model; Choosing a Resource Access Model; Disadvantages of the Impersonation / Delegation Model; Advantages of the Trusted Subsystem Model; Disadvantages of the Trusted Subsystem Model; Flowing Identity; Impersonation and Delegation; Delegation; Role-Based Authorization
- .NET Roles with non-Windows AuthenticationCustom IPrincipal Objects; Enterprise Services (COM+) Roles; SQL Server User Defined Database Roles; SQL Server Application Roles; .NET Roles versus Enterprise Services (COM+) Roles; Using .NET Roles; Checking Role Membership; Role Checking Examples; Choosing an Authentication Mechanism; Advantages of Passport Authentication; More Information; Intranet / Extranet Scenarios; Authentication Mechanism Comparison; Summary; 4. Secure Communication; SSL/TLS; IPSec; RPC Encryption; Point to Point Security; Web Server to Remote Application Server
- Application Server to Database ServerChoosing Between IPSec and SSL; Farming and Load Balancing; Summary; 5. Intranet Security; Secure the Scenario; The Result; Security Configuration Steps; Configuring ASP.NET; Configuring SQL Server; Configuring Secure Communication; Analysis; Q&A; Related Scenarios; SQL Authentication to the Database; Flowing the Original Caller to the Database; ASP.NET to Enterprise Services to SQL Server; Secure the Scenario; The Result; Security Configuration Steps; Configuring ASP.NET; Configuring Enterprise Services; Configuring SQL Server
- Configuring Secure Communication
