All geek questions in one place

ASP.Net authentication and authorization options

I have the usual requirement to implement authentication and authorization. I used it with custom code in which I have users, roles, roles, user pages and user circles. Thus, we can provide certain user roles (this is a group with several pages) and / or directly determine access to certain pages. All this with the ability to specify fine-grained permissions, such as the ability to add / edit / delete entries on these pages.

My question is: how easy is it to implement using forms authentication and what advantage does this give for implementing a custom solution. I am also interested to know if there will be any advantage when it comes to securing the session and from spoofing, where an attacker can repeat requests and impersonate legitimate users. Does formal authentication have any advantage there, or is it just SSL that can protect against this (which makes both approaches equal in this regard).

+3
source share
2 answers

- , . , , ? , () cookie. , , cookie, , cookie , : ", X". , , , - .

URL, , Web.config. , ( ) (/ ). , URL, , , , .

, , , , , ..? , . . , .

, : , URL, . .

:

.

( URL, ) . , :

  • . , .
  • . , , . URL- ASP.NET( ) " " . 5-6 . , .
  • . , , , auth ., , .

, - , , . - , SSL, ( ).

auth (, ). ( ). , , , , . "". , - cookie auth - SSL.

, , , SSL, , . , . SSL, .

[, ..] ( )

URL /. , /​​.

, -. # VB 15 , -, . , , auth URL- .

URL : http://www.asp.net/security/tutorials

!

+2

, asp.net:

http://msdn.microsoft.com/en-us/library/yh26yfzy.aspx

0

Source: https://habr.com/ru/post/1763267/

More articles:


All Articles