SlideShare a Scribd company logo

Authorization in asp

OPENLANE
OPENLANE
EducationTechnology
1 of 12
Authorization in ASP.NET: Authorization is a process in which you decide whether an authenticated user is allowed to access certain page or resource. E.g. operators may not be allowed to view certain confidential financial information that managers can view. ASP.NET Authorization The purpose of authorization is to determine whether an identity should be granted the requested type of access to a given resource. There are two fundamental ways to authorize access to a given resource: File authorization File authorization is performed by the FileAuthorizationModule, and is active when you use Windows authentication. It does an ACL check to determine whether a user should have access. Applications can further use impersonation to get resource checks on resources that they are accessing.. URL authorization URL authorization is performed by the URLAuthorizationModule, which maps users and roles to pieces of the URI namespace. This module implements both positive and negative authorization assertions. That is, the module can be used to selectively allow or deny access to arbitrary parts of the URI namespace for certain sets, users, or roles. The URLAuthorizationModule is available for use at any time. You only need to place a list of users and/or roles in the <allow> or <deny> elements of the <authorization> section of a configuration file. To establish the conditions for access to a particular directory, you must place a configuration file that contains an <authorization> section in that directory. The conditions set for that directory also apply to its subdirectories, unless configuration files in a subdirectory override them. The general syntax for this section is as follows: <[element] [users] [roles] [verbs] /> The element is required. Either the users or the roles attribute must be included. Both can be included, but both are not required. The verbs attribute is optional. The permissible elements are <allow> and <deny>, which grant and revoke access, respectively. Each element supports three attributes, which are defined in the following table. Attribute Description Mr. Pritesh N. Patel Page 1
Roles Identifies a targeted role for this element. The associated IPrincipal object for the request determines the role membership. You can attach arbitrary IPrincipal objects to the context for a given request and they can determine role membership in whatever fashion you like. For example, the default WindowsPrincipal class uses Windows NT groups to determine role membership. Users Identifies the targeted identities for this element. Verbs Defines the HTTP verbs to which the action applies, such as GET, HEAD, or POST. Anonymous users are also denied. The following example grants access to Mary, while denying it to John: <authorization> <allow users="Mary"/> <deny users="John" /> <deny users="?" /> </authorization> Both users and roles can refer to multiple entities by using a comma- separated list such as the following: <allow users="John, Mary, redmondbar" /> Notice that the domain account [redmondbar] must include both the domain and user name combination. In addition to identity names, there are two special identities, as shown in the following table. Identity Description * Refers to all identities ? Refers to the anonymous identity To allow John and deny everyone else, one might construct the following configuration section: <authorization> <allow users="John" /> <deny users="*" /> </authorization> Mr. Pritesh N. Patel Page 2
The following example lets everyone do a GET, but only Mary can use POST: <authorization> <allow verb="GET" users="*" /> <allow verb="POST" users="Mary" /> <deny verb="POST" users="*" /> </authorization> Rules are applied using the following heuristics: Rules at lower levels take precedence over rules at higher levels. The system determines which rule takes precedence by constructing a merged list of all rules for a URL, with the most recent (nearest in the hierarchy) rules at the head of the list. Given a set of merged rules for a URL, the system starts at the head of the list and checks rules until the first match is found. Note that the default configuration for ASP.NET contains an <allow users="*"> element, which authorizes all users. If no rules match, the request is allowed unless otherwise denied. If a match is found and the match is a <deny> element, it returns 401. Applications or sites can easily configure a <deny users="*"> element at the top level of their site or application to prevent this behavior. If an <allow> matches, the module does nothing and lets the request be processed further. There is also a <location> tag that you can use to specify a particular file or directory to which settings wrapped by that tag (between <location> and </location> tags) should apply. Windows Authentication in ASP.NET (Authentication Systems) Introduction Security is an important consideration in your web applications. Securing a web application consists of two steps:  Authenticating the user accessing the page  Authorizing the user to access the page Authentication is a process of determining whether a user is the one who he claims to be. Typically this will be determined with the help of user id and password. ASP.NET offers various ways to authenticate and authorize users of your web site. They are:  Windows authentication  Forms authentication (cookie authentication) Mr. Pritesh N. Patel Page 3
 Passport authentication [1] Windows Authentication Windows authentication scheme uses traditional mechanisms of Basic, NTLM/Kerberose and Digest authentication. Here IIS uses the credentials of logged in user are used to authenticate web requests. In case integrated windows authentication is turned off a typical gray colored dialog pops up asking for user id and password. Steps involved in implementing windows authentication and authorization  Create a ASP.NET web application  Modify web.config to set authentication mode to windows  Modify web.config to deny access to anonymous users  Authorize users based on their NT user groups (roles) [2] Forms authentication in ASP.NET Introduction Many times we use some kind of custom authentication mechanism for our web sites. The most common way to authenticate visitors of your site is by accepting user id and password from then which are then validated against a database table. ASP.NET provides a very easy way to implement such mechanism via forms authentication. Forms based authentication is also referred to as cookie authentication because a cookie is used with each request that tells whether a user is authenticated or not. In case of windows authentication we automatically get windows role of the logged in user. You can also implement custom role based security in the Form based authentication. Steps involved in implementing forms authentication  Configure your web application to deny anonymous access  Modify web.config file to specify authentication mode as Forms  Create a aspx page that accepts user id and password and sets authentication cookie  Modify web.config to specify a page that will be acting as login page  Implement role based security (optional) [3] .NET Passport Authentication Passport is a core component of the Microsoft.NET building block services. It enables businesses to develop and offer distributed Web services across a wide range of applications and Passport members to use one sign-in name and password at all participating Web sites Mr. Pritesh N. Patel Page 4
Initial Request When a client requests a resource on a server that requires Passport authentication, the server checks the request for the presence of tickets. If a valid ticket is sent with the request, the server responds with the requested resource. If the ticket does not exist on the client, the server responds with a 302 status code. The response includes the challenge header, "WWW- Authenticate: Passport1.4". Clients that are not Passport-enabled can follow the redirection to the Passport login server. More advanced clients typically contact the Passport nexus to determine the location of the Passport login server. The following image illustrates the initial request to a Passport affiliate. Passport Login Server A Passport login server handles all requests for tickets for any resource in a Passport Domain Authority. Before a request can be authenticated using Passport, the client application must contact the login server to obtain the appropriate tickets. When a client requests tickets from a Passport login server, the login server typically responds with a 401 status code to indicate that user credentials must be provided. Upon the provision of these credentials, the login server responds with the tickets required to access the server containing the originally requested resource. The login server can also redirect the client to another server that can provide the requested resource. Mr. Pritesh N. Patel Page 5
Authenticated Request When the client has the tickets corresponding to a given server, those tickets are included with all requests to that server. If the tickets have not been modified since they were retrieved from the Passport login server, and the tickets are valid for the resource server, the resource server sends a response that includes both the requested resource and cookies indicating that the user is authenticated for future requests. The additional cookies in the response are intended to speed the authentication process. Additional requests—in the same session—for resources on servers in the same Passport Domain Authority, all include these additional cookies. Credentials do not need to be sent to the login server again until the cookies expire. IIS 6 can use Microsoft's .NET Passport to authenticate users requesting resources from a web site or a web site virtual directory. The benefit that this solution offers is that the credentials are stored and managed on another server that you are not responsible for building or maintaining. Users can authenticate using the .NET Passport service and then be allowed access to the web site hosted on your server. The service does not provide access control or site authorization, however. The .NET Passport server Mr. Pritesh N. Patel Page 6
can only affirm that a web consumer representing himself or herself to be the person represented by the established profile in the .NET Passport server has successfully authenticated as that person represented by the established profile. The .NET Passport system is free for the web consumer to register with and use. Web consumers log in and log out at the Passport server, and they are directed to your web site after a successful login event. The login and logout pages may be cobranded so that they appear to be related to the web site that the user is logging in to. Passport provides a nice system for everyone involved in a web-based transaction, because users get the benefit of a single sign-on solution for any .NET Passport authenticated web site they encounter. The web host benefits because the hosting party does not have to build and support the credentials system or server, but they must pay a fee to the Microsoft .NET Passport service to establish an account with the Passport server. After an account is set up, the web host simply needs to build the web site to respond to users who authenticate. This is the same effort that any web site with an established membership and authentication mechanism would perform regardless of where the members' credentials are hosted, except that they now deal with only authenticated user. The problem with the .NET Passport system, however, is that many web consumers have not responded quickly to the solution. The web consumer community is apprehensive about providing personal information to the .NET Passport service. Existing web-based vendors and portals have not adopted the use of .NET Passport with great enthusiasm because they generally already have their own authentication systems in place. The benefits of providing a web single login experience are greatly minimized when the web consumer may have to authenticate to other sites that they patronize. Without wide acceptance of the use of .NET Passport by web sites using it as an authentication system, the web single login system will not benefit the web consumer. Establishing .NET Passport Service Before you can use the .NET Passport service, you need to prepare your site for the service. Following is a review of the steps required for establishing a .NET Passport server setup: 1. Register the web site through the .NET Passport service. Go to the following URL to begin the process: http://www.microsoft.com/net/services/passport/ developer.asp. Here, you'll fill out a comprehensive series of forms and complete a .NET Passport Wizard with information about yourself and your web site. Table 7-1 summarizes the information required to perform this step. Mr. Pritesh N. Patel Page 7
2. On successful registration, your site is assigned an ID and registered with a pending status. Microsoft will attempt to replicate the site on its server and approve your site. 3. Build the site. Microsoft provides a .NET Passport software development kit (SDK) that offers aid and support in your effort to build a .NET Passport web site. The SDK is available free for download from Microsoft's web site at http://msdn.microsoft.com/library/default.asp?url=/downloads/list/w ebsrvpass.asp. 4. Petition .NET Passport services for a compliance review of the site. If your site meets the standards, you will be required to enter into a contractual agreement with .NET Passport services. 5. Launch the site. Obtain the encryption keys for the production site and roll in the production code required to support the .NET Passport integration. Table 7-1: .NET Passport Registration Information Item Description Your general contact information Name, phone, address, e- mail, and so on Name of the site Required-Name used to identify the site in the Passport portal Type of .NET Passport service Required-Choose one or more of the following: Kids Passport, .NET Passport Single Sign-In, .NET Passport Express Purchase Web Site Title Required-Title for the web site Domain Name Required-The top most domain name for the site; no subdomains should be included in the name Default Return URL Required-The URL where customers will be redirected from the Passport server in an error event Customer Support Phone Number Telephone number presented to customers if they need help or support Customer Support E-mail E-mail address presented to customers if they need help or support Mr. Pritesh N. Patel Page 8
Table 7-1: .NET Passport Registration Information Item Description Customer Support URL URL presented to customers if they need help or support Privacy Policy URL Required-URL presented to customers for your privacy policy Cobrand URL URL for the cobranding file that contains the JavaScript cobranding variables Cobrand CSS URL URL for the cascading style sheet (.css) file that will be used by the .NET Passport pages to make them appear cobranded Cobrand Image URL Required-URL for the site's logo, which should be 468 × 60 pixels Cobrand Image2 URL Required-URL for the site's logo, which must be 2 × 80 pixels, and a .gif Cobrand Image HREF Link for the logo image Cobrand Instruction Text Required-Instructions that will appear at the top of the .NET Passport Credential dialog box Registration Return URL URL of the file that users will be redirected to after login by default Terms of Use URL URL for the terms of use Edit URL URL to the page on the web devoted to editing user's data on your site Disable Copyright Checkbox that will disable the Microsoft copyright link presented in each .NET Passport module Disable Help Text Checkbox that will disable the Microsoft help file link presented in each .NET Passport module Mr. Pritesh N. Patel Page 9
Table 7-1: .NET Passport Registration Information Item Description Disable Member Services Checkbox that will disable the Microsoft Member Services file link presented in each .NET Passport module Disable Privacy Policy Checkbox that will disable the Microsoft privacy policy file link presented in each .NET Passport module Disable Terms of Use Checkbox that will disable the Microsoft Terms of Use file link presented in each .NET Passport module Expire Cookie URL Required-URL for a file that deletes the .NET Passport cookies; this URL is called when the user performs a logout function Logout URL URL for a file that the passport system will send customers when they sign out of .NET Passport by clicking the .NET Passport Sign Out button The registration process identified in step 1 is rather comprehensive. You will also be presented with the .NET Passport Wizard, and you will be expected to establish a .NET Passport. After the wizard completes, you will see a series of Mr. Pritesh N. Patel Page 10
web pages prompting you for information-some of which is mandatory to complete the process. Setting Up the Site for .NET Passport If you set up a web site or a web virtual directory to authenticate users via .NET Passport, the users will be presented with a .NET Passport login prompt when they request a file for the first time from the web site. The circumstances under which the user will be prompted for their credentials may vary, depending on the site application's use of the .NET Passport service. After the user enters a valid login and password, they are allowed to access the requested file. To set up IIS to provide .NET Passport authentication, follow these steps: 1. Open the IIS MMC snap-in and expand the Web Sites node in the left panel. 2. Right-click the respective web site or virtual directory that should authenticate using .NET Passport. Select Properties. 3. In the Properties window, select the Directory Security tab. 4. Click the Edit button under the Authentication And Access Control section. The Authentication Methods window will open. 5. Under the Authenticated Access section, check the .NET Passport Authentication checkbox. All other authentication methods will be disabled, since using .NET Passport authentication is a mutually exclusive option. Anonymous access can still be selected, however. 6. If you want, type a domain name in the Default Domain text box. This is the domain to which usernames will be assumed to belong on the host server after the .NET Passport server authenticates them. Realm may be used to identify the organization or domain to which users should be assumed to belong if the server participates in a non- Microsoft system. 7. Click the OK button to close the Authentication Methods window, and click the OK button to close the Properties window. If the .NET Passport service is set properly, users will be presented with a .NET Passport prompt that looks like the window shown in Figure 7-2, except the configurations described in Table 7-1 will exist in place of the default values shown in Figure 7-2. Mr. Pritesh N. Patel Page 11
Figure 7-2: .NET Passport login prompt with the default configurations Mr. Pritesh N. Patel Page 12

Recommended

Claims based authentication in share point 2010 .new
Claims based authentication in share point 2010 .newClaims based authentication in share point 2010 .new
Claims based authentication in share point 2010 .newRavikantChaturvedi
 
SharePoint 2010, Claims-Based Identity, Facebook, and the Cloud
SharePoint 2010, Claims-Based Identity, Facebook, and the CloudSharePoint 2010, Claims-Based Identity, Facebook, and the Cloud
SharePoint 2010, Claims-Based Identity, Facebook, and the CloudDanny Jessee
 
Claims-Based Identity in SharePoint 2010
Claims-Based Identity in SharePoint 2010Claims-Based Identity in SharePoint 2010
Claims-Based Identity in SharePoint 2010Danny Jessee
 
08 asp.net session11
08 asp.net session1108 asp.net session11
08 asp.net session11Vivek chan
 
Deciphering 'Claims-based Identity'
Deciphering 'Claims-based Identity'Deciphering 'Claims-based Identity'
Deciphering 'Claims-based Identity'Oliver Pfaff
 
08 asp.net session11
08 asp.net session1108 asp.net session11
08 asp.net session11Niit Care
 
SharePoint Saturday Toronto July 2012 - Antonio Maio
SharePoint Saturday Toronto July 2012 - Antonio MaioSharePoint Saturday Toronto July 2012 - Antonio Maio
SharePoint Saturday Toronto July 2012 - Antonio MaioAntonioMaio2
 
ASP.NET Lecture 5
ASP.NET Lecture 5ASP.NET Lecture 5
ASP.NET Lecture 5Julie Iskander
 

Recommended

Claims based authentication in share point 2010 .new
Claims based authentication in share point 2010 .newClaims based authentication in share point 2010 .new
Claims based authentication in share point 2010 .newRavikantChaturvedi
 
SharePoint 2010, Claims-Based Identity, Facebook, and the Cloud
SharePoint 2010, Claims-Based Identity, Facebook, and the CloudSharePoint 2010, Claims-Based Identity, Facebook, and the Cloud
SharePoint 2010, Claims-Based Identity, Facebook, and the CloudDanny Jessee
 
Claims-Based Identity in SharePoint 2010
Claims-Based Identity in SharePoint 2010Claims-Based Identity in SharePoint 2010
Claims-Based Identity in SharePoint 2010Danny Jessee
 
08 asp.net session11
08 asp.net session1108 asp.net session11
08 asp.net session11Vivek chan
 
Deciphering 'Claims-based Identity'
Deciphering 'Claims-based Identity'Deciphering 'Claims-based Identity'
Deciphering 'Claims-based Identity'Oliver Pfaff
 
08 asp.net session11
08 asp.net session1108 asp.net session11
08 asp.net session11Niit Care
 
SharePoint Saturday Toronto July 2012 - Antonio Maio
SharePoint Saturday Toronto July 2012 - Antonio MaioSharePoint Saturday Toronto July 2012 - Antonio Maio
SharePoint Saturday Toronto July 2012 - Antonio MaioAntonioMaio2
 
ASP.NET Lecture 5
ASP.NET Lecture 5ASP.NET Lecture 5
ASP.NET Lecture 5Julie Iskander
 
FIWARE ID Management
FIWARE ID ManagementFIWARE ID Management
FIWARE ID ManagementMiguel García González
 
SpoofedMe - Intruding Accounts using Social Login Providers
SpoofedMe - Intruding Accounts using Social Login Providers SpoofedMe - Intruding Accounts using Social Login Providers
SpoofedMe - Intruding Accounts using Social Login Providers IBM Security
 
Overtaking Firefox Profiles: Vulnerabilities in Firefox for Android
Overtaking Firefox Profiles: Vulnerabilities in Firefox for AndroidOvertaking Firefox Profiles: Vulnerabilities in Firefox for Android
Overtaking Firefox Profiles: Vulnerabilities in Firefox for AndroidIBM Security
 
Aspnet auth advanced_cs
Aspnet auth advanced_csAspnet auth advanced_cs
Aspnet auth advanced_csshagilani
 
Demystifying OAuth 2.0
Demystifying OAuth 2.0Demystifying OAuth 2.0
Demystifying OAuth 2.0Karl McGuinness
 
CAS Enhancement
CAS EnhancementCAS Enhancement
CAS EnhancementGuo Albert
 
A Survey on SSO Authentication protocols: Security and Performance
A Survey on SSO Authentication protocols: Security and PerformanceA Survey on SSO Authentication protocols: Security and Performance
A Survey on SSO Authentication protocols: Security and PerformanceAmin Saqi
 
Rest Security with JAX-RS
Rest Security with JAX-RSRest Security with JAX-RS
Rest Security with JAX-RSFrank Kim
 
Remote Exploitation of the Dropbox SDK for Android
Remote Exploitation of the Dropbox SDK for AndroidRemote Exploitation of the Dropbox SDK for Android
Remote Exploitation of the Dropbox SDK for AndroidIBM Security
 
Servlet unit 2
Servlet unit 2 Servlet unit 2
Servlet unit 2 Shree M.L.Kakadiya MCA mahila college, Amreli
 
Securing Applications With Picketlink
Securing Applications With PicketlinkSecuring Applications With Picketlink
Securing Applications With PicketlinkAnil Saldanha
 
Introduction to OAuth2.0
Introduction to OAuth2.0Introduction to OAuth2.0
Introduction to OAuth2.0Oracle Corporation
 
Lecture 20101124
Lecture 20101124Lecture 20101124
Lecture 20101124Anderson Liang
 
OAuth2 + API Security
OAuth2 + API SecurityOAuth2 + API Security
OAuth2 + API SecurityAmila Paranawithana
 
An introduction to OAuth 2
An introduction to OAuth 2An introduction to OAuth 2
An introduction to OAuth 2Sanjoy Kumar Roy
 
SAML
SAMLSAML
SAMLLéopold Gault
 
Blind SQL Injection
Blind SQL InjectionBlind SQL Injection
Blind SQL InjectionBlueinfy Solutions
 
Owasp Top 10 A1: Injection
Owasp Top 10 A1: InjectionOwasp Top 10 A1: Injection
Owasp Top 10 A1: InjectionMichael Hendrickx
 
SSO with sfdc
SSO with sfdcSSO with sfdc
SSO with sfdcMing Yuan
 
Best Practices for Application Development with Box
Best Practices for Application Development with BoxBest Practices for Application Development with Box
Best Practices for Application Development with BoxJonathan LeBlanc
 
Syllabus PS03CINT05 detailing
Syllabus PS03CINT05 detailingSyllabus PS03CINT05 detailing
Syllabus PS03CINT05 detailingOPENLANE
 
dotnet_remoting
dotnet_remotingdotnet_remoting
dotnet_remotingOPENLANE
 

More Related Content

What's hot

SpoofedMe - Intruding Accounts using Social Login Providers
SpoofedMe - Intruding Accounts using Social Login Providers SpoofedMe - Intruding Accounts using Social Login Providers
SpoofedMe - Intruding Accounts using Social Login Providers IBM Security
 
Overtaking Firefox Profiles: Vulnerabilities in Firefox for Android
Overtaking Firefox Profiles: Vulnerabilities in Firefox for AndroidOvertaking Firefox Profiles: Vulnerabilities in Firefox for Android
Overtaking Firefox Profiles: Vulnerabilities in Firefox for AndroidIBM Security
 
Aspnet auth advanced_cs
Aspnet auth advanced_csAspnet auth advanced_cs
Aspnet auth advanced_csshagilani
 
CAS Enhancement
CAS EnhancementCAS Enhancement
CAS EnhancementGuo Albert
 
A Survey on SSO Authentication protocols: Security and Performance
A Survey on SSO Authentication protocols: Security and PerformanceA Survey on SSO Authentication protocols: Security and Performance
A Survey on SSO Authentication protocols: Security and PerformanceAmin Saqi
 
Rest Security with JAX-RS
Rest Security with JAX-RSRest Security with JAX-RS
Rest Security with JAX-RSFrank Kim
 
Remote Exploitation of the Dropbox SDK for Android
Remote Exploitation of the Dropbox SDK for AndroidRemote Exploitation of the Dropbox SDK for Android
Remote Exploitation of the Dropbox SDK for AndroidIBM Security
 
Securing Applications With Picketlink
Securing Applications With PicketlinkSecuring Applications With Picketlink
Securing Applications With PicketlinkAnil Saldanha
 
An introduction to OAuth 2
An introduction to OAuth 2An introduction to OAuth 2
An introduction to OAuth 2Sanjoy Kumar Roy
 
SSO with sfdc
SSO with sfdcSSO with sfdc
SSO with sfdcMing Yuan
 
Best Practices for Application Development with Box
Best Practices for Application Development with BoxBest Practices for Application Development with Box
Best Practices for Application Development with BoxJonathan LeBlanc
 

What's hot (20)

FIWARE ID Management
FIWARE ID ManagementFIWARE ID Management
FIWARE ID Management
 
SpoofedMe - Intruding Accounts using Social Login Providers
SpoofedMe - Intruding Accounts using Social Login Providers SpoofedMe - Intruding Accounts using Social Login Providers
SpoofedMe - Intruding Accounts using Social Login Providers
 
Overtaking Firefox Profiles: Vulnerabilities in Firefox for Android
Overtaking Firefox Profiles: Vulnerabilities in Firefox for AndroidOvertaking Firefox Profiles: Vulnerabilities in Firefox for Android
Overtaking Firefox Profiles: Vulnerabilities in Firefox for Android
 
Aspnet auth advanced_cs
Aspnet auth advanced_csAspnet auth advanced_cs
Aspnet auth advanced_cs
 
Demystifying OAuth 2.0
Demystifying OAuth 2.0Demystifying OAuth 2.0
Demystifying OAuth 2.0
 
CAS Enhancement
CAS EnhancementCAS Enhancement
CAS Enhancement
 
A Survey on SSO Authentication protocols: Security and Performance
A Survey on SSO Authentication protocols: Security and PerformanceA Survey on SSO Authentication protocols: Security and Performance
A Survey on SSO Authentication protocols: Security and Performance
 
Rest Security with JAX-RS
Rest Security with JAX-RSRest Security with JAX-RS
Rest Security with JAX-RS
 
Remote Exploitation of the Dropbox SDK for Android
Remote Exploitation of the Dropbox SDK for AndroidRemote Exploitation of the Dropbox SDK for Android
Remote Exploitation of the Dropbox SDK for Android
 
Servlet unit 2
Servlet unit 2 Servlet unit 2
Servlet unit 2
 
Securing Applications With Picketlink
Securing Applications With PicketlinkSecuring Applications With Picketlink
Securing Applications With Picketlink
 
Introduction to OAuth2.0
Introduction to OAuth2.0Introduction to OAuth2.0
Introduction to OAuth2.0
 
Lecture 20101124
Lecture 20101124Lecture 20101124
Lecture 20101124
 
OAuth2 + API Security
OAuth2 + API SecurityOAuth2 + API Security
OAuth2 + API Security
 
An introduction to OAuth 2
An introduction to OAuth 2An introduction to OAuth 2
An introduction to OAuth 2
 
SAML
SAMLSAML
SAML
 
Blind SQL Injection
Blind SQL InjectionBlind SQL Injection
Blind SQL Injection
 
Owasp Top 10 A1: Injection
Owasp Top 10 A1: InjectionOwasp Top 10 A1: Injection
Owasp Top 10 A1: Injection
 
SSO with sfdc
SSO with sfdcSSO with sfdc
SSO with sfdc
 
Best Practices for Application Development with Box
Best Practices for Application Development with BoxBest Practices for Application Development with Box
Best Practices for Application Development with Box
 

Viewers also liked

Syllabus PS03CINT05 detailing
Syllabus PS03CINT05 detailingSyllabus PS03CINT05 detailing
Syllabus PS03CINT05 detailingOPENLANE
 
dotnet_remoting
dotnet_remotingdotnet_remoting
dotnet_remotingOPENLANE
 
Unrestricted Simplex Protocolx
Unrestricted Simplex ProtocolxUnrestricted Simplex Protocolx
Unrestricted Simplex ProtocolxOPENLANE
 
Struts tutorial
Struts tutorialStruts tutorial
Struts tutorialOPENLANE
 
WML-Tutorial
WML-TutorialWML-Tutorial
WML-TutorialOPENLANE
 
The Best Moodle Modules and Plugins
The Best Moodle Modules and PluginsThe Best Moodle Modules and Plugins
The Best Moodle Modules and PluginsRafael Scapin, Ph.D.
 

Viewers also liked (7)

Syllabus PS03CINT05 detailing
Syllabus PS03CINT05 detailingSyllabus PS03CINT05 detailing
Syllabus PS03CINT05 detailing
 
dotnet_remoting
dotnet_remotingdotnet_remoting
dotnet_remoting
 
Unrestricted Simplex Protocolx
Unrestricted Simplex ProtocolxUnrestricted Simplex Protocolx
Unrestricted Simplex Protocolx
 
Struts tutorial
Struts tutorialStruts tutorial
Struts tutorial
 
WML-Tutorial
WML-TutorialWML-Tutorial
WML-Tutorial
 
The Best Moodle Modules and Plugins
The Best Moodle Modules and PluginsThe Best Moodle Modules and Plugins
The Best Moodle Modules and Plugins
 
Fracturas maxilares
Fracturas maxilaresFracturas maxilares
Fracturas maxilares
 

Similar to Authorization in asp

Defending broken access control in .NET
Defending broken access control in .NETDefending broken access control in .NET
Defending broken access control in .NETSupriya G
 
Synapse india reviews on security for the share point developer
Synapse india reviews on security for the share point developerSynapse india reviews on security for the share point developer
Synapse india reviews on security for the share point developersaritasingh19866
 
UserCentric Identity based Service Invocation
UserCentric Identity based Service InvocationUserCentric Identity based Service Invocation
UserCentric Identity based Service Invocationguestd5dde6
 
SharePoint 2010, Claims-Based Identity, Facebook, and the Cloud
SharePoint 2010, Claims-Based Identity, Facebook, and the CloudSharePoint 2010, Claims-Based Identity, Facebook, and the Cloud
SharePoint 2010, Claims-Based Identity, Facebook, and the CloudDanny Jessee
 
08 asp.net session11
08 asp.net session1108 asp.net session11
08 asp.net session11Mani Chaubey
 
.NET Core, ASP.NET Core Course, Session 19
.NET Core, ASP.NET Core Course, Session 19 .NET Core, ASP.NET Core Course, Session 19
.NET Core, ASP.NET Core Course, Session 19aminmesbahi
 
SharePoint 2010, Claims-Based Identity, Facebook, and the Cloud
SharePoint 2010, Claims-Based Identity, Facebook, and the CloudSharePoint 2010, Claims-Based Identity, Facebook, and the Cloud
SharePoint 2010, Claims-Based Identity, Facebook, and the CloudDanny Jessee
 
Claims Based Identity In Share Point 2010
Claims Based Identity In Share Point 2010Claims Based Identity In Share Point 2010
Claims Based Identity In Share Point 2010Steve Sofian
 
OAuth 2.0 - The fundamentals, the good , the bad, technical primer and commo...
OAuth 2.0 - The fundamentals, the good , the bad, technical primer and commo...OAuth 2.0 - The fundamentals, the good , the bad, technical primer and commo...
OAuth 2.0 - The fundamentals, the good , the bad, technical primer and commo...Good Dog Labs, Inc.
 
Authentication and authorization in res tful infrastructures
Authentication and authorization in res tful infrastructuresAuthentication and authorization in res tful infrastructures
Authentication and authorization in res tful infrastructuresCorley S.r.l.
 
Azure from scratch part 2 By Girish Kalamati
Azure from scratch part 2 By Girish KalamatiAzure from scratch part 2 By Girish Kalamati
Azure from scratch part 2 By Girish KalamatiGirish Kalamati
 
MongoDB World 2019: Securing Application Data from Day One
MongoDB World 2019: Securing Application Data from Day OneMongoDB World 2019: Securing Application Data from Day One
MongoDB World 2019: Securing Application Data from Day OneMongoDB
 
CNIT 128: 6: Mobile services and mobile Web (part 1: Beginning Through OAuth)
CNIT 128: 6: Mobile services and mobile Web (part 1: Beginning Through OAuth)CNIT 128: 6: Mobile services and mobile Web (part 1: Beginning Through OAuth)
CNIT 128: 6: Mobile services and mobile Web (part 1: Beginning Through OAuth)Sam Bowne
 
Claims-Based Identity, Facebook, and the Cloud
Claims-Based Identity, Facebook, and the CloudClaims-Based Identity, Facebook, and the Cloud
Claims-Based Identity, Facebook, and the CloudDanny Jessee
 

Similar to Authorization in asp (20)

ASP.NET 13 - Security
ASP.NET 13 - SecurityASP.NET 13 - Security
ASP.NET 13 - Security
 
Defending broken access control in .NET
Defending broken access control in .NETDefending broken access control in .NET
Defending broken access control in .NET
 
Synapse india reviews on security for the share point developer
Synapse india reviews on security for the share point developerSynapse india reviews on security for the share point developer
Synapse india reviews on security for the share point developer
 
UserCentric Identity based Service Invocation
UserCentric Identity based Service InvocationUserCentric Identity based Service Invocation
UserCentric Identity based Service Invocation
 
SharePoint 2010, Claims-Based Identity, Facebook, and the Cloud
SharePoint 2010, Claims-Based Identity, Facebook, and the CloudSharePoint 2010, Claims-Based Identity, Facebook, and the Cloud
SharePoint 2010, Claims-Based Identity, Facebook, and the Cloud
 
08 asp.net session11
08 asp.net session1108 asp.net session11
08 asp.net session11
 
.NET Core, ASP.NET Core Course, Session 19
.NET Core, ASP.NET Core Course, Session 19 .NET Core, ASP.NET Core Course, Session 19
.NET Core, ASP.NET Core Course, Session 19
 
O auth 2
O auth 2O auth 2
O auth 2
 
SharePoint 2010, Claims-Based Identity, Facebook, and the Cloud
SharePoint 2010, Claims-Based Identity, Facebook, and the CloudSharePoint 2010, Claims-Based Identity, Facebook, and the Cloud
SharePoint 2010, Claims-Based Identity, Facebook, and the Cloud
 
Claims Based Identity In Share Point 2010
Claims Based Identity In Share Point 2010Claims Based Identity In Share Point 2010
Claims Based Identity In Share Point 2010
 
Restful api
Restful apiRestful api
Restful api
 
Profile
ProfileProfile
Profile
 
OAuth 2.0 - The fundamentals, the good , the bad, technical primer and commo...
OAuth 2.0 - The fundamentals, the good , the bad, technical primer and commo...OAuth 2.0 - The fundamentals, the good , the bad, technical primer and commo...
OAuth 2.0 - The fundamentals, the good , the bad, technical primer and commo...
 
Authentication and authorization in res tful infrastructures
Authentication and authorization in res tful infrastructuresAuthentication and authorization in res tful infrastructures
Authentication and authorization in res tful infrastructures
 
Azure from scratch part 2 By Girish Kalamati
Azure from scratch part 2 By Girish KalamatiAzure from scratch part 2 By Girish Kalamati
Azure from scratch part 2 By Girish Kalamati
 
OAuth Android Göteborg
OAuth Android GöteborgOAuth Android Göteborg
OAuth Android Göteborg
 
Chapter 19
Chapter 19Chapter 19
Chapter 19
 
MongoDB World 2019: Securing Application Data from Day One
MongoDB World 2019: Securing Application Data from Day OneMongoDB World 2019: Securing Application Data from Day One
MongoDB World 2019: Securing Application Data from Day One
 
CNIT 128: 6: Mobile services and mobile Web (part 1: Beginning Through OAuth)
CNIT 128: 6: Mobile services and mobile Web (part 1: Beginning Through OAuth)CNIT 128: 6: Mobile services and mobile Web (part 1: Beginning Through OAuth)
CNIT 128: 6: Mobile services and mobile Web (part 1: Beginning Through OAuth)
 
Claims-Based Identity, Facebook, and the Cloud
Claims-Based Identity, Facebook, and the CloudClaims-Based Identity, Facebook, and the Cloud
Claims-Based Identity, Facebook, and the Cloud
 

More from OPENLANE

MTA Certificate Path Microsoft
MTA Certificate Path MicrosoftMTA Certificate Path Microsoft
MTA Certificate Path MicrosoftOPENLANE
 
Visual studio 2008 overview
Visual studio 2008 overviewVisual studio 2008 overview
Visual studio 2008 overviewOPENLANE
 
Complete inet-phi-book-vol-1-2003-secure
Complete inet-phi-book-vol-1-2003-secureComplete inet-phi-book-vol-1-2003-secure
Complete inet-phi-book-vol-1-2003-secureOPENLANE
 
6_Issues in accented speech recognition for Gujarati and its role in E_Teachingx
6_Issues in accented speech recognition for Gujarati and its role in E_Teachingx6_Issues in accented speech recognition for Gujarati and its role in E_Teachingx
6_Issues in accented speech recognition for Gujarati and its role in E_TeachingxOPENLANE
 
Software Quality Managementx
Software Quality ManagementxSoftware Quality Managementx
Software Quality ManagementxOPENLANE
 
Oracle 10gx
Oracle 10gxOracle 10gx
Oracle 10gxOPENLANE
 
About .netx
About .netxAbout .netx
About .netxOPENLANE
 
Naive Baysianx
Naive BaysianxNaive Baysianx
Naive BaysianxOPENLANE
 
Introduction to Protégéx
Introduction to ProtégéxIntroduction to Protégéx
Introduction to ProtégéxOPENLANE
 
Introduction to Protégé
Introduction to ProtégéIntroduction to Protégé
Introduction to ProtégéOPENLANE
 
E_commerce and trends in ICT_9thfebx
E_commerce and trends in ICT_9thfebxE_commerce and trends in ICT_9thfebx
E_commerce and trends in ICT_9thfebxOPENLANE
 
3_Enhancing and Measuring students IQ and EQ levels using AIx
3_Enhancing and Measuring students IQ and EQ levels using AIx3_Enhancing and Measuring students IQ and EQ levels using AIx
3_Enhancing and Measuring students IQ and EQ levels using AIxOPENLANE
 
Asignment MCA - 640005 DWADM
Asignment MCA - 640005 DWADMAsignment MCA - 640005 DWADM
Asignment MCA - 640005 DWADMOPENLANE
 
Data Link Layer Protocolsx
Data Link Layer ProtocolsxData Link Layer Protocolsx
Data Link Layer ProtocolsxOPENLANE
 
ISTAR Abstractx
ISTAR AbstractxISTAR Abstractx
ISTAR AbstractxOPENLANE
 
Web ResarchAbstractx
Web ResarchAbstractxWeb ResarchAbstractx
Web ResarchAbstractxOPENLANE
 
Calculating the Hamming Codex
Calculating the Hamming CodexCalculating the Hamming Codex
Calculating the Hamming CodexOPENLANE
 
JavaScript RegExp Tester Source Codex
JavaScript RegExp Tester Source CodexJavaScript RegExp Tester Source Codex
JavaScript RegExp Tester Source CodexOPENLANE
 
Simple Stop and Wait Protocol codex
Simple Stop and Wait Protocol codexSimple Stop and Wait Protocol codex
Simple Stop and Wait Protocol codexOPENLANE
 

More from OPENLANE (20)

MTA Certificate Path Microsoft
MTA Certificate Path MicrosoftMTA Certificate Path Microsoft
MTA Certificate Path Microsoft
 
Visual studio 2008 overview
Visual studio 2008 overviewVisual studio 2008 overview
Visual studio 2008 overview
 
Complete inet-phi-book-vol-1-2003-secure
Complete inet-phi-book-vol-1-2003-secureComplete inet-phi-book-vol-1-2003-secure
Complete inet-phi-book-vol-1-2003-secure
 
6_Issues in accented speech recognition for Gujarati and its role in E_Teachingx
6_Issues in accented speech recognition for Gujarati and its role in E_Teachingx6_Issues in accented speech recognition for Gujarati and its role in E_Teachingx
6_Issues in accented speech recognition for Gujarati and its role in E_Teachingx
 
Software Quality Managementx
Software Quality ManagementxSoftware Quality Managementx
Software Quality Managementx
 
Oracle 10gx
Oracle 10gxOracle 10gx
Oracle 10gx
 
About .netx
About .netxAbout .netx
About .netx
 
Doc1x
Doc1xDoc1x
Doc1x
 
Naive Baysianx
Naive BaysianxNaive Baysianx
Naive Baysianx
 
Introduction to Protégéx
Introduction to ProtégéxIntroduction to Protégéx
Introduction to Protégéx
 
Introduction to Protégé
Introduction to ProtégéIntroduction to Protégé
Introduction to Protégé
 
E_commerce and trends in ICT_9thfebx
E_commerce and trends in ICT_9thfebxE_commerce and trends in ICT_9thfebx
E_commerce and trends in ICT_9thfebx
 
3_Enhancing and Measuring students IQ and EQ levels using AIx
3_Enhancing and Measuring students IQ and EQ levels using AIx3_Enhancing and Measuring students IQ and EQ levels using AIx
3_Enhancing and Measuring students IQ and EQ levels using AIx
 
Asignment MCA - 640005 DWADM
Asignment MCA - 640005 DWADMAsignment MCA - 640005 DWADM
Asignment MCA - 640005 DWADM
 
Data Link Layer Protocolsx
Data Link Layer ProtocolsxData Link Layer Protocolsx
Data Link Layer Protocolsx
 
ISTAR Abstractx
ISTAR AbstractxISTAR Abstractx
ISTAR Abstractx
 
Web ResarchAbstractx
Web ResarchAbstractxWeb ResarchAbstractx
Web ResarchAbstractx
 
Calculating the Hamming Codex
Calculating the Hamming CodexCalculating the Hamming Codex
Calculating the Hamming Codex
 
JavaScript RegExp Tester Source Codex
JavaScript RegExp Tester Source CodexJavaScript RegExp Tester Source Codex
JavaScript RegExp Tester Source Codex
 
Simple Stop and Wait Protocol codex
Simple Stop and Wait Protocol codexSimple Stop and Wait Protocol codex
Simple Stop and Wait Protocol codex
 

Recently uploaded

Inclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdf
Inclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdfInclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdf
Inclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdfTechSoup
 
Proudly South Africa powerpoint Thorisha.pptx
Proudly South Africa powerpoint Thorisha.pptxProudly South Africa powerpoint Thorisha.pptx
Proudly South Africa powerpoint Thorisha.pptxthorishapillay1
 
Global Lehigh Strategic Initiatives (without descriptions)
Global Lehigh Strategic Initiatives (without descriptions)Global Lehigh Strategic Initiatives (without descriptions)
Global Lehigh Strategic Initiatives (without descriptions)cama23
 
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️9953056974 Low Rate Call Girls In Saket, Delhi NCR
 
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...Nguyen Thanh Tu Collection
 
4.16.24 21st Century Movements for Black Lives.pptx
4.16.24 21st Century Movements for Black Lives.pptx4.16.24 21st Century Movements for Black Lives.pptx
4.16.24 21st Century Movements for Black Lives.pptxmary850239
 
Science 7 Quarter 4 Module 2: Natural Resources.pptx
Science 7 Quarter 4 Module 2: Natural Resources.pptxScience 7 Quarter 4 Module 2: Natural Resources.pptx
Science 7 Quarter 4 Module 2: Natural Resources.pptxMaryGraceBautista27
 
Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...Jisc
 
ACC 2024 Chronicles. Cardiology. Exam.pdf
ACC 2024 Chronicles. Cardiology. Exam.pdfACC 2024 Chronicles. Cardiology. Exam.pdf
ACC 2024 Chronicles. Cardiology. Exam.pdfSpandanaRallapalli
 
Field Attribute Index Feature in Odoo 17
Field Attribute Index Feature in Odoo 17Field Attribute Index Feature in Odoo 17
Field Attribute Index Feature in Odoo 17Celine George
 
How to do quick user assign in kanban in Odoo 17 ERP
How to do quick user assign in kanban in Odoo 17 ERPHow to do quick user assign in kanban in Odoo 17 ERP
How to do quick user assign in kanban in Odoo 17 ERPCeline George
 
Visit to a blind student's school🧑‍🦯🧑‍🦯(community medicine)
Visit to a blind student's school🧑‍🦯🧑‍🦯(community medicine)Visit to a blind student's school🧑‍🦯🧑‍🦯(community medicine)
Visit to a blind student's school🧑‍🦯🧑‍🦯(community medicine)lakshayb543
 
Earth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice greatEarth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice greatYousafMalik24
 
ENGLISH6-Q4-W3.pptxqurter our high choom
ENGLISH6-Q4-W3.pptxqurter our high choomENGLISH6-Q4-W3.pptxqurter our high choom
ENGLISH6-Q4-W3.pptxqurter our high choomnelietumpap1
 
Keynote by Prof. Wurzer at Nordex about IP-design
Keynote by Prof. Wurzer at Nordex about IP-designKeynote by Prof. Wurzer at Nordex about IP-design
Keynote by Prof. Wurzer at Nordex about IP-designMIPLM
 
Culture Uniformity or Diversity IN SOCIOLOGY.pptx
Culture Uniformity or Diversity IN SOCIOLOGY.pptxCulture Uniformity or Diversity IN SOCIOLOGY.pptx
Culture Uniformity or Diversity IN SOCIOLOGY.pptxPoojaSen20
 
Karra SKD Conference Presentation Revised.pptx
Karra SKD Conference Presentation Revised.pptxKarra SKD Conference Presentation Revised.pptx
Karra SKD Conference Presentation Revised.pptxAshokKarra1
 

Recently uploaded (20)

Inclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdf
Inclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdfInclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdf
Inclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdf
 
Proudly South Africa powerpoint Thorisha.pptx
Proudly South Africa powerpoint Thorisha.pptxProudly South Africa powerpoint Thorisha.pptx
Proudly South Africa powerpoint Thorisha.pptx
 
Global Lehigh Strategic Initiatives (without descriptions)
Global Lehigh Strategic Initiatives (without descriptions)Global Lehigh Strategic Initiatives (without descriptions)
Global Lehigh Strategic Initiatives (without descriptions)
 
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
 
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...
 
4.16.24 21st Century Movements for Black Lives.pptx
4.16.24 21st Century Movements for Black Lives.pptx4.16.24 21st Century Movements for Black Lives.pptx
4.16.24 21st Century Movements for Black Lives.pptx
 
LEFT_ON_C'N_ PRELIMS_EL_DORADO_2024.pptx
LEFT_ON_C'N_ PRELIMS_EL_DORADO_2024.pptxLEFT_ON_C'N_ PRELIMS_EL_DORADO_2024.pptx
LEFT_ON_C'N_ PRELIMS_EL_DORADO_2024.pptx
 
Science 7 Quarter 4 Module 2: Natural Resources.pptx
Science 7 Quarter 4 Module 2: Natural Resources.pptxScience 7 Quarter 4 Module 2: Natural Resources.pptx
Science 7 Quarter 4 Module 2: Natural Resources.pptx
 
Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...
 
ACC 2024 Chronicles. Cardiology. Exam.pdf
ACC 2024 Chronicles. Cardiology. Exam.pdfACC 2024 Chronicles. Cardiology. Exam.pdf
ACC 2024 Chronicles. Cardiology. Exam.pdf
 
Field Attribute Index Feature in Odoo 17
Field Attribute Index Feature in Odoo 17Field Attribute Index Feature in Odoo 17
Field Attribute Index Feature in Odoo 17
 
How to do quick user assign in kanban in Odoo 17 ERP
How to do quick user assign in kanban in Odoo 17 ERPHow to do quick user assign in kanban in Odoo 17 ERP
How to do quick user assign in kanban in Odoo 17 ERP
 
Visit to a blind student's school🧑‍🦯🧑‍🦯(community medicine)
Visit to a blind student's school🧑‍🦯🧑‍🦯(community medicine)Visit to a blind student's school🧑‍🦯🧑‍🦯(community medicine)
Visit to a blind student's school🧑‍🦯🧑‍🦯(community medicine)
 
Earth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice greatEarth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice great
 
ENGLISH6-Q4-W3.pptxqurter our high choom
ENGLISH6-Q4-W3.pptxqurter our high choomENGLISH6-Q4-W3.pptxqurter our high choom
ENGLISH6-Q4-W3.pptxqurter our high choom
 
Keynote by Prof. Wurzer at Nordex about IP-design
Keynote by Prof. Wurzer at Nordex about IP-designKeynote by Prof. Wurzer at Nordex about IP-design
Keynote by Prof. Wurzer at Nordex about IP-design
 
Culture Uniformity or Diversity IN SOCIOLOGY.pptx
Culture Uniformity or Diversity IN SOCIOLOGY.pptxCulture Uniformity or Diversity IN SOCIOLOGY.pptx
Culture Uniformity or Diversity IN SOCIOLOGY.pptx
 
YOUVE_GOT_EMAIL_PRELIMS_EL_DORADO_2024.pptx
YOUVE_GOT_EMAIL_PRELIMS_EL_DORADO_2024.pptxYOUVE_GOT_EMAIL_PRELIMS_EL_DORADO_2024.pptx
YOUVE_GOT_EMAIL_PRELIMS_EL_DORADO_2024.pptx
 
Karra SKD Conference Presentation Revised.pptx
Karra SKD Conference Presentation Revised.pptxKarra SKD Conference Presentation Revised.pptx
Karra SKD Conference Presentation Revised.pptx
 
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
 

Authorization in asp

  • 1. Authorization in ASP.NET: Authorization is a process in which you decide whether an authenticated user is allowed to access certain page or resource. E.g. operators may not be allowed to view certain confidential financial information that managers can view. ASP.NET Authorization The purpose of authorization is to determine whether an identity should be granted the requested type of access to a given resource. There are two fundamental ways to authorize access to a given resource: File authorization File authorization is performed by the FileAuthorizationModule, and is active when you use Windows authentication. It does an ACL check to determine whether a user should have access. Applications can further use impersonation to get resource checks on resources that they are accessing.. URL authorization URL authorization is performed by the URLAuthorizationModule, which maps users and roles to pieces of the URI namespace. This module implements both positive and negative authorization assertions. That is, the module can be used to selectively allow or deny access to arbitrary parts of the URI namespace for certain sets, users, or roles. The URLAuthorizationModule is available for use at any time. You only need to place a list of users and/or roles in the <allow> or <deny> elements of the <authorization> section of a configuration file. To establish the conditions for access to a particular directory, you must place a configuration file that contains an <authorization> section in that directory. The conditions set for that directory also apply to its subdirectories, unless configuration files in a subdirectory override them. The general syntax for this section is as follows: <[element] [users] [roles] [verbs] /> The element is required. Either the users or the roles attribute must be included. Both can be included, but both are not required. The verbs attribute is optional. The permissible elements are <allow> and <deny>, which grant and revoke access, respectively. Each element supports three attributes, which are defined in the following table. Attribute Description Mr. Pritesh N. Patel Page 1
  • 2. Roles Identifies a targeted role for this element. The associated IPrincipal object for the request determines the role membership. You can attach arbitrary IPrincipal objects to the context for a given request and they can determine role membership in whatever fashion you like. For example, the default WindowsPrincipal class uses Windows NT groups to determine role membership. Users Identifies the targeted identities for this element. Verbs Defines the HTTP verbs to which the action applies, such as GET, HEAD, or POST. Anonymous users are also denied. The following example grants access to Mary, while denying it to John: <authorization> <allow users="Mary"/> <deny users="John" /> <deny users="?" /> </authorization> Both users and roles can refer to multiple entities by using a comma- separated list such as the following: <allow users="John, Mary, redmondbar" /> Notice that the domain account [redmondbar] must include both the domain and user name combination. In addition to identity names, there are two special identities, as shown in the following table. Identity Description * Refers to all identities ? Refers to the anonymous identity To allow John and deny everyone else, one might construct the following configuration section: <authorization> <allow users="John" /> <deny users="*" /> </authorization> Mr. Pritesh N. Patel Page 2
  • 3. The following example lets everyone do a GET, but only Mary can use POST: <authorization> <allow verb="GET" users="*" /> <allow verb="POST" users="Mary" /> <deny verb="POST" users="*" /> </authorization> Rules are applied using the following heuristics: Rules at lower levels take precedence over rules at higher levels. The system determines which rule takes precedence by constructing a merged list of all rules for a URL, with the most recent (nearest in the hierarchy) rules at the head of the list. Given a set of merged rules for a URL, the system starts at the head of the list and checks rules until the first match is found. Note that the default configuration for ASP.NET contains an <allow users="*"> element, which authorizes all users. If no rules match, the request is allowed unless otherwise denied. If a match is found and the match is a <deny> element, it returns 401. Applications or sites can easily configure a <deny users="*"> element at the top level of their site or application to prevent this behavior. If an <allow> matches, the module does nothing and lets the request be processed further. There is also a <location> tag that you can use to specify a particular file or directory to which settings wrapped by that tag (between <location> and </location> tags) should apply. Windows Authentication in ASP.NET (Authentication Systems) Introduction Security is an important consideration in your web applications. Securing a web application consists of two steps:  Authenticating the user accessing the page  Authorizing the user to access the page Authentication is a process of determining whether a user is the one who he claims to be. Typically this will be determined with the help of user id and password. ASP.NET offers various ways to authenticate and authorize users of your web site. They are:  Windows authentication  Forms authentication (cookie authentication) Mr. Pritesh N. Patel Page 3
  • 4. Passport authentication [1] Windows Authentication Windows authentication scheme uses traditional mechanisms of Basic, NTLM/Kerberose and Digest authentication. Here IIS uses the credentials of logged in user are used to authenticate web requests. In case integrated windows authentication is turned off a typical gray colored dialog pops up asking for user id and password. Steps involved in implementing windows authentication and authorization  Create a ASP.NET web application  Modify web.config to set authentication mode to windows  Modify web.config to deny access to anonymous users  Authorize users based on their NT user groups (roles) [2] Forms authentication in ASP.NET Introduction Many times we use some kind of custom authentication mechanism for our web sites. The most common way to authenticate visitors of your site is by accepting user id and password from then which are then validated against a database table. ASP.NET provides a very easy way to implement such mechanism via forms authentication. Forms based authentication is also referred to as cookie authentication because a cookie is used with each request that tells whether a user is authenticated or not. In case of windows authentication we automatically get windows role of the logged in user. You can also implement custom role based security in the Form based authentication. Steps involved in implementing forms authentication  Configure your web application to deny anonymous access  Modify web.config file to specify authentication mode as Forms  Create a aspx page that accepts user id and password and sets authentication cookie  Modify web.config to specify a page that will be acting as login page  Implement role based security (optional) [3] .NET Passport Authentication Passport is a core component of the Microsoft.NET building block services. It enables businesses to develop and offer distributed Web services across a wide range of applications and Passport members to use one sign-in name and password at all participating Web sites Mr. Pritesh N. Patel Page 4
  • 5. Initial Request When a client requests a resource on a server that requires Passport authentication, the server checks the request for the presence of tickets. If a valid ticket is sent with the request, the server responds with the requested resource. If the ticket does not exist on the client, the server responds with a 302 status code. The response includes the challenge header, "WWW- Authenticate: Passport1.4". Clients that are not Passport-enabled can follow the redirection to the Passport login server. More advanced clients typically contact the Passport nexus to determine the location of the Passport login server. The following image illustrates the initial request to a Passport affiliate. Passport Login Server A Passport login server handles all requests for tickets for any resource in a Passport Domain Authority. Before a request can be authenticated using Passport, the client application must contact the login server to obtain the appropriate tickets. When a client requests tickets from a Passport login server, the login server typically responds with a 401 status code to indicate that user credentials must be provided. Upon the provision of these credentials, the login server responds with the tickets required to access the server containing the originally requested resource. The login server can also redirect the client to another server that can provide the requested resource. Mr. Pritesh N. Patel Page 5
  • 6. Authenticated Request When the client has the tickets corresponding to a given server, those tickets are included with all requests to that server. If the tickets have not been modified since they were retrieved from the Passport login server, and the tickets are valid for the resource server, the resource server sends a response that includes both the requested resource and cookies indicating that the user is authenticated for future requests. The additional cookies in the response are intended to speed the authentication process. Additional requests—in the same session—for resources on servers in the same Passport Domain Authority, all include these additional cookies. Credentials do not need to be sent to the login server again until the cookies expire. IIS 6 can use Microsoft's .NET Passport to authenticate users requesting resources from a web site or a web site virtual directory. The benefit that this solution offers is that the credentials are stored and managed on another server that you are not responsible for building or maintaining. Users can authenticate using the .NET Passport service and then be allowed access to the web site hosted on your server. The service does not provide access control or site authorization, however. The .NET Passport server Mr. Pritesh N. Patel Page 6
  • 7. can only affirm that a web consumer representing himself or herself to be the person represented by the established profile in the .NET Passport server has successfully authenticated as that person represented by the established profile. The .NET Passport system is free for the web consumer to register with and use. Web consumers log in and log out at the Passport server, and they are directed to your web site after a successful login event. The login and logout pages may be cobranded so that they appear to be related to the web site that the user is logging in to. Passport provides a nice system for everyone involved in a web-based transaction, because users get the benefit of a single sign-on solution for any .NET Passport authenticated web site they encounter. The web host benefits because the hosting party does not have to build and support the credentials system or server, but they must pay a fee to the Microsoft .NET Passport service to establish an account with the Passport server. After an account is set up, the web host simply needs to build the web site to respond to users who authenticate. This is the same effort that any web site with an established membership and authentication mechanism would perform regardless of where the members' credentials are hosted, except that they now deal with only authenticated user. The problem with the .NET Passport system, however, is that many web consumers have not responded quickly to the solution. The web consumer community is apprehensive about providing personal information to the .NET Passport service. Existing web-based vendors and portals have not adopted the use of .NET Passport with great enthusiasm because they generally already have their own authentication systems in place. The benefits of providing a web single login experience are greatly minimized when the web consumer may have to authenticate to other sites that they patronize. Without wide acceptance of the use of .NET Passport by web sites using it as an authentication system, the web single login system will not benefit the web consumer. Establishing .NET Passport Service Before you can use the .NET Passport service, you need to prepare your site for the service. Following is a review of the steps required for establishing a .NET Passport server setup: 1. Register the web site through the .NET Passport service. Go to the following URL to begin the process: http://www.microsoft.com/net/services/passport/ developer.asp. Here, you'll fill out a comprehensive series of forms and complete a .NET Passport Wizard with information about yourself and your web site. Table 7-1 summarizes the information required to perform this step. Mr. Pritesh N. Patel Page 7
  • 8. 2. On successful registration, your site is assigned an ID and registered with a pending status. Microsoft will attempt to replicate the site on its server and approve your site. 3. Build the site. Microsoft provides a .NET Passport software development kit (SDK) that offers aid and support in your effort to build a .NET Passport web site. The SDK is available free for download from Microsoft's web site at http://msdn.microsoft.com/library/default.asp?url=/downloads/list/w ebsrvpass.asp. 4. Petition .NET Passport services for a compliance review of the site. If your site meets the standards, you will be required to enter into a contractual agreement with .NET Passport services. 5. Launch the site. Obtain the encryption keys for the production site and roll in the production code required to support the .NET Passport integration. Table 7-1: .NET Passport Registration Information Item Description Your general contact information Name, phone, address, e- mail, and so on Name of the site Required-Name used to identify the site in the Passport portal Type of .NET Passport service Required-Choose one or more of the following: Kids Passport, .NET Passport Single Sign-In, .NET Passport Express Purchase Web Site Title Required-Title for the web site Domain Name Required-The top most domain name for the site; no subdomains should be included in the name Default Return URL Required-The URL where customers will be redirected from the Passport server in an error event Customer Support Phone Number Telephone number presented to customers if they need help or support Customer Support E-mail E-mail address presented to customers if they need help or support Mr. Pritesh N. Patel Page 8
  • 9. Table 7-1: .NET Passport Registration Information Item Description Customer Support URL URL presented to customers if they need help or support Privacy Policy URL Required-URL presented to customers for your privacy policy Cobrand URL URL for the cobranding file that contains the JavaScript cobranding variables Cobrand CSS URL URL for the cascading style sheet (.css) file that will be used by the .NET Passport pages to make them appear cobranded Cobrand Image URL Required-URL for the site's logo, which should be 468 × 60 pixels Cobrand Image2 URL Required-URL for the site's logo, which must be 2 × 80 pixels, and a .gif Cobrand Image HREF Link for the logo image Cobrand Instruction Text Required-Instructions that will appear at the top of the .NET Passport Credential dialog box Registration Return URL URL of the file that users will be redirected to after login by default Terms of Use URL URL for the terms of use Edit URL URL to the page on the web devoted to editing user's data on your site Disable Copyright Checkbox that will disable the Microsoft copyright link presented in each .NET Passport module Disable Help Text Checkbox that will disable the Microsoft help file link presented in each .NET Passport module Mr. Pritesh N. Patel Page 9
  • 10. Table 7-1: .NET Passport Registration Information Item Description Disable Member Services Checkbox that will disable the Microsoft Member Services file link presented in each .NET Passport module Disable Privacy Policy Checkbox that will disable the Microsoft privacy policy file link presented in each .NET Passport module Disable Terms of Use Checkbox that will disable the Microsoft Terms of Use file link presented in each .NET Passport module Expire Cookie URL Required-URL for a file that deletes the .NET Passport cookies; this URL is called when the user performs a logout function Logout URL URL for a file that the passport system will send customers when they sign out of .NET Passport by clicking the .NET Passport Sign Out button The registration process identified in step 1 is rather comprehensive. You will also be presented with the .NET Passport Wizard, and you will be expected to establish a .NET Passport. After the wizard completes, you will see a series of Mr. Pritesh N. Patel Page 10
  • 11. web pages prompting you for information-some of which is mandatory to complete the process. Setting Up the Site for .NET Passport If you set up a web site or a web virtual directory to authenticate users via .NET Passport, the users will be presented with a .NET Passport login prompt when they request a file for the first time from the web site. The circumstances under which the user will be prompted for their credentials may vary, depending on the site application's use of the .NET Passport service. After the user enters a valid login and password, they are allowed to access the requested file. To set up IIS to provide .NET Passport authentication, follow these steps: 1. Open the IIS MMC snap-in and expand the Web Sites node in the left panel. 2. Right-click the respective web site or virtual directory that should authenticate using .NET Passport. Select Properties. 3. In the Properties window, select the Directory Security tab. 4. Click the Edit button under the Authentication And Access Control section. The Authentication Methods window will open. 5. Under the Authenticated Access section, check the .NET Passport Authentication checkbox. All other authentication methods will be disabled, since using .NET Passport authentication is a mutually exclusive option. Anonymous access can still be selected, however. 6. If you want, type a domain name in the Default Domain text box. This is the domain to which usernames will be assumed to belong on the host server after the .NET Passport server authenticates them. Realm may be used to identify the organization or domain to which users should be assumed to belong if the server participates in a non- Microsoft system. 7. Click the OK button to close the Authentication Methods window, and click the OK button to close the Properties window. If the .NET Passport service is set properly, users will be presented with a .NET Passport prompt that looks like the window shown in Figure 7-2, except the configurations described in Table 7-1 will exist in place of the default values shown in Figure 7-2. Mr. Pritesh N. Patel Page 11
  • 12. Figure 7-2: .NET Passport login prompt with the default configurations Mr. Pritesh N. Patel Page 12