+ All Categories
Home > Documents > Chapter 13 – Site Security. Internet Information Server ASP.NET Applications.NET Framework Windows...

Chapter 13 – Site Security. Internet Information Server ASP.NET Applications.NET Framework Windows...

Date post: 21-Dec-2015
Category:

Documents
View: 217 times
Download: 1 times
Download Report this document
Share this document with a friend
28
Chapter 13 – Site Chapter 13 – Site Security Security
Transcript
Page 1: Chapter 13 – Site Security. Internet Information Server ASP.NET Applications.NET Framework Windows NT/2000 Operating System Forms Passport Windows Certificates.

Chapter 13 – Site Chapter 13 – Site SecuritySecurity

Page 2: Chapter 13 – Site Security. Internet Information Server ASP.NET Applications.NET Framework Windows NT/2000 Operating System Forms Passport Windows Certificates.

InternetInformation

Server

ASP.NETApplications

.NETFramework

Windows NT/2000Operating System

FormsPassportWindowsCertificates

AnonymousStandardWindowsDigest

Code Access Security

Active DirectoryFile Permissions

WebClients

SSL

Page 3: Chapter 13 – Site Security. Internet Information Server ASP.NET Applications.NET Framework Windows NT/2000 Operating System Forms Passport Windows Certificates.

WebClients

Get Default.aspx

SecurityAuthority

WindowsForms

PassportCustom

user id=GlennJ password=hi2u2!

Who are you? Provide proof.

Ok, here is Default.aspx

AuthenticationAuthentication

Page 4: Chapter 13 – Site Security. Internet Information Server ASP.NET Applications.NET Framework Windows NT/2000 Operating System Forms Passport Windows Certificates.

WebClients

GlennJ says: Select * from Orders

Is GlennJAuthorized to

retrieve theOrders?

Here are the Orders.

AuthorizationAuthorization

Page 5: Chapter 13 – Site Security. Internet Information Server ASP.NET Applications.NET Framework Windows NT/2000 Operating System Forms Passport Windows Certificates.

WorkgroupClient

WorkgroupClient

WorkgroupClient

WorkgroupClient

Directory UsersAdministratorRandyGarySueDirectory GroupsUsersManagers

Directory UsersAdministratorRandyGarySueDirectory GroupsUsersManagers

Directory UsersAdministratorRandyGarySueDirectory GroupsUsersManagers

Directory UsersAdministratorRandyGarySueDirectory GroupsUsersManagers

Page 6: Chapter 13 – Site Security. Internet Information Server ASP.NET Applications.NET Framework Windows NT/2000 Operating System Forms Passport Windows Certificates.

Local User Account CreationLocal User Account Creation

Page 7: Chapter 13 – Site Security. Internet Information Server ASP.NET Applications.NET Framework Windows NT/2000 Operating System Forms Passport Windows Certificates.

DomainWorkstation

DomainWorkstation

DomainWorkstation

DomainWorkstation

Active Directory UsersAdministratorRandyGarySueActive Directory GroupsDomain UsersManagers

DomainController

Directory GroupsUsersPrinter Users

Directory GroupsUsersScanner Users

Directory GroupsUsersFile System Users

Directory GroupsUsersHR Users

Page 8: Chapter 13 – Site Security. Internet Information Server ASP.NET Applications.NET Framework Windows NT/2000 Operating System Forms Passport Windows Certificates.

Discretionary Access Control List (DACL)Discretionary Access Control List (DACL)ManagersManagers Read and Execute, WriteRead and Execute, Write

UsersUsers Read and ExecuteRead and Execute

SueSue Full Control, Member of UsersFull Control, Member of Users

GlennGlenn Deny Write, Member of Users, ManagersDeny Write, Member of Users, Managers

SalesData.xml

Glenn

Sue

Effective Permissions

Read and Execute

Effective PermissionsFull Control

Access Control Entries(ACEs)

Page 9: Chapter 13 – Site Security. Internet Information Server ASP.NET Applications.NET Framework Windows NT/2000 Operating System Forms Passport Windows Certificates.

IIS SecurityIIS Security

Page 10: Chapter 13 – Site Security. Internet Information Server ASP.NET Applications.NET Framework Windows NT/2000 Operating System Forms Passport Windows Certificates.

BrowserClient

Web SiteServer

Initiate Conversation - Can we talk?

Here is an encrypted session key

Hi - here's my certificate containing the public key, signed by CA's private key

Communication with session key

ValidateDigital

Certificate

Page 11: Chapter 13 – Site Security. Internet Information Server ASP.NET Applications.NET Framework Windows NT/2000 Operating System Forms Passport Windows Certificates.

IIS Certificate WizardIIS Certificate Wizard

Page 12: Chapter 13 – Site Security. Internet Information Server ASP.NET Applications.NET Framework Windows NT/2000 Operating System Forms Passport Windows Certificates.

Certificate BackupCertificate Backup

Page 13: Chapter 13 – Site Security. Internet Information Server ASP.NET Applications.NET Framework Windows NT/2000 Operating System Forms Passport Windows Certificates.

Certificate RestoreCertificate Restore

Page 14: Chapter 13 – Site Security. Internet Information Server ASP.NET Applications.NET Framework Windows NT/2000 Operating System Forms Passport Windows Certificates.

SSL ConfigurationSSL Configuration

Page 15: Chapter 13 – Site Security. Internet Information Server ASP.NET Applications.NET Framework Windows NT/2000 Operating System Forms Passport Windows Certificates.

ASP.NETAuthentication

Run asUser Account

or IUSR

Run Using<processModel>

Account (ASPNET)

Internet Information Server

Authentication

IP and DomainAcceptable?

UserAuthentication

ImpersonationEnabled?

Yes

No

PerformASP.NET

Security Checks

Check WindowsDACL forResource

Permissions

Request is Authorized - Respond to User

Page 16: Chapter 13 – Site Security. Internet Information Server ASP.NET Applications.NET Framework Windows NT/2000 Operating System Forms Passport Windows Certificates.

BrowserClient

Web SiteServer1. Request protected resource

GET mydoc.aspx

3. Get login page - login.aspx?RETURNURL=/mydoc.aspx

5. POST login.aspx?RETURNURL=/mydoc.aspx

2. Redirect to login page http://www.site.com/login.aspx?RETURNURL=/mydoc.aspx

4. login.aspx

7. Redirect to mydoc.aspx with authentication cookie

6.Authenticate User

8. Request protected resource with authentication cookieGET mydoc.aspx

9. mydoc.asmx

Page 17: Chapter 13 – Site Security. Internet Information Server ASP.NET Applications.NET Framework Windows NT/2000 Operating System Forms Passport Windows Certificates.

Login PageLogin Page

Page 18: Chapter 13 – Site Security. Internet Information Server ASP.NET Applications.NET Framework Windows NT/2000 Operating System Forms Passport Windows Certificates.

machine.configmachine.config

allow users="*"allow users="*"

Web.config at / ( root )Web.config at / ( root )

( no entries )( no entries )

Web.config at /customersWeb.config at /customers

allow users="Joe"allow users="Joe"

deny users="*"deny users="*"

Web.config at /customers/salesWeb.config at /customers/sales

allow users="Mary"allow users="Mary"

Web.config at Web.config at /customers/sales/reports/customers/sales/reports

allow users="Mary,Joe"allow users="Mary,Joe"

deny users="*"deny users="*"

Page 19: Chapter 13 – Site Security. Internet Information Server ASP.NET Applications.NET Framework Windows NT/2000 Operating System Forms Passport Windows Certificates.

AuthenticationTypeNameIsAuthenticated

IIdentity

AuthenticationTypeNameIsAuthenticatedTicket

FormsIdentityAuthenticationTypeNameIsAuthenticatedIsGuestIsSystemTokenGetAnonymous( )GetCurrent( )Impersonate( )

WindowsIdentityAuthenticationTypeNameIsAuthenticatedHasTicketGetProfileObject( )

PassportIdentityAuthenticationTypeNameIsAuthenticated

GenericIdentity

Page 20: Chapter 13 – Site Security. Internet Information Server ASP.NET Applications.NET Framework Windows NT/2000 Operating System Forms Passport Windows Certificates.

IdentityIsInRole( )

IPrincipal

IdentityIsInRole( )

WindowsPrincipalIdentityIsInRole( )

GenericPrincipal

Page 21: Chapter 13 – Site Security. Internet Information Server ASP.NET Applications.NET Framework Windows NT/2000 Operating System Forms Passport Windows Certificates.

Forms Authentication UsingForms Authentication UsingDatabase AccessDatabase Access

Page 22: Chapter 13 – Site Security. Internet Information Server ASP.NET Applications.NET Framework Windows NT/2000 Operating System Forms Passport Windows Certificates.

Populated DatabasePopulated Database

Page 23: Chapter 13 – Site Security. Internet Information Server ASP.NET Applications.NET Framework Windows NT/2000 Operating System Forms Passport Windows Certificates.

Database AccessDatabase Access

Page 24: Chapter 13 – Site Security. Internet Information Server ASP.NET Applications.NET Framework Windows NT/2000 Operating System Forms Passport Windows Certificates.

Permissions

Permissions

Permissions

Retrieve EvidenceFrom Assembly

Retrieve EvidenceFrom Assembly

Code Groups 3

Strong Name

My_Computer_Zone

Assign into Code Groups

UNIONed Permissions

Intersect Policy Permissions

• Enterprise• Machine• User• Application Domain

Code Access SecurityCode Access Security

Page 25: Chapter 13 – Site Security. Internet Information Server ASP.NET Applications.NET Framework Windows NT/2000 Operating System Forms Passport Windows Certificates.

Security Policy AdministrationSecurity Policy Administration

Page 26: Chapter 13 – Site Security. Internet Information Server ASP.NET Applications.NET Framework Windows NT/2000 Operating System Forms Passport Windows Certificates.

Testing Code Access SecurityTesting Code Access Security

Page 27: Chapter 13 – Site Security. Internet Information Server ASP.NET Applications.NET Framework Windows NT/2000 Operating System Forms Passport Windows Certificates.

Testing Code Access SecurityTesting Code Access Security

Page 28: Chapter 13 – Site Security. Internet Information Server ASP.NET Applications.NET Framework Windows NT/2000 Operating System Forms Passport Windows Certificates.

LabLab

Require Login to Customer siteRequire Login to Customer site


Recommended
Docker All The Things - ASP.NET 4.x and Windows Server Containers

Docker All The Things - ASP.NET 4.x and Windows Server Containers

Technology

Visual C# - Reflection IT •Visual C# ASP.NET WebForms& MVC, Silverlight, Windows Phone, Windows 8 • SQLServer • Trainer

Visual C# - Reflection IT •Visual C# ASP.NET WebForms& MVC, Silverlight, Windows Phone, Windows 8 • SQLServer • Trainer

Documents

1 Hammad Khan. COURSE CONTENTS.NET Framework And C# SQL Server 2008 ADO.NET LINQ ASP.NET Dynamics Data ASP.NET MVC framework 2 Advance C# Concepts Windows.

1 Hammad Khan. COURSE CONTENTS.NET Framework And C# SQL Server 2008 ADO.NET LINQ ASP.NET Dynamics Data ASP.NET MVC framework 2 Advance C# Concepts Windows.

Documents

ASP.Net Core Introduction - dnn-connect.org · What is ASP.Net Core 1.0 (aka ASP.Net 5 aka ASP.Net vNext) •New Stack for Web Development •Cross Platform (Windows, Linux, Mac)

ASP.Net Core Introduction - dnn-connect.org · What is ASP.Net Core 1.0 (aka ASP.Net 5 aka ASP.Net vNext) •New Stack for Web Development •Cross Platform (Windows, Linux, Mac)

Documents

Introduction to ASP.NET 5 and MVC 6 - files.meetup.com file•Windows-only server that allows ASP.NET to be hosted outside IIS, •Runs directly on Http.Sys kernel driver of windows

Introduction to ASP.NET 5 and MVC 6 - files.meetup.com file•Windows-only server that allows ASP.NET to be hosted outside IIS, •Runs directly on Http.Sys kernel driver of windows

Documents

Components of Windows Azure - more detail. Windows Azure Components Windows Azure PaaS ApplicationsWindows Azure Service Model Runtimes.NET 3.5/4, ASP.NET,

Components of Windows Azure - more detail. Windows Azure Components Windows Azure PaaS ApplicationsWindows Azure Service Model Runtimes.NET 3.5/4, ASP.NET,

Documents

Windows 2003 Application Server Setup with ASP.NET Support … · 2019-05-09 · Windows 2003 Application Server Setup with ASP.NET Support Login as Administrator ... Have your Windows

Windows 2003 Application Server Setup with ASP.NET Support … · 2019-05-09 · Windows 2003 Application Server Setup with ASP.NET Support Login as Administrator ... Have your Windows

Documents

OAuth-as-a-service using ASP.NET Web API and Windows Azure Access Control - WebNetConf

OAuth-as-a-service using ASP.NET Web API and Windows Azure Access Control - WebNetConf

Technology

Introduction to ASP.NET 5 and MVC 6 - Meetupfiles.meetup.com/16095872/ASPNET5MVC6.pdf · •Windows-only server that allows ASP.NET to be hosted outside IIS, •Runs directly on Http.Sys

Introduction to ASP.NET 5 and MVC 6 - Meetupfiles.meetup.com/16095872/ASPNET5MVC6.pdf · •Windows-only server that allows ASP.NET to be hosted outside IIS, •Runs directly on Http.Sys

Documents

Run your Dockerized ASP.NET application on Windows and Linux!

Run your Dockerized ASP.NET application on Windows and Linux!

Software

Certification Paths at a Glance€¦ · Windows Presentation Foundation Applications.NET Framework 3.5, Windows Forms Applications.NET Framew Windows Communication oundation Applications.NET

Certification Paths at a Glance€¦ · Windows Presentation Foundation Applications.NET Framework 3.5, Windows Forms Applications.NET Framew Windows Communication oundation Applications.NET

Documents

NetAdvantage for - Infragisticsin ASP.NET applications. NetAdvantage AppStylist provides two tools--NetAdvantage AppStylist for Windows Forms and NetAdvantage AppStylist for ASP.NET.

NetAdvantage for - Infragisticsin ASP.NET applications. NetAdvantage AppStylist provides two tools--NetAdvantage AppStylist for Windows Forms and NetAdvantage AppStylist for ASP.NET.

Documents

Pro Visual C++/CLI and the .NET 3.5 Platform … · † Application development technologies like ASP.NET, Windows Forms, ADO.NET, Windows Presentation Foundation, Windows Communication

Pro Visual C++/CLI and the .NET 3.5 Platform … · † Application development technologies like ASP.NET, Windows Forms, ADO.NET, Windows Presentation Foundation, Windows Communication

Documents

Windows 10 and UWP€¦ · A Brief History of .NET.NET Windows Desktop Windows Store Windows Phone ASP.NET 4 ASP.NET 5.NET today. Visual Studio Live! Redmond 2016 W20 ‐Using Universal

Windows 10 and UWP€¦ · A Brief History of .NET.NET Windows Desktop Windows Store Windows Phone ASP.NET 4 ASP.NET 5.NET today. Visual Studio Live! Redmond 2016 W20 ‐Using Universal

Documents

Building ASP.NET Apps in Windows Azure

Building ASP.NET Apps in Windows Azure

Documents

Windows Development Day 28/01/05 Bologna Windows Longhorn, Avalon and XAML Daniele Bochicchio daniele@aspitalia.com Microsoft ASP.NET MVP Daniele Bochicchio.

Windows Development Day 28/01/05 Bologna Windows Longhorn, Avalon and XAML Daniele Bochicchio [email protected] Microsoft ASP.NET MVP Daniele Bochicchio.

Documents

ASP.NET MVC+ Windows Azure: step by step guide

ASP.NET MVC+ Windows Azure: step by step guide

Technology

REGIMEN TRIBUTARIO SIMPLIFICADO - Windows Web Hosting ASP.NET

REGIMEN TRIBUTARIO SIMPLIFICADO - Windows Web Hosting ASP.NET

Documents