By Mike Best
Security has often been the neglected stepchild of software development, but it is increasingly coming under closer scrutiny. As Web Services are deployed in greater numbers, the security of these access points into an organizations business processes can no longer be relegated to backseat status.
Generally, you will have three general security scenarios for a Web Service:
Those that are open to the general population, with no authentication
Those that are open to the general population, but with authentication
Those that are open to a controlled sub-set of users, such as a companys employees
For this article, we'll assume that some sort of security is required. In addition, to simulate the scenario that will be common for many Web Services, we'll assume that the user base of our Web Services will not be confined to those users within our intranet.
At this point it is important to define several terms that are used in the context of IIS and ASP.NET security:
Authentication is the process of determining the identity of the requester, and whether that identity exists within the set of known users.
Authorization is the process of determining if a given identity has the rights to perform a requested action.
Impersonation is the process of accessing resources as another user. In this case, it would be an ASP.NET application or Web Service accessing resources using a users permissions, rather than the default user account under which ASP.NET runs.
Because .NET Web Services are based upon IIS and ASP.NET, the security model for Web Services is inherited from these technologies. However, Web Services will have different considerations than ASP.NET applications when developing a security strategy. Obviously, Web Services do not have user interfaces with which users can interact.
You can think of the available security services as layers (see Figure 1 below). These layers sit upon one another, can be used in various combinations, and are provided by either IIS or the ASP.NET runtime. These various security implementations will be discussed in the next section.
More...
http://dotnetjunkies.com/Tutorial/5D8B6D51-97B7-4825-B919-49A721A3FDF6.dcik
skip to main |
skip to sidebar
Cool ASP.NET stuff that I found on the web while deploying my ASP.NET web site. All entries will have link to orginal source for the complete article. Developing on Windows XP and deploying web site on Windows Server 2003 using IIs. Development tools used are Visual Studio 2008, SQL 2005 and MySQL.
Blog Archive
-
▼
2008
(88)
-
▼
September
(67)
- Access two servers using same domain name
- Using the Windows Server 2003 Computer Management ...
- Creating a Master Site Template in Dreamweaver
- Dreamweaver templates
- Build a .NET App for Google Checkout
- ASP.NET: How to Integrate Both Google Checkout and...
- JavaScript load placement
- Javascript Q&A
- It's easy to install tEarn on Google's Blogger
- Step-by-Step tEarn install on Google's Blogger
- Want to be the next Google? Create enduring values
- You can serve video ads using Youtube
- Early Adopters, Super Influencers, Chrome, Safari Use
- Step-by-step guide to add tEarn to your Blog
- Using the AJAX Timer Control as an UpdatePanel Tri...
- CPC (cost per click) model is flawed
- Opening New Browser Windows
- Creating time delays in Javascript
- RSS Reader using ASP.NET 2.0 and C# 2005
- ASP.NET AJAX RSS Reader
- Consuming Membership and Profile Services via ASP....
- A Custom ASP.NET Server Control for Displaying RSS...
- W3 Scools, HTML, CSS Javascript, XML, Etc..
- Securing Your .NET Web Services
- Regular Expression Library
- Server-Side Validations Using Regular Expressions
- The Unoffical Cookie FAQ
- No title
- System.Net.Mail FAQ
- Sending Email with System.Net.Mail
- Manage Web Users With Custom Profile Providers
- Handy ASP.NET Email Control
- Send mail through .aspx C#
- Using Google Co-op's Custom Search Engine
- Multi User Chat Room Using ASP.NET 2.0 and AJAX
- ASP/SQL Server Based Chat program
- Simple Chat Application in ASP.NET
- Learning HTML
- Perfect Passwords - GRC's Ultra High Security Pass...
- C# WEPkey generator
- A Simple Passphrase Generator
- How To Get IP Address Of A Machine
- Xml-script tutorial
- HTML Parser
- Passing variables between pages using QueryString
- The Wall Street Journal Technology
- ASP.NET Page Lifecycle
- ASP.NET Page Life Cycle Overview
- FCKeditor - best free text editor for your ASP.Net...
- Cookies in JavaScript
- On The Care and Handling of Cookies
- Programmatically Removing items from a list control
- Cookies Across Domains
- Building and Consuming a Dynamic Sitemap in ASP.NE...
- Getting the Wrong Identity in Microsoft SQL Server...
- Adding a search facility to your website
- Current Lesson: StringBuilder
- Highlighting Multiple Search Keywords in ASP.NET
- How to: Programmatically Modify Site-Map Nodes in ...
- Simple MySQL Database test
- An ASP.NET Application Using a MySQL Database
- Using Parameterized Queries in ASP.Net
- Using Parameterized Queries in ASP.Net
- Frequently Asked ASP.Net Questions
- Application-level Trace Logging
- Google launches new chrome browser
- Google Crome Browser
-
▼
September
(67)
Posts
- Access two servers using same domain name
- Using the Windows Server 2003 Computer Management ...
- Creating a Master Site Template in Dreamweaver
- Dreamweaver templates
- Build a .NET App for Google Checkout
- ASP.NET: How to Integrate Both Google Checkout and...
- JavaScript load placement
- Javascript Q&A
- It's easy to install tEarn on Google's Blogger
- Step-by-Step tEarn install on Google's Blogger
- Want to be the next Google? Create enduring values...
- You can serve video ads using Youtube
- Early Adopters, Super Influencers, Chrome, Safari ...
- Using the AJAX Timer Control as an UpdatePanel Tri...
- CPC (cost per click) model is flawed
- Opening New Browser Windows
- Creating time delays in Javascript
- RSS Reader using ASP.NET 2.0 and C# 2005
- ASP.NET AJAX RSS Reader
- Consuming Membership and Profile Services via ASP....
- A Custom ASP.NET Server Control for Displaying RSS...
- W3 Scools, HTML, CSS Javascript, XML, Etc..
- Securing Your .NET Web Services
- Regular Expression Library
- Server-Side Validations Using Regular Expressions
- The Unoffical Cookie FAQ
- System.Net.Mail FAQ
- Sending Email with System.Net.Mail
- Manage Web Users With Custom Profile Providers
- Handy ASP.NET Email Control
- Send mail through .aspx C#
- Using Google Co-op's Custom Search Engine
- Multi User Chat Room Using ASP.NET 2.0 and AJAX
- ASP/SQL Server Based Chat program
- Simple Chat Application in ASP.NET
- Learning HTML
- Perfect Passwords - GRC's Ultra High Security Pass...
- C# WEPkey generator
- A Simple Passphrase Generator
- How To Get IP Address Of A Machine
- Xml-script tutorial
- HTML Parser
- Passing variables between pages using QueryString
- The Wall Street Journal Technology
- ASP.NET Page Lifecycle
- ASP.NET Page Life Cycle Overview
- FCKeditor - best free text editor for your ASP.Net...
Find your topic
Labels
- Advertising (1)
- Ajax (3)
- ASP.Net (50)
- Browser (2)
- C# (10)
- Cookies (2)
- CSS (1)
- database (6)
- Dreamweaver (2)
- Email (4)
- Exitmericals (1)
- Facebook (3)
- FAQ (4)
- Google Checkout (3)
- HTML (8)
- IIS (5)
- Javascript (6)
- Logfiles (1)
- master slave (1)
- MS SQL (2)
- MySQL (3)
- News (1)
- OpenID (1)
- Paypal (2)
- Performance (2)
- Regular Expressions (2)
- RSS (3)
- Search (1)
- Security (3)
- TCP/IP (1)
- Template (1)
- VB .Net (4)
- Windows 2003 (2)
- XML (1)
Posts
