SlideShare une entreprise Scribd logo

2310 b 16

Télécharger en tant que PPT, PDF
K
Krazy Koder
Technologie
1  sur  26
Module 16: Securing a Microsoft ASP.NET Web Application
Overview ,[object Object],[object Object],[object Object],[object Object]
Lesson: Web Application Security Overview ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Authentication vs. Authorization ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
What Are ASP.NET Authentication Methods? ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Multimedia: ASP.NET Authentication Methods
Comparing the ASP.NET Authentication Methods ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],Advantages ,[object Object],[object Object],Microsoft Passport Authentication ,[object Object],Forms-based Authentication ,[object Object],Windows-based Authentication Disadvantages Method
What Are the IIS Authentication Mechanisms? High Medium Low (Medium with SSL) None Security Level ,[object Object],[object Object],[object Object],Integrated Windows ,[object Object],[object Object],[object Object],Digest ,[object Object],[object Object],[object Object],Basic ,[object Object],Anonymous Description Mechanisms
Demonstration: Using IIS Authentication Mechanisms ,[object Object],[object Object],[object Object],[object Object],methods
What Is Secure Sockets Layer? ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Lesson: Working with Windows-Based Authentication ,[object Object],[object Object],[object Object]
How to Enable Windows-Based Authentication ,[object Object],[object Object],[object Object],[object Object],[object Object],1 2 <system.web> <authentication mode=&quot;Windows&quot; /> </system.web>
How to Enable Windows-Based Authentication ( continued ) ,[object Object],[object Object],<location path=&quot;ShoppingCart.aspx&quot;> <system.web> <authorization> <deny users=&quot;?&quot;/> </authorization> </system.web> </location> 4 3
Reading User Information ,[object Object],lblAuthUser.Text = User.Identity.Name lblAuthType.Text = User.Identity.AuthenticationType lblIsAuth.Text = User.Identity.IsAuthenticated lblAuthUser.Text = User.Identity.Name; lblAuthType.Text = User.Identity.AuthenticationType; lblIsAuth.Text = User.Identity.IsAuthenticated;
Demonstration: Using Windows-Based Authentication ,[object Object],[object Object],[object Object],[object Object],[object Object]
Lesson: Working with Forms-Based Authentication ,[object Object],[object Object],[object Object],[object Object],[object Object]
Overview of Forms-Based Authentication Client requests page Authorized ASP.NET Forms Authentication Not Authenticated Authenticated Logon Page (Users enter their credentials) Authenticated Authentication Cookie Authorized Not Authenticated Access Denied Requested Secure Page IIS Username Password Someone *********** Submit 1 2 3 4 6 5 7  
Multimedia: Forms-Based Authentication
How to Enable Forms-Based Authentication ,[object Object],[object Object],[object Object],[object Object],1 2 3 4 <authentication mode=&quot;Forms&quot; > < forms name=&quot;.namesuffix&quot; loginUrl=&quot;login.aspx&quot; /> </authentication>
[object Object],[object Object],[object Object],[object Object],Creating a Logon Page Sub cmdLogin_Click(s As Object, e As eventArgs) If (login(txtEmail.Text, txtPassword.Text)) FormsAuthentication.RedirectFromLoginPage(txtEmail.Text, False) End If End Sub private void cmdLogin_Click(object sender, EventArgs e) { if (login(txtEmail.Text, txtPassword.Text)) FormsAuthentication.RedirectFromLoginPage(txtEmail.Text, false); }
Demonstration: Using Forms-Based Authentication ,[object Object],[object Object],[object Object],[object Object],[object Object]
Lesson: Overview of Microsoft Passport Authentication ,[object Object],[object Object]
How Microsoft Passport Works Website.msft Client Passport.com The client requests a page from the host 1 2 3 4 5 The site redirects the client to Passport.com The client is redirected and logs on to Passport.com Passport returns a cookie with the ticket information 6 The client accesses the host, this time with ticket information The host returns a Web Form and possibly a new cookie that it can read and write
Other Microsoft Passport Resources ,[object Object],[object Object],[object Object]
Review ,[object Object],[object Object],[object Object],[object Object]
Lab 16: Securing a Microsoft ASP.NET Web Application Medical Medical.aspx Benefits Home Page Default.aspx Life Insurance Life.aspx Retirement Retirement.aspx Dental Dental.aspx Dentists Doctors Doctors.aspx Doctors Logon Page Login.aspx Registration Register.aspx Coho Winery Prospectus Prospectus.aspx XML Web Service dentalService1.asmx Page Header Header.ascx ASPState tempdb Lab Web Application User Control namedate.ascx Menu Component Class1.vb or Class1.cs XML Files Web. config

Recommandé

Simplify user application authentication using Microsoft Identity Platform
Simplify user application authentication using Microsoft Identity PlatformSimplify user application authentication using Microsoft Identity Platform
Simplify user application authentication using Microsoft Identity PlatformManoj Mittal
 
Secure Code Warrior - Cookies and sessions
Secure Code Warrior - Cookies and sessionsSecure Code Warrior - Cookies and sessions
Secure Code Warrior - Cookies and sessionsSecure Code Warrior
 
Secure Code Warrior - Local storage
Secure Code Warrior - Local storageSecure Code Warrior - Local storage
Secure Code Warrior - Local storageSecure Code Warrior
 
Secure Code Warrior - Authentication
Secure Code Warrior - AuthenticationSecure Code Warrior - Authentication
Secure Code Warrior - AuthenticationSecure Code Warrior
 
OAuth 2.0 Misconceptions
OAuth 2.0 MisconceptionsOAuth 2.0 Misconceptions
OAuth 2.0 MisconceptionsCory Forsyth
 
Securing Single Page Applications with Token Based Authentication
Securing Single Page Applications with Token Based AuthenticationSecuring Single Page Applications with Token Based Authentication
Securing Single Page Applications with Token Based AuthenticationStefan Achtsnit
 
Secure Code Warrior - Cross site scripting
Secure Code Warrior - Cross site scriptingSecure Code Warrior - Cross site scripting
Secure Code Warrior - Cross site scriptingSecure Code Warrior
 
Web application attack Presentation
Web application attack PresentationWeb application attack Presentation
Web application attack PresentationKhoa Nguyen
 

Recommandé

Simplify user application authentication using Microsoft Identity Platform
Simplify user application authentication using Microsoft Identity PlatformSimplify user application authentication using Microsoft Identity Platform
Simplify user application authentication using Microsoft Identity PlatformManoj Mittal
 
Secure Code Warrior - Cookies and sessions
Secure Code Warrior - Cookies and sessionsSecure Code Warrior - Cookies and sessions
Secure Code Warrior - Cookies and sessionsSecure Code Warrior
 
Secure Code Warrior - Local storage
Secure Code Warrior - Local storageSecure Code Warrior - Local storage
Secure Code Warrior - Local storageSecure Code Warrior
 
Secure Code Warrior - Authentication
Secure Code Warrior - AuthenticationSecure Code Warrior - Authentication
Secure Code Warrior - AuthenticationSecure Code Warrior
 
OAuth 2.0 Misconceptions
OAuth 2.0 MisconceptionsOAuth 2.0 Misconceptions
OAuth 2.0 MisconceptionsCory Forsyth
 
Securing Single Page Applications with Token Based Authentication
Securing Single Page Applications with Token Based AuthenticationSecuring Single Page Applications with Token Based Authentication
Securing Single Page Applications with Token Based AuthenticationStefan Achtsnit
 
Secure Code Warrior - Cross site scripting
Secure Code Warrior - Cross site scriptingSecure Code Warrior - Cross site scripting
Secure Code Warrior - Cross site scriptingSecure Code Warrior
 
Web application attack Presentation
Web application attack PresentationWeb application attack Presentation
Web application attack PresentationKhoa Nguyen
 
Shoot Me a Token: OpenAM as an OAuth2 Provider
Shoot Me a Token: OpenAM as an OAuth2 ProviderShoot Me a Token: OpenAM as an OAuth2 Provider
Shoot Me a Token: OpenAM as an OAuth2 ProviderForgeRock
 
Common Web Application Attacks
Common Web Application Attacks Common Web Application Attacks
Common Web Application Attacks Ahmed Sherif
 
Session management
Session management Session management
Session management Dhruv Aggarwal
 
Authorization and Authentication using IdentityServer4
Authorization and Authentication using IdentityServer4Authorization and Authentication using IdentityServer4
Authorization and Authentication using IdentityServer4Aaron Ralls
 
SSO (Single Sign On/Off)
SSO (Single Sign On/Off)SSO (Single Sign On/Off)
SSO (Single Sign On/Off)Russel Mahmud
 
Openid & Oauth: An Introduction
Openid & Oauth: An IntroductionOpenid & Oauth: An Introduction
Openid & Oauth: An IntroductionSteve Ivy
 
How to authenticate users in your apps using FI-WARE Account - Introduction
How to authenticate users in your apps using FI-WARE Account - IntroductionHow to authenticate users in your apps using FI-WARE Account - Introduction
How to authenticate users in your apps using FI-WARE Account - IntroductionJavier Cerviño
 
Dat403 Massie
Dat403 MassieDat403 Massie
Dat403 MassieStatisticsIO
 
Com Ed 8 Finals
Com Ed 8 FinalsCom Ed 8 Finals
Com Ed 8 Finalsbluejayjunior
 
Web application attacks
Web application attacksWeb application attacks
Web application attackshruth
 
Phishing
PhishingPhishing
PhishingHK Khemnani
 
2019 - Tech Talk DC - Token-based security for web applications using OAuth2 ...
2019 - Tech Talk DC - Token-based security for web applications using OAuth2 ...2019 - Tech Talk DC - Token-based security for web applications using OAuth2 ...
2019 - Tech Talk DC - Token-based security for web applications using OAuth2 ...Vladimir Bychkov
 
Json web token api authorization
Json web token api authorizationJson web token api authorization
Json web token api authorizationGiulio De Donato
 
Session 4 : securing web application - Giáo trình Bách Khoa Aptech
Session 4 : securing web application - Giáo trình Bách Khoa AptechSession 4 : securing web application - Giáo trình Bách Khoa Aptech
Session 4 : securing web application - Giáo trình Bách Khoa AptechMasterCode.vn
 
Preventing XSRF in ASP.NET CORE apps
Preventing XSRF in ASP.NET CORE appsPreventing XSRF in ASP.NET CORE apps
Preventing XSRF in ASP.NET CORE appsFiyaz Hasan
 
FI-WARE Account and OAuth solution
FI-WARE Account and OAuth solutionFI-WARE Account and OAuth solution
FI-WARE Account and OAuth solutionJavier Cerviño
 
Web Security Attacks
Web Security AttacksWeb Security Attacks
Web Security AttacksSajid Hasan
 
STORED XSS IN DVWA
STORED XSS IN DVWASTORED XSS IN DVWA
STORED XSS IN DVWARutvik patel
 
AJAX: How to Divert Threats
AJAX: How to Divert ThreatsAJAX: How to Divert Threats
AJAX: How to Divert ThreatsCenzic
 
AJAX Security - LAC2016
AJAX Security - LAC2016AJAX Security - LAC2016
AJAX Security - LAC2016Julia Logan a.k.a. IrishWonder
 
ASP.NET 13 - Security
ASP.NET 13 - SecurityASP.NET 13 - Security
ASP.NET 13 - SecurityRandy Connolly
 
08 asp.net session11
08 asp.net session1108 asp.net session11
08 asp.net session11Vivek chan
 

Contenu connexe

Tendances

Shoot Me a Token: OpenAM as an OAuth2 Provider
Shoot Me a Token: OpenAM as an OAuth2 ProviderShoot Me a Token: OpenAM as an OAuth2 Provider
Shoot Me a Token: OpenAM as an OAuth2 ProviderForgeRock
 
Common Web Application Attacks
Common Web Application Attacks Common Web Application Attacks
Common Web Application Attacks Ahmed Sherif
 
Authorization and Authentication using IdentityServer4
Authorization and Authentication using IdentityServer4Authorization and Authentication using IdentityServer4
Authorization and Authentication using IdentityServer4Aaron Ralls
 
SSO (Single Sign On/Off)
SSO (Single Sign On/Off)SSO (Single Sign On/Off)
SSO (Single Sign On/Off)Russel Mahmud
 
Openid & Oauth: An Introduction
Openid & Oauth: An IntroductionOpenid & Oauth: An Introduction
Openid & Oauth: An IntroductionSteve Ivy
 
How to authenticate users in your apps using FI-WARE Account - Introduction
How to authenticate users in your apps using FI-WARE Account - IntroductionHow to authenticate users in your apps using FI-WARE Account - Introduction
How to authenticate users in your apps using FI-WARE Account - IntroductionJavier Cerviño
 
Web application attacks
Web application attacksWeb application attacks
Web application attackshruth
 
2019 - Tech Talk DC - Token-based security for web applications using OAuth2 ...
2019 - Tech Talk DC - Token-based security for web applications using OAuth2 ...2019 - Tech Talk DC - Token-based security for web applications using OAuth2 ...
2019 - Tech Talk DC - Token-based security for web applications using OAuth2 ...Vladimir Bychkov
 
Json web token api authorization
Json web token api authorizationJson web token api authorization
Json web token api authorizationGiulio De Donato
 
Session 4 : securing web application - Giáo trình Bách Khoa Aptech
Session 4 : securing web application - Giáo trình Bách Khoa AptechSession 4 : securing web application - Giáo trình Bách Khoa Aptech
Session 4 : securing web application - Giáo trình Bách Khoa AptechMasterCode.vn
 
Preventing XSRF in ASP.NET CORE apps
Preventing XSRF in ASP.NET CORE appsPreventing XSRF in ASP.NET CORE apps
Preventing XSRF in ASP.NET CORE appsFiyaz Hasan
 
FI-WARE Account and OAuth solution
FI-WARE Account and OAuth solutionFI-WARE Account and OAuth solution
FI-WARE Account and OAuth solutionJavier Cerviño
 
Web Security Attacks
Web Security AttacksWeb Security Attacks
Web Security AttacksSajid Hasan
 
STORED XSS IN DVWA
STORED XSS IN DVWASTORED XSS IN DVWA
STORED XSS IN DVWARutvik patel
 
AJAX: How to Divert Threats
AJAX: How to Divert ThreatsAJAX: How to Divert Threats
AJAX: How to Divert ThreatsCenzic
 

Tendances (20)

Shoot Me a Token: OpenAM as an OAuth2 Provider
Shoot Me a Token: OpenAM as an OAuth2 ProviderShoot Me a Token: OpenAM as an OAuth2 Provider
Shoot Me a Token: OpenAM as an OAuth2 Provider
 
Common Web Application Attacks
Common Web Application Attacks Common Web Application Attacks
Common Web Application Attacks
 
Session management
Session management Session management
Session management
 
Authorization and Authentication using IdentityServer4
Authorization and Authentication using IdentityServer4Authorization and Authentication using IdentityServer4
Authorization and Authentication using IdentityServer4
 
SSO (Single Sign On/Off)
SSO (Single Sign On/Off)SSO (Single Sign On/Off)
SSO (Single Sign On/Off)
 
Openid & Oauth: An Introduction
Openid & Oauth: An IntroductionOpenid & Oauth: An Introduction
Openid & Oauth: An Introduction
 
How to authenticate users in your apps using FI-WARE Account - Introduction
How to authenticate users in your apps using FI-WARE Account - IntroductionHow to authenticate users in your apps using FI-WARE Account - Introduction
How to authenticate users in your apps using FI-WARE Account - Introduction
 
Dat403 Massie
Dat403 MassieDat403 Massie
Dat403 Massie
 
Com Ed 8 Finals
Com Ed 8 FinalsCom Ed 8 Finals
Com Ed 8 Finals
 
Web application attacks
Web application attacksWeb application attacks
Web application attacks
 
Phishing
PhishingPhishing
Phishing
 
2019 - Tech Talk DC - Token-based security for web applications using OAuth2 ...
2019 - Tech Talk DC - Token-based security for web applications using OAuth2 ...2019 - Tech Talk DC - Token-based security for web applications using OAuth2 ...
2019 - Tech Talk DC - Token-based security for web applications using OAuth2 ...
 
Json web token api authorization
Json web token api authorizationJson web token api authorization
Json web token api authorization
 
Session 4 : securing web application - Giáo trình Bách Khoa Aptech
Session 4 : securing web application - Giáo trình Bách Khoa AptechSession 4 : securing web application - Giáo trình Bách Khoa Aptech
Session 4 : securing web application - Giáo trình Bách Khoa Aptech
 
Preventing XSRF in ASP.NET CORE apps
Preventing XSRF in ASP.NET CORE appsPreventing XSRF in ASP.NET CORE apps
Preventing XSRF in ASP.NET CORE apps
 
FI-WARE Account and OAuth solution
FI-WARE Account and OAuth solutionFI-WARE Account and OAuth solution
FI-WARE Account and OAuth solution
 
Web Security Attacks
Web Security AttacksWeb Security Attacks
Web Security Attacks
 
STORED XSS IN DVWA
STORED XSS IN DVWASTORED XSS IN DVWA
STORED XSS IN DVWA
 
AJAX: How to Divert Threats
AJAX: How to Divert ThreatsAJAX: How to Divert Threats
AJAX: How to Divert Threats
 
AJAX Security - LAC2016
AJAX Security - LAC2016AJAX Security - LAC2016
AJAX Security - LAC2016
 

Similaire à 2310 b 16

08 asp.net session11
08 asp.net session1108 asp.net session11
08 asp.net session11Vivek chan
 
SharePoint 2010, Claims-Based Identity, Facebook, and the Cloud
SharePoint 2010, Claims-Based Identity, Facebook, and the CloudSharePoint 2010, Claims-Based Identity, Facebook, and the Cloud
SharePoint 2010, Claims-Based Identity, Facebook, and the CloudDanny Jessee
 
SharePoint 2010 Extranets and Authentication: How will SharePoint 2010 connec...
SharePoint 2010 Extranets and Authentication: How will SharePoint 2010 connec...SharePoint 2010 Extranets and Authentication: How will SharePoint 2010 connec...
SharePoint 2010 Extranets and Authentication: How will SharePoint 2010 connec...Brian Culver
 
Luminis Iv To Exchange Labs
Luminis Iv To Exchange LabsLuminis Iv To Exchange Labs
Luminis Iv To Exchange LabsMelissa Miller
 
Developing custom claim providers to enable authorization in share point an...
Developing custom claim providers to enable authorization in share point an...Developing custom claim providers to enable authorization in share point an...
Developing custom claim providers to enable authorization in share point an...AntonioMaio2
 
Authentication Models
Authentication ModelsAuthentication Models
Authentication ModelsRaj Chanchal
 
Claims Based Identity In Share Point 2010
Claims Based Identity In Share Point 2010Claims Based Identity In Share Point 2010
Claims Based Identity In Share Point 2010Steve Sofian
 
Implementing application security using the .net framework
Implementing application security using the .net frameworkImplementing application security using the .net framework
Implementing application security using the .net frameworkLalit Kale
 
08 asp.net session11
08 asp.net session1108 asp.net session11
08 asp.net session11Mani Chaubey
 
SharePoint 2010, Claims-Based Identity, Facebook, and the Cloud
SharePoint 2010, Claims-Based Identity, Facebook, and the CloudSharePoint 2010, Claims-Based Identity, Facebook, and the Cloud
SharePoint 2010, Claims-Based Identity, Facebook, and the CloudDanny Jessee
 
Claims-Based Identity in SharePoint 2010
Claims-Based Identity in SharePoint 2010Claims-Based Identity in SharePoint 2010
Claims-Based Identity in SharePoint 2010Danny Jessee
 
SharePoint 2010, Claims-Based Identity, Facebook, and the Cloud
SharePoint 2010, Claims-Based Identity, Facebook, and the CloudSharePoint 2010, Claims-Based Identity, Facebook, and the Cloud
SharePoint 2010, Claims-Based Identity, Facebook, and the CloudDanny Jessee
 
MongoDB World 2019: Securing Application Data from Day One
MongoDB World 2019: Securing Application Data from Day OneMongoDB World 2019: Securing Application Data from Day One
MongoDB World 2019: Securing Application Data from Day OneMongoDB
 
Top Ten Tips For Tenacious Defense In Asp.Net
Top Ten Tips For Tenacious Defense In Asp.NetTop Ten Tips For Tenacious Defense In Asp.Net
Top Ten Tips For Tenacious Defense In Asp.Netalsmola
 
Security asp.net application
Security asp.net applicationSecurity asp.net application
Security asp.net applicationZAIYAUL HAQUE
 
Java Web Programming [9/9] : Web Application Security
Java Web Programming [9/9] : Web Application SecurityJava Web Programming [9/9] : Web Application Security
Java Web Programming [9/9] : Web Application SecurityIMC Institute
 

Similaire à 2310 b 16 (20)

ASP.NET 13 - Security
ASP.NET 13 - SecurityASP.NET 13 - Security
ASP.NET 13 - Security
 
08 asp.net session11
08 asp.net session1108 asp.net session11
08 asp.net session11
 
SharePoint 2010, Claims-Based Identity, Facebook, and the Cloud
SharePoint 2010, Claims-Based Identity, Facebook, and the CloudSharePoint 2010, Claims-Based Identity, Facebook, and the Cloud
SharePoint 2010, Claims-Based Identity, Facebook, and the Cloud
 
SharePoint 2010 Extranets and Authentication: How will SharePoint 2010 connec...
SharePoint 2010 Extranets and Authentication: How will SharePoint 2010 connec...SharePoint 2010 Extranets and Authentication: How will SharePoint 2010 connec...
SharePoint 2010 Extranets and Authentication: How will SharePoint 2010 connec...
 
Luminis Iv To Exchange Labs
Luminis Iv To Exchange LabsLuminis Iv To Exchange Labs
Luminis Iv To Exchange Labs
 
Developing custom claim providers to enable authorization in share point an...
Developing custom claim providers to enable authorization in share point an...Developing custom claim providers to enable authorization in share point an...
Developing custom claim providers to enable authorization in share point an...
 
Bh Win 03 Rileybollefer
Bh Win 03 RileybolleferBh Win 03 Rileybollefer
Bh Win 03 Rileybollefer
 
Authentication Models
Authentication ModelsAuthentication Models
Authentication Models
 
Claims Based Identity In Share Point 2010
Claims Based Identity In Share Point 2010Claims Based Identity In Share Point 2010
Claims Based Identity In Share Point 2010
 
Implementing application security using the .net framework
Implementing application security using the .net frameworkImplementing application security using the .net framework
Implementing application security using the .net framework
 
ASP.NET Lecture 5
ASP.NET Lecture 5ASP.NET Lecture 5
ASP.NET Lecture 5
 
08 asp.net session11
08 asp.net session1108 asp.net session11
08 asp.net session11
 
SharePoint 2010, Claims-Based Identity, Facebook, and the Cloud
SharePoint 2010, Claims-Based Identity, Facebook, and the CloudSharePoint 2010, Claims-Based Identity, Facebook, and the Cloud
SharePoint 2010, Claims-Based Identity, Facebook, and the Cloud
 
Claims-Based Identity in SharePoint 2010
Claims-Based Identity in SharePoint 2010Claims-Based Identity in SharePoint 2010
Claims-Based Identity in SharePoint 2010
 
SharePoint 2010, Claims-Based Identity, Facebook, and the Cloud
SharePoint 2010, Claims-Based Identity, Facebook, and the CloudSharePoint 2010, Claims-Based Identity, Facebook, and the Cloud
SharePoint 2010, Claims-Based Identity, Facebook, and the Cloud
 
MongoDB World 2019: Securing Application Data from Day One
MongoDB World 2019: Securing Application Data from Day OneMongoDB World 2019: Securing Application Data from Day One
MongoDB World 2019: Securing Application Data from Day One
 
Top Ten Tips For Tenacious Defense In Asp.Net
Top Ten Tips For Tenacious Defense In Asp.NetTop Ten Tips For Tenacious Defense In Asp.Net
Top Ten Tips For Tenacious Defense In Asp.Net
 
Security asp.net application
Security asp.net applicationSecurity asp.net application
Security asp.net application
 
Java Web Programming [9/9] : Web Application Security
Java Web Programming [9/9] : Web Application SecurityJava Web Programming [9/9] : Web Application Security
Java Web Programming [9/9] : Web Application Security
 
Tags
TagsTags
Tags
 

Plus de Krazy Koder

Plus de Krazy Koder (20)

2310 b xd
2310 b xd2310 b xd
2310 b xd
 
2310 b xd
2310 b xd2310 b xd
2310 b xd
 
2310 b xd
2310 b xd2310 b xd
2310 b xd
 
2310 b xc
2310 b xc2310 b xc
2310 b xc
 
2310 b xb
2310 b xb2310 b xb
2310 b xb
 
2310 b 17
2310 b 172310 b 17
2310 b 17
 
2310 b 16
2310 b 162310 b 16
2310 b 16
 
2310 b 15
2310 b 152310 b 15
2310 b 15
 
2310 b 15
2310 b 152310 b 15
2310 b 15
 
2310 b 14
2310 b 142310 b 14
2310 b 14
 
2310 b 13
2310 b 132310 b 13
2310 b 13
 
2310 b 12
2310 b 122310 b 12
2310 b 12
 
2310 b 11
2310 b 112310 b 11
2310 b 11
 
2310 b 10
2310 b 102310 b 10
2310 b 10
 
2310 b 09
2310 b 092310 b 09
2310 b 09
 
2310 b 08
2310 b 082310 b 08
2310 b 08
 
2310 b 08
2310 b 082310 b 08
2310 b 08
 
2310 b 08
2310 b 082310 b 08
2310 b 08
 
2310 b 07
2310 b 072310 b 07
2310 b 07
 
2310 b 06
2310 b 062310 b 06
2310 b 06
 

Dernier

From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfPrecisely
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DayH2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DaySri Ambati
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionDilum Bandara
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningLars Bell
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piececharlottematthew16
 

Dernier (20)

From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DayH2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine Tuning
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piece
 

2310 b 16

  • 1. Module 16: Securing a Microsoft ASP.NET Web Application
  • 2.
  • 3.
  • 4.
  • 5.
  • 7.
  • 8.
  • 9.
  • 10.
  • 11.
  • 12.
  • 13.
  • 14.
  • 15.
  • 16.
  • 17. Overview of Forms-Based Authentication Client requests page Authorized ASP.NET Forms Authentication Not Authenticated Authenticated Logon Page (Users enter their credentials) Authenticated Authentication Cookie Authorized Not Authenticated Access Denied Requested Secure Page IIS Username Password Someone *********** Submit 1 2 3 4 6 5 7  
  • 19.
  • 20.
  • 21.
  • 22.
  • 23. How Microsoft Passport Works Website.msft Client Passport.com The client requests a page from the host 1 2 3 4 5 The site redirects the client to Passport.com The client is redirected and logs on to Passport.com Passport returns a cookie with the ticket information 6 The client accesses the host, this time with ticket information The host returns a Web Form and possibly a new cookie that it can read and write
  • 24.
  • 25.
  • 26. Lab 16: Securing a Microsoft ASP.NET Web Application Medical Medical.aspx Benefits Home Page Default.aspx Life Insurance Life.aspx Retirement Retirement.aspx Dental Dental.aspx Dentists Doctors Doctors.aspx Doctors Logon Page Login.aspx Registration Register.aspx Coho Winery Prospectus Prospectus.aspx XML Web Service dentalService1.asmx Page Header Header.ascx ASPState tempdb Lab Web Application User Control namedate.ascx Menu Component Class1.vb or Class1.cs XML Files Web. config