.NET Tutorials, Forums, Interview Questions And Answers
Welcome :Guest
 
Sign In
Register
 
Win Surprise Gifts!!!
Congratulations!!!


Top 5 Contributors of the Month
david stephan

Home >> Articles >> ASP.NET >> Post New Resource Bookmark and Share   

 Subscribe to Articles

Security model of Internet Information Services for ASP.NET

Posted By:Vishal Nayan       Posted Date: April 28, 2011    Points: 200    Category: ASP.NET    URL: http://www.dotnetspark.com  

IIS has its own security configuration and even any request which reaches ASP.NET runtime, IIS verifies the request with its own security configuration. So the first gatekeeper in ASP.NET security pipeline is actually IIS. So let us understand those security mechanism which IIS implements
 

IIS has its own security configuration and even for any request reaching the ASP.NET runtime, IIS verifies the request with it's own security configuration. So the first gatekeeper in the ASP.NET security pipeline is actually IIS. So let us understand those security mechanisms which IIS implements:
1. Authentication: IIS support following authentication mechanism

  • Basic authentication:
  • Digest authentication
  • Passport authentication
  • Window authentication
  • Certificate authentication


Point to remember:

  1. Any authentication which IIS performs results into an authenticated window user, so this means that IIS supports authenticating window users only.
  2. If ASP.NET is configured to support form or window authentication, then configure IIS to support basic or digest authentication.
  3. If ASP.NET is configured to support form or custom authentication, then configure IIS to support anonymous access.
  4. With XP, it comes with IIS 5.x
  5. With Server 2003, it is IIS 6.0


How to configure IIS for authentication:

Point to member here

  1. When the Anonymous User option is checked then everyone is given access to a web page and it overrides all authentication settings.
     
  2. If IIS is configured to anonymous authentication, we can still use ASP.NET-based security to authenticate users either with ASP.NET-integrated mechanisms such as forms authentication or a custom type of authentication.

    IIS1.gif
     
  3. Windows authentication configures IIS to validate the credentials of the user against a Windows account configured either on the local machine or within the domain. A Credential submitted by a user is verified against the Windows account.
     
  4. When Basic Authentication is checked it defines an additional HTTP header for transmitting user names and password across the wire but nothing is encrypted here. It is transmitted in the form of a base64 encoding.

    IIS2.gif
     
  5. Digest authentication is similar to basic authentication with the difference that instead of sending credentials in the form of Base64 encoding, user password and username are hashed.


2. Authorization (IIS 6.0) Here we can configure the IP address restriction with IIS. This gives us the privilege to restrict access to the web server from a machine specified in the list

IIS3.gif

So here we learned about security configurations in different versions of IIS-from IIS 5.x and IIS 6.0.

Hope you enjoyed reading.

Click for the next hour of reading: How to perform form authentication in ASP.NET.

Cheers.

 Subscribe to Articles

     

Further Readings:

Responses

No response found. Be the first to respond this post

Post Comment

You must Sign In To post reply
Find More Articles on C#, ASP.Net, Vb.Net, SQL Server and more Here

Hall of Fame    Twitter   Terms of Service    Privacy Policy    Contact Us    Archives   Tell A Friend