In this tutorial i have explained how enhance security features in asp.net website and web services .You can provide security in setup and cache file also There are basically four elements which provide security in ASP.NET Application.
These two technique insure that whether data is modified or not in between sender and receiver.Now days all websites are using this technique.Google,Microsoft,yahoo etc also use hash and digital signature techniques.With the help of digital signature receiver can easily claim that this data can send by that particular user(ex. mohan,ram,etc.) only.It follow Non Repudiation property.- Authentication
- Authorization
- Confidentiality
- Integrity
1.) Authentication:- Authentication is a process in which user can verify your credentials such as Id and password.
Real life Examples
- When you want to open your gmail account then you have to id and password to verify the credentials.This process is known as authentication.
- Suppose you have a student of a college or school,your college or school provides a identity cards for each student to verify the credentials whether you are student of this college or not.When you go to college security guard check your identity card,this process is known as authentication.
There are mainly four types of authentication used in asp.net application.
- Windows Authentication
- Forms Authentication
- Passport Authentication
- Custom Authentication
I will discuss each authentication one by one in this tutorial or coming tutorials.
2. ) Authorization :- An Authorization is the process in which,Developers provides a specific roles to a specific user.Authorization process comes after the Authentication process. we specify Authorization in web.config file.
Real life Examples:-
Ex.
Sender -----Plain Text (It is a boy)---->Encrypted with key --->Cipher Text (@# @R e twq)-->Receiver
4. ) Integrity :-Integrity is the process in which user can easily know whether his data is modified (changed) or not.In Integrity we can not change the original data,if any body change the data then receiver can easily know with the help of hashing process whether data is changed or not. Because Sender send hash value with original text to the receiver.
we can secure internet data with the help of two technique which are given below:-
Real life Examples:-
- Suppose you have a gmail account ,open your gmail account after Authentication process,here gmail administrator provide few access to the users such as you can access some file and folder but not access all files ,this process is known as Authorization.
- When you(students) enter the college or school after authentication process (verify your identity card by security guard or system software).There are some restriction on students ,they can't go every places(room) in organization(school or college) such as students can't go Director room ,management member's room and other places directly.this process is known as Authorization process.
Ex.
Sender -----Plain Text (It is a boy)---->Encrypted with key --->Cipher Text (@# @R e twq)-->Receiver
4. ) Integrity :-Integrity is the process in which user can easily know whether his data is modified (changed) or not.In Integrity we can not change the original data,if any body change the data then receiver can easily know with the help of hashing process whether data is changed or not. Because Sender send hash value with original text to the receiver.
we can secure internet data with the help of two technique which are given below:-
- Digital Signature
- Hashing
How to implement window Authentication technique in asp.net Application
It is a default authentication ,which is specified in web.config file in ASP.NET .In this authentication, asp.net web page usages users and Groups to authenticate and authorize the resources.we mostly use 'Window Authentication' on intranet Network not internet.
Example:- In this kinds of authentication user is authenticate by the web server.If you login with operating system with tag Id and password then web server allowed to access the site by checking web.config file rules.If you can verify the id and password then you can't access the application.
There are some steps to implement the windows authentication in asp.net application which are given below:-
Step 1:- First open your visual studio --> File -->New -->Website-->Select Asp.net Empty Website -->OK --> Open solution Explorer --> Add a web Form (Home.aspx)-->Drag and Drop Link Button as shown below:-
Step 2:- Add another web form (Admin.aspx) as shown below:-
Step 3:- Add another web form (User.aspx) as shown below:-
Step 4:- Now write the c# codes in home.aspx.cs file as given below:-
using System;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Security.Principal;
public partial class Home : System.Web.UI.Page
{
protected void Page_Load(object sender, EventArgs e)
{
Label1.Text = "Administrator computer=" +User.Identity.Name;
WindowsIdentity identity = (WindowsIdentity)User.Identity;
}
protected void LinkButton2_Click(object sender, EventArgs e)
{
Response.Redirect("User.aspx");
}
protected void LinkButton1_Click(object sender, EventArgs e)
{
Response.Redirect("Admin.aspx");
}
}
Step 5:- Now open web.config file-->write some access rules ( authentication and authorization ) so that only administrator can access the application.
<?xml version="1.0"?>
<!--
For more information on how to configure your ASP.NET application, please visit
http://go.microsoft.com/fwlink/?LinkId=169433
-->
<configuration>
<system.web>
<authentication mode="Windows"/>
<authorization>
<deny users="?" />
</authorization>
</system.web>
<location path="Admin.aspx">
<system.web>
<authorization>
<allow roles="RAMASHANKER-PC\diamond"/>
<deny users="*"/>
</authorization>
</system.web>
</location>
</configuration>
<allow roles="RAMASHANKER-PC\diamond"/>
In step 4 i have written the c# codes on page load, to find the Administrator pc Name of any computer( for Windows only).
Step 6:- Now Right click on Computer (Desktop icon) -->Manage-->Local User and Groups-->Create New user account and Administrator account if you want as shown below:-
Step 7:- Now Run the application (press F5) as shown below:-
Step 8:- Now click first above link as shown below:-
Step 10:- Another user of this computer (Mohan and Ram which are created in step 6) can't access the Admin.aspx page.it will give following error as shown below:-
Note:- In our coming MVC Tutorials ,i will make an windows authentication application and host it on server (IIS).In this, I will put some access rules so that only some users of that group only,can access the application.
For More...
- Web Services in asp.net
- Caching concepts on asp.net application
- How to create generic handler in asp.net
- Views in Microsoft sql server
- Create captcha image without dll file
- Web Form controls in asp.net
- Stored procedure in sql server
- Create dll file and use it asp.net application
- How to print the gridview data in windows form application
- Overview of c#
Download Attached application
0 comments:
Post a Comment