1 / 14

Security

Security. In your webSite. Introducing Scurity. Who are you? How Can you Prove that? What are you allowed to do in the system?. Identity :Who are you?. An identity is what makes you, YOU An identity depends upon the context in which it is used

hanzila
Download Presentation

Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Security In your webSite

  2. Introducing Scurity • Who are you? • How Can you Prove that? • What are you allowed to do in the system?

  3. Identity :Who are you? • An identity is what makes you,YOU • An identity depends upon the context in which it is used • No matter what you include in your identity,it is a way to refer to you , But how does anyone else know you? And how can they be sure it’s really you when you log on to a web site, for example? This is where authenticationenters the game.

  4. Authentication • How can you prove ,who are you.?We would use user name and password for authentication

  5. Authorization(what are you allowed to do) • Depending on who you are, a system grants you more or fewer privileges to access certain areas. • To determine what a user is allowed to do, a system needs to know two things: the permissions for the current user and the authorization rules for the resource a user is trying to access

  6. ASP.NET APPLICATION SERVICES • Membership: Enables you to manage and work with user accounts in your system. • Roles: Enables you to manage the roles that your users can be assigned to. • Profile: Enables you to store user-specific data in a back-end database.

  7. Difference between authentication and authorization • Authentication is all about proving your identity to a system like a web site. After you have been authenticated, authorization then determines what you can and cannot do in the system.

  8. LOGIN CONTROLS • The available login controls effectively encapsulate all the code and logic you need to validate and manage users. These controls work by communicating with the configured provider through the Application services, instead of talking to a database directly • the Login control enables a user to log in to the site. control talks to the configured membership provider through the application services to see if the user name and password represent a valid user in the system. If the user is validated, a cookie is issued that is sent to the user’s browser. On subsequent requests the browser resubmits the cookie to the server so the system knows it’s still dealing with a valid user. The different settings for the membership provider are all configured in the <membership /> element of the web.config file.

  9. Loginin control (continued) The authentication mechanism of ASP.NET by default assumes you have a page called Login.aspx in the root of your site that is used to let users log in. To be functional, the minimum that this page requires is a Login control. If you want to use a different page, you can specify its path in the <forms /> element under <authentication /> like this: <authentication mode=”Forms”> <forms loginUrl=”MyLoginPage.aspx” /> </authentication>

  10. How to redirect the user • If you want to redirect all users to the same page, all you need to set is the DestinationPageUrl: <asp:Login ID=”Login1” runat=”server” DestinationPageUrl=”~/MyProfile.aspx”> When a user is logged in successfully, she’s taken to MyProfile.aspx automatically.

  11. LogininView Control • The LoginView is a handy control that lets you display different data to different users. It enables you to differentiate between anonymous and logged-in users, and you can even differentiate between users in different roles. The LoginView is template driven and as such lets you define different templates that are shown to different users.

  12. LoginStatus Control • LoginStatus control provides information about the current status of the user. It provides a Login link when the user is not authenticated and a Logout link when the user is already logged in. You control the actual text being displayed by setting the LoginText and LogoutText properties. Alternatively, you can set the LoginImageUrland LogoutImageUrlproperties to display an image instead of text. Finally, you can set the LogoutAction property to determine whether the current page refreshes if the user logs out, or whether the user is taken to another page after logging out. You determine this destination page by setting the LogoutPageUrl.

  13. Diff between loginView and LoginStatus Control • The LoginStatus simply displays a simple text that indicates whether or not the user is logged in.Bydefault the text that is displayed is Login when the user is currently not logged in, and Logout when the user is already logged in. Clicking the link either sends the user to the default Login page,orlogs the user out. • The LoginView is somewhat similar in that it displays different content depending on whether the user is currently logged in. However, because the control is completely template driven, you can fully control the content that is displayed. To enable you to differentiate between different user roles, you can use the RoleGroups element to set up templates that are only shown to users in specific roles.

More Related