Saturday, May 1, 2010

Security in ASP.NET

Following are the steps in which security can be enforced in ASP.NET

  1. Authentication
  2. Authorization
  3. Privacy or Confidentiality
  4. Data integrity
  5. Non-Repudation

Authentication is the process of validating the user credentials.
Authorization is the process of checking the access of the authenticated user for a resource.
Privacy is the process of ensuring the passed message over wire is not dropped
Data integrity is the process of ensuring the data is not hampered or modified while passing through the wire.
Non-repudiation ensures that the author of the message/data cannot disavow responsibility.


Authorization is the process of checking access of an identity. .NET allows 2 ways to authorize access to the resource.

  1. FileAuthorization
  2. URLAuthorization
FileAuthorization check access in access control list (ACL) of the ASP.NET page for the identity. ACL will have the access details for the users, and authorization happens by looking at ACL.

URLAuthentication allow or deny access to user or role based on the entry in the configuration file. Authorization section in the configuration file allow to add access detail for the user.




Reference:

http://www.c-sharpcorner.com/UploadFile/gsparamasivam/CryptEncryption11282005061028AM/CryptEncryption.aspx
Posted by at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)