Chapter 6Security and Reliability of Distributed Software and SystemsLecture 23Forms-Based SecurityText Chapter 6.2Yinong Chen
Y. Chen2Roadmap of Chapter 6General Security & Reliability Concepts (Text Section 6.1)IIS Roles and Windows-Based Security MechanismForms-Based SecurityCreating an independent security system for Web access control and resource authorization(Text Section 6.2)Data Encryption and DecryptionReliability and Security in Windows Communication FoundationError Control and Secure Socket Layer for Secure HTTP Connection
Y. Chen4Entry Point Control in Web.config File<configuration><system.web><authentication mode=“Forms" /><identity impersonate=“false"/></system.web></configuration>Make sure that the same credential coming from the IIS is appliedCan be Forms, Windows, or NoneThe identity element’s attribute impersonate is used for control the access to the resources (files) on the server’s hard drive.
Y. ChenImpersonation enabled with true or false value<identity impersonate = "true" userName="domain\user" password="password" /> ASP.NET impersonates the token generated using this identity specified in the Web.config file given in the identity element. This feature is useful for developers to test the program using a different account.<identity impersonate = "false" > ASP.NET impersonates the token passed to it by IIS, which is either an authenticated user or the anonymous Internet user account. This is the common use.6
Y. Chen7Forms SecurityForms security is a common way of implementing access control in Web applications.Simply ask a user to type credentials (typically a user name and a password) into a Web form. The credentials can be issued by the administrator, e.g., using a password generator, orthrough self-registrationThe credentials can be saved in different places and in different