|
|
|
|
|
Total Hits: 15 | Today: 0
|
Author: Samer Abu Rabie
|
Rating:
|
|
Security in web applications is something necessary nowadays; specially the everyday attacks are in increase. But in this article we are not gonna discuss the Authentication of a web application, we are going to discuss the a simple and powerfull way for Authorization instead. In Web Application Security Model there are two essential terms are in use: Authentication and Authorization, its very necessary to differentiate between the two mechanisms. Authorization is the mechanism of which systems ...
|
|
|
|
Total Hits: 25 | Today: 0
|
Author: AzamSharp
|
Rating:
|
|
In one of the previous articles we saw that we can use the web.config file to save our connection string. We also talked about the advantages which comes down to easily altering the connection string if it changes in the future. What we did not talked about was encrypting connection string. When we store the connection string in the web.config file it's stored in a readable form. If anyone can open the web.config file he can read the connection string and security will be jeopardize....
|
|
|
|
Total Hits: 42 | Today: 0
|
Author: Paul Glavich
|
Rating:
|
|
This article will demonstrate how to use Windows Integrated Authentication and Forms Authentication for one web application. Use Windows Integrated Authentication for seamless logon, and use Forms authentication for users unable to use Windows Integrated authentication (such as non-intranet users) and all with the same role-based access model....
|
|
|
|
Total Hits: 11 | Today: 0
|
Author: Keith Brown
|
Rating:
|
|
In my November 2001 column I focused on the unmanaged security context that is used in an ASP.NET application. It's very important to choose this security context wisely, as any calls to the operating system or to your own unmanaged DLLs and COM components will run here. This month, I'll focus on the way you can make use of your managed security context. ASP.NET provides several authentication mechanisms that result in a managed security context. Right now I'll stick with the Windows® authentica...
|
|
|
|
Total Hits: 38 | Today: 0
|
Author: Paul Glavich
|
Rating:
|
|
In an increasing number of the web applications I have had to design and work on, the client has requested the best of both worlds when it comes to authentication. Ideally, they would like their intranet users to be able to seamlessly logon on to the system (windows integrated authentication) and make authorization decisions based on their domain roles, as well as be able to have external parties log onto the system using standard forms authentication. In this article, I will show you one way of...
|
|
|
|
Total Hits: 27 | Today: 0
|
Author: Keith Brown
|
Rating:
|
|
In my November 2001 column I focused on the unmanaged security context that is used in an ASP.NET application. It's very important to choose this security context wisely, as any calls to the operating system or to your own unmanaged DLLs and COM components will run here. This month, I'll focus on the way you can make use of your managed security context. ASP.NET provides several authentication mechanisms that result in a managed security context. Right now I'll stick with the Windows® authentica...
|
|
|
|
Total Hits: 75 | Today: 0
|
Author: jignesh
|
Rating:
|
|
In this article I am concentrating on the validation of the Active Directory user through the ASP.NET pages and in fact you can validate the user in any sort of code (non-ASP.NET). The basic things remain the same but the implementation part will depend on the type of requirement. First of all you need to inclue the following code in the .cs file to freely use the directory services....
|
|
|
|
Total Hits: 82 | Today: 0
|
Author: Scott Guthrie
|
Rating:
|
|
In this article, Scott demonstrates how to share authentication cookies across ASP.NET 1.1 and 2.0 applications.
ASP.NET V1.0 introduced a powerful forms-authentication model that provides the infrastructure plumbing necessary to issue authentication tickets to incoming browsers as http cookies, and then automatically decrypt them on each request so that you can identify who the incoming browser user is....
|
|
|
|
Total Hits: 185 | Today: 0
|
Author: Steven Swafford
|
Rating:
|
|
If you have built a web application with classic ASP or even .NET 1.1, you know the amount of effort that went into creating form-based authentication. You pretty much had to do accomplish every tedious task such as building the login form and performing validation just to name a couple. If you wanted to utilize role-based management in an application, you had to write even more code! With the release of .NET 2.0 these days are behind us. Join Steven as he explains how to take advantage of these...
|
|
|
|
Total Hits: 241 | Today: 1
|
Author: Chris Sully
|
Rating:
|
|
A DotNetJohn reader recently expressed an interest in an article concerned with how one might proceed with performing forms authentication against SQLServer. Here it is! If you have any suggestions for topics you'd like to see covered within this site let webmaster@dotnetjohn.com know. One of my earlier articles for DotNetJohn was entitled Securing an ASP.NET Application - this offered an overview of the facilities ASP.NET and .NET provides for securing applications and introduced a (reasonably)...
|
|
|
|
Total Hits: 391 | Today: 0
|
Author: devhood
|
Rating:
|
|
Forms Authentication in ASP.NET can be a powerful feature. With very little code and effort, you can have a simple authentication system that is platform-agnostic. If your needs are more complex, however, and require more efficient controls over assets, you need the flexibility of groups. Windows Authentication gives you this flexibility, but it is not compatible with anything but Internet Explorer since it uses NTLM, Microsoft's proprietary authentication system. Now you must choose how to mana...
|
|
|
|
Total Hits: 445 | Today: 0
|
Author: MSDN
|
Rating:
|
|
For highly secure Web applications, such as Internet banking sites, you may want to implement a more secure solution for user authentication than the user name and password combination. You can use client-side digital certificates to verify the identity of the user. In addition, you can map client-side digital certificates to Windows accounts on the server if necessary....
|
|
|
|
Total Hits: 319 | Today: 0
|
|
Rating:
|
|
The Windows authentication provider relies on Internet Information Services (IIS) to authenticate requests based on metabase configuration settings. The ASP.NET ISAPI application runs in the Web server process and then simply hands the resulting token off to the ASP.NET worker process. Managed code in the worker process then creates a managed representation of this identity and assigns it to the thread it uses to call into your Web application. This managed representation is abstracted via two i...
|
|
|
|
Total Hits: 50 | Today: 1
|
Author: Nancy Michell
|
Rating:
|
|
How can I prevent users from disabling the Windows® XP SP2 pop-up blocker in Microsoft Internet Explorer?
Setting the permissions to "deny" on this registry key will pre-vent the user from changing the pop-up blocker settings:
Internet Explorer will have the pop-up blocker on by default....
|
|
|
|
Total Hits: 21 | Today: 0
|
Author: Dave Sussman
|
Rating:
|
|
ASP has been rebuilt from the ground up. The result? Active Server Pages+.
ASP+, with a host of new features, provides for easier to write, cleaner code that's simple to reuse and share. ASP+ boosts performance and scalability by offering access to complied languages; development is more intuitive thanks to Web Forms; and an object-oriented foundation facilitates reuse. Other important features include page events, Web Controls, and caching.
Server Controls and improvements in ...
|
|
|
|
Total Hits: 19 | Today: 0
|
Author: AzamSharp
|
Rating:
|
|
Sometimes we need to secure certain pages of the web application. These can be admin pages which should only be available to the admin of the website. The best way is to put all the pages that you want to be secured in a folder and secure the whole folder. In this article we will put a page in the Admin folder which will only be available to admin. In this article we will see how we can authenticate against the credentials stored in the Web.config file....
|
|
|
|
Total Hits: 16 | Today: 0
|
Author: Anik Mukherjee
|
Rating:
|
|
Now a days Automated and Dictionary attacks to login are very common security threat that every IT sector is quite aware of. There are many technique that can counter that problem.One of that is CAPTCHA(Completely Automatic Public Turing Test to Tell Computers and Humans Apart)- an image that contains characters and/or numbers that can be read only by human;its value then entered by the user. But it is a costly method as it is quite difficult to implement. We have to generate new images on the ...
|
|
|
|
Total Hits: 41 | Today: 0
|
Author: Pardesi Services LLC
|
Rating:
|
|
For those who are not familiar with concept of single sign on (SSO), this means is a mechanism where muliple applications use one place to authenticate. From a user's point of view this means that he or she does not have to log into every single application when he or she moves between applications. A very common example of this will be Microsoft Passport technology. You create one passport account and whenever you visit some application that uses Microsoft Passport as single sign on mechanism, ...
|
|
|
|
Total Hits: 111 | Today: 1
|
Author: Snijeesh
|
Rating:
|
|
ASP.NET Forms authentication allows users to identify themselves by entering credentials (a user name and password) into a Web Form. Upon receipt of these credentials, the Web application can authenticate the user by checking the user name and password combination against a data source.
This part describes how to authenticate users against the Microsoft Active Directory directory service by using the Lightweight Directory Access Protocol (LDAP)....
|
|
|
|
Total Hits: 26 | Today: 0
|
Author: Tom Zhang
|
Rating:
|
|
In this article Tom presents a methodology for cross web site authentication (form authentication) and data transfer using ASP.NET 2.0, SQL Server 2005, web services, and Microsoft Enterprise Library....
|
|
|
|
|
|
