Demonstrations
Demonstrations
Configuring IIS for SSL
Configuring IIS for SSL
Configuring ASP.NET Security
Configuring ASP.NET Security
Using forms authentication with Microsoft
Using forms authentication with Microsoft
®
®
SQL Server™
SQL Server™
Creating a GenericPrincipal object for roles-based authorization
Creating a GenericPrincipal object for roles-based authorization
Before We Start !
Before We Start !
SSL IS NOT WEB APPLICATION
SSL IS NOT WEB APPLICATION
SECURITY
SECURITY
Required Reading
Required Reading
Secure Development
Secure Development
Agenda
Agenda
Planning for ASP.NET application security
Planning for ASP.NET application security
Configuring security
Configuring security
Programming security
Programming security
Securing secrets
Securing secrets
ASP.NET process identity
ASP.NET process identity
Impersonation
Impersonation
Accessing resources
Accessing resources
Securing state information
Securing state information
Web farm considerations
Web farm considerations
Securing all tiers
Securing all tiers
Planning for ASP.NET Web
Planning for ASP.NET Web
Application Security
Application Security
Authentication and Authorization
Authentication and Authorization
Authentication / authorization request flow
Authentication / authorization request flow
Planning for ASP.NET Web
Planning for ASP.NET Web
Application Security
Application Security
Authentication and Authorization
Authentication and Authorization
Identify resources exposed to client
Identify resources exposed to client
Identify resource for app
Identify resource for app
Choose authorization strategy
Choose authorization strategy
Role-based
Role-based
Resource-based
Resource-based
Planning for ASP.NET Web
Planning for ASP.NET Web
Application Security
Application Security
Authentication and Authorization
Authentication and Authorization
Choose Identities Used to Access Resources
Choose Identities Used to Access Resources
ASP.NET process identity (default)
ASP.NET process identity (default)
Custom identity
Custom identity
Original caller
Original caller
Fixed identity
Fixed identity
Decide on identity flow
Decide on identity flow
To the application
To the application
To the operating system
To the operating system
Planning for ASP.NET Web
Planning for ASP.NET Web
Application Security
Application Security
Authentication and Authorization
Authentication and Authorization
Choosing an authentication approach
Choosing an authentication approach
Internet scenarios
Internet scenarios
Start
Start
Users don’t have
Users don’t have
Windows accounts
Windows accounts
or certificates
or certificates
Interactive
Interactive
Web app?
Web app?
Use GXA WS-
Use GXA WS-
Security
Security
Authentication
Authentication
Use
Use
Passport or
Passport or
Forms
Forms
Authentication
Authentication
No – Web Service
No – Web Service
Yes
Yes
Planning for ASP.NET Web
Planning for ASP.NET Web
Application Security
Application Security
Authentication and Authorization
Authentication and Authorization
Choosing an authentication approach
Choosing an authentication approach
Không có nhận xét nào:
Đăng nhận xét