1 / 76

Module – Deploying Your Site

Module – Deploying Your Site. Objectives. Web Application Security Overview Working with Windows Based Authentication and Securing Web site using Windows Based Authentication Working with Forms Based Authentication and Securing Web site using Forms Based Authentication

jolie
Download Presentation

Module – Deploying Your Site

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Module – Deploying Your Site

  2. Objectives Web Application Security Overview Working with Windows Based Authentication and Securing Web site using Windows Based Authentication Working with Forms Based Authentication and Securing Web site using Forms Based Authentication Overview of MS Passport Authentication Securing a MS ASP.NET Web Application Configuring an ASP.NET Web Application Deploying an ASP.NET Web Application

  3. Objectives (Cont…) Configuring, Optimizing and Deploying a MS ASP.NET Application Registering New Users Permitting Users to Sign Out

  4. Web Application Security Overview • Website Security – • Preventing unauthorized users NOT to access the portion of website or web store or web front Database. • This has certainly become a seemingly important aspect for ecommerce based websites, where customers confidential data such as personal information, credit card information that would be stored in the Database need to be thoroughly secured. • The security features of ASP.NET addresses the above, besides many other security issues, that are related.

  5. Web Application Security Overview (Cont…) • Microsoft’s ASP.NET, addresses these web security issues in combination with its Web server layer. • Microsoft Internet Information Server (MS IIS), where the user’s identification viz names and passwords that can be authenticated using – • Windows Based Authentication • Forms Based Authentication • Microsoft Passport Authentication Lets understand the scenario with the terms Authentication and Authorization

  6. Web Application Security Overview (Cont…) Authentication versus Authorization • The terms Authentication and Authorization seems to be synonyms for many of them, however they aren’t the same • The process of Authentication • identifies the users of the system whereas • The Authorization defines • the level of access the authenticated user has, to the systems and its resources. Note: In many host-based systems and client/server systems, both these Authentication and Authorization processes are performed by the same physical hardware and, in some cases, the same software.

  7. Working with Windows Based Authentication • ASP.NET uses Windows authentication in combination with its Web server layer Microsoft Internet Information Services (IIS) authentication. • This process can be performed by IIS using one of the following ways: • Basic • Digest or • Integrated Windows Authentication (default mechanism) • Once the above process is complete, ASP.NET uses the authenticated identity to authorize access.

  8. Working with Windows Based Authentication (Cont…) • To enable an authentication provider for an ASP.NET application, we need to create an entry for the application’s ‘web.config’ configuration file as follows: • <authentication mode= "[Windows]"/>

  9. Working with Windows Based Authentication (Cont…)

  10. Working with Windows Based Authentication (Cont…) • Click on Website menu and select ASP.net Configuration and click it

  11. Working with Windows Based Authentication (Cont…) • You will see the following screen

  12. Working with Windows Based Authentication (Cont…) • Click on security tab to create Users (for authentication) and Roles (to authorize an authenticated user)

  13. Working with Windows Based Authentication (Cont…) • Select ‘From Internet Option’ if the application is hosted on Internet to facilitate users from Internet or Select ‘From a local network’ if the application is hosted on intranet.

  14. Working with Windows Based Authentication (Cont…) • Users being ‘0’ initially, this is highlighted for your reference

  15. Working with Windows Based Authentication (Cont…) • Creating role, you need to enable the option

  16. Working with Windows Based Authentication (Cont…) • Existing roles being ‘0’ initially, this is highlighted for your reference

  17. Registering New User (ASP.NET Web Administration Tool) • Registering New Users –using ASP.NET Website Administration Tool

  18. Registering New User (ASP.NET Web Administration Tool) (Cont…) • Registering New Users –using ASP.NET Website Administration Tool (Cont…) • User created Successfully

  19. Registering New User (ASP.NET Web Administration Tool) Create or Managing Role… (Cont…) • Existing user is 1, highlighted for your reference

  20. Registering New User (ASP.NET Web Administration Tool) Create or Managing Role… (Cont…) • Creation of new role that can be managed later

  21. Registering New User (ASP.NET Web Administration Tool) Create or Managing Role… (Cont…) • Creating a New Role called ‘Power User’

  22. Registering New User (ASP.NET Web Administration Tool) Create or Managing Role… (Cont…) • Power User created that can be managed later using the manage link

  23. Registering New User (ASP.NET Web Administration Tool) Create or Managing Role… (Cont…) • Role is changed to 1 as a new role is defined and highlighted for your reference

  24. Registering New User (ASP.NET Web Administration Tool) Create or Managing Role… (Cont…) • Users can be managed

  25. Registering New User (ASP.NET Web Administration Tool) Create or Managing Role… (Cont…) • Initially all the users will be alphabetically arranged and a selection can be narrowed down if the number of users list grows

  26. Working with Windows Based Authentication • Adding a new item (Web form) in the solution explorer

  27. Working with Windows Based Authentication (Cont…) • A new web form called login.aspx is about to get created

  28. Working with Windows Based Authentication (Cont…) • A new web form called login.aspx is created and from the Login palette on the toolbox of the IDE, a login control is dragged and dropped on the web form (login.aspx)

  29. Working with Windows Based Authentication (Cont…) • Highlight the login control and click on the tiny little arrow to open a diglog box as shoen below to format the control to have a naet look-n-feel

  30. Working with Windows Based Authentication (Cont…) • Formatted login control on the login.aspx web form

  31. Working with Windows Based Authentication (Cont…) • Usage of other login controls such as ‘login view’ • On the default.aspx page, pull a login view control and place it

  32. Working with Windows Based Authentication (Cont…) • Usage of other login controls such as ‘login view’(Cont…) • On the default.aspx page, pull a login view control and place it • The login view control has the ability to show an anonymous user and a user who is already logged on

  33. Working with Windows Based Authentication (Cont…) • Usage of other login controls such as ‘login view’(Cont…) • On the default.aspx page, pull a login view control and place it (Cont…) • The login status control is a toggle control that toggles between login and log out (sign out)

  34. Working with Windows Based Authentication (Cont…) • Usage of other login controls such as ‘user name’ • On the default.aspx page, pull a user name control and place it • The username control has the ability to show a user who is already logged on

  35. Working with Windows Based Authentication (Cont…) • Running the application by hitting the F5 function key

  36. Working with Windows Based Authentication (Cont…) • About to get to run mode and display the web form

  37. Working with Windows Based Authentication (Cont…) • Run mode of login.aspx

  38. Working with Windows Based Authentication (Cont…) • Administrator is authenticated and the corresponding controls behave as per norms

  39. Working with Windows Based Authentication (Cont…) • User ‘Administrator’ NOT authenticated as a password was wrongly supplied to test the application

  40. Working with Forms Based Authentication • In Forms Based Authentication • unauthenticated requests will be re-directed to a HTML form using the client side redirection object. • If the user’s identity is authenticated, the process issues an authentication ticket in a cookie that contains the credentials or a key to re-acquire the identity. • All the requests hence forth are issued with the cookie in the request headers (that are authenticated) and will be authorized by an ASP.NET handler.

  41. Registering a new user using Forms Based Authentication • Create a new webform in the solution explorer and name it ‘createuser.aspx’

  42. Working with Forms Based Authentication (Cont…) • A control called createnewuserwizard is pulled from the login control pallete and placed on the webform called createuser.aspx

  43. Working with Forms Based Authentication (Cont…) • Adding a hyperlink control on the login window

  44. Working with Forms Based Authentication (Cont…) • Run mode of login.aspx to use the create new userwizard control

  45. Working with Forms Based Authentication (Cont…) • Run mode of createuser.aspx to use the createnewuserwizard control for signing up a new user

  46. Working with Forms Based Authentication (Cont…) • Corresponding entries are made

  47. Working with Forms Based Authentication (Cont…) • New user called New Horizons is added successfully using Forms Based Authentication

  48. Working with Forms Based Authentication (Cont…) • Users changed to 2

  49. Working with Forms Based Authentication (Cont…) • You can see a user called New Horizons while you hit the manage link

  50. Working with Forms Based Authentication (Cont…) • Click on the hyperlink alphabet to narrow down the search criteria

More Related