ASP.NET 中認證安全特征評述[外文翻譯]



包括英文原文和中文翻譯



ASP. NET 中認證安全特征評述


Narcisio Tumushabe ,譚冠正(音譯)

(中南大學計算機科學與信息技術學院, 湖南長沙410083)


摘　要: 討論了服務應用時支持安全的ASP. NET 認證特征,微軟的互聯(lián)網(wǎng)信息服務( IIS) 和ASP.NET 提供了安全模式,使Web 開發(fā)者恰當?shù)卣J證其使用者,并在應用過程中獲得正確的安全之本. 三個層次的認證是基于表單的,身份證書和視窗認證. 綜述文獻僅限于上述三個領域.


關　鍵　詞: 表單; 身份證書; 視窗認證

中圖分類號: TP 393108 　文獻標識碼: A   文章編號: 1000 - 1646 (2003) 03 - 0250 - 05


安全是開發(fā)人員和應用程序架構師首要關注的問題。由于不同類型的網(wǎng)站有不同的安全需要，開發(fā)人員需要知道需要什么程度的安全運行，并為他們的程序選擇適當?shù)陌踩Ｊ健Ｓ行┚W(wǎng)站發(fā)布的信息不來自用戶，而是通過搜索引擎等廣泛渠道來收集。另外一些網(wǎng)站，可能要收集用戶的敏感信息，比如信用卡號碼，這些網(wǎng)站需要非常嚴格的安全措施，以避免來自外部的惡意攻擊。


 




An overview of authentication security features in ASP. NET

Narcisio Tumushabe , TAN Guan-zheng

  (School of Computer Science and Information Technology , Central South University , Changsha 410083 , China)




Abstract : This article discusses the authentication feature of the ASP. NET to support security when designing a server application. Both Microsoft Internet Information Services ( IIS) and ASP. NET provide security models that will allow web developers to authenticate the your users appropriately and obtain the correct security context within the application. Three levels of authentication covered are the Formsbased , passport and windows authentications. The article literature is limited to these three areas.

Key words : Forms2based; passport ; windows authentication

CLC number : TP 393108  Document code : A   Article ID : 1000 - 1646 (2003) 03 - 0250 - 05

　Security is one of the primary concerns forboth developers and application architect s. As there are lot s of different types of websites with varying security needs , the developers need to know how the security works and choose the appropriate security model for their applications. Some websites collect no information from the users and publish the information that is available widely such as search engine. There are other sites that may need to collect sensitive information f rom their users like  credit card numbers. These websites need muchst ronger security implementation to avoid malicious  attacks f rom external entities.