Shulou(Shulou.com)06/02 Report--

This article is about what the ASP.NET security architecture looks like. The editor thinks it is very practical, so share it with you as a reference and follow the editor to have a look.

In developing Web programs, we can choose to implement security policies in our own way, or we can buy third-party security code and products, which are expensive anyway, but fortunately a security solution has been built into the. NET Framework.

ASP.NET and .NET Framework in conjunction with IIS provide an infrastructure for Web application security. One of its obvious advantages is that we no longer have to write our own security architecture, we can take advantage of the built-in features of the .NET security architecture, and the entire security architecture has stood the test and time.

The .NET security architecture contains a number of classes that handle authentication, authorization, role-based authorization, Impersonation, code access security, and a basic architecture for building custom solutions.

Here's how to start:

ASP.NET security architecture

The ASP.NET security architecture is divided into several key security processes: authentication, authorization, spoofing, and encryption provides the necessary functions. Take a look at some specific explanations:

◆ authentication-indicates who is revisiting our site

◆ authorization-who can operate and access which resources? Is the user who visits the site authorized to use the resources he requests?

◆ impersonation-what role are you going to fake? (note: counterfeiting is not a derogatory term, it is not what we often call counterfeit goods, because different user roles have different permissions, and if our current users cannot access a particular resource, we can imitate users who want to access specific resources, or rather imitate users who have access to specific resources. In short: user A wants to access C resources, but does not have permission. But user B can access it, so An and B discuss, and A will access it under the identity of B. Explain the details later)

Authentication

Authentication is the process of revealing the user's identity (note: the concept of identity we will talk about later, in short, the user's ID and name) and determining the authenticity of the identity. It is easy to understand, for example (you pay attention to some of the terms in the example): if we want to take part in a meeting, we will register and provide some of our documents, that is, the logo (indicating our identity). Once the logo is confirmed, we will get a conference pass, and we can attend the meeting with a pass.

And everyone in the meeting can know some information about us, such as our name and company, through our pass. Authentication is: once the identity is determined, we will get a token that can identify us, so that within a particular area, no matter where we are, our identity can be identified.

In ASP.NET, there are four authentication modes:

◆ Widows Authentication (Windows Authentication)

◆ Forms Authentication (Form Authentication)

◆ Passpot Authentication (Passport Authentication)

◆ Custom Authentication

For each authentication, the user needs to provide credentials when logging in. Once the identity is verified, the user will get an authentication token. In Forms authentication, the whole token is FormsAuthenticationTicket, and the entire token is placed in the cookie. Each time a resource is requested, the token will provide the user's identity information.

Thank you for reading! This is the end of this article on "what is the ASP.NET security architecture?". I hope the above content can be of some help to you, so that you can learn more knowledge. if you think the article is good, you can share it for more people to see!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.