ASP.NET 中認(rèn)證安全特征評(píng)述[外文翻譯]



包括英文原文和中文翻譯



ASP. NET 中認(rèn)證安全特征評(píng)述


Narcisio Tumushabe ,譚冠正(音譯)

(中南大學(xué)計(jì)算機(jī)科學(xué)與信息技術(shù)學(xué)院, 湖南長(zhǎng)沙410083)


摘　要: 討論了服務(wù)應(yīng)用時(shí)支持安全的ASP. NET 認(rèn)證特征,微軟的互聯(lián)網(wǎng)信息服務(wù)( IIS) 和ASP.NET 提供了安全模式,使Web 開發(fā)者恰當(dāng)?shù)卣J(rèn)證其使用者,并在應(yīng)用過(guò)程中獲得正確的安全之本. 三個(gè)層次的認(rèn)證是基于表單的,身份證書和視窗認(rèn)證. 綜述文獻(xiàn)僅限于上述三個(gè)領(lǐng)域.


關(guān)　鍵　詞: 表單; 身份證書; 視窗認(rèn)證

中圖分類號(hào): TP 393108 　文獻(xiàn)標(biāo)識(shí)碼: A   文章編號(hào): 1000 - 1646 (2003) 03 - 0250 - 05


安全是開發(fā)人員和應(yīng)用程序架構(gòu)師首要關(guān)注的問題。由于不同類型的網(wǎng)站有不同的安全需要，開發(fā)人員需要知道需要什么程度的安全運(yùn)行，并為他們的程序選擇適當(dāng)?shù)陌踩Ｊ健Ｓ行┚W(wǎng)站發(fā)布的信息不來(lái)自用戶，而是通過(guò)搜索引擎等廣泛渠道來(lái)收集。另外一些網(wǎng)站，可能要收集用戶的敏感信息，比如信用卡號(hào)碼，這些網(wǎng)站需要非常嚴(yán)格的安全措施，以避免來(lái)自外部的惡意攻擊。


 




An overview of authentication security features in ASP. NET

Narcisio Tumushabe , TAN Guan-zheng

  (School of Computer Science and Information Technology , Central South University , Changsha 410083 , China)




Abstract : This article discusses the authentication feature of the ASP. NET to support security when designing a server application. Both Microsoft Internet Information Services ( IIS) and ASP. NET provide security models that will allow web developers to authenticate the your users appropriately and obtain the correct security context within the application. Three levels of authentication covered are the Formsbased , passport and windows authentications. The article literature is limited to these three areas.

Key words : Forms2based; passport ; windows authentication

CLC number : TP 393108  Document code : A   Article ID : 1000 - 1646 (2003) 03 - 0250 - 05

　Security is one of the primary concerns forboth developers and application architect s. As there are lot s of different types of websites with varying security needs , the developers need to know how the security works and choose the appropriate security model for their applications. Some websites collect no information from the users and publish the information that is available widely such as search engine. There are other sites that may need to collect sensitive information f rom their users like  credit card numbers. These websites need muchst ronger security implementation to avoid malicious  attacks f rom external entities.