Class Notes (837,550)
Canada (510,314)
COMP 1020 (6)
Lecture

review 7.docx

3 Pages
138 Views
Unlock Document

Department
Computer Science
Course
COMP 1020
Professor
Pourang Irani
Semester
Fall

Description
You have another way to set up your authentication and authorization rules. Rather than edit the web.config file by hand, you can use the WAT from inside Visual Studio. The WAT guides you through the process, although you’ll find it’s still important to understand what changes are actually being made to your web.config file. It’s also often quicker to enter a list of authorization rules by hand rather than use the WAT. To use the WAT for this type of configuration, select Website ➤ASP.NET Configuration from the menu. Next, click the Security tab. You’ll see the window shown in Figure 19-2, which gives you links to set the authentication type, define authorization rules (using the Access Rules section), and enable rolebased security. (Role-based security is an optional higher-level feature you can use with forms authentication. A simple login page can put these methods to work with little code. To try it, begin by enabling forms authentication and denying anonymous users in the web.config, as described earlier: ... Now, users will be redirected to a login page named Login.aspx that you need to create With Windows authentication, the web server takes care of the authentication process. ASP.NET simply makes this identity available to your code for your security checks. When you use Windows authentication, you force users to log into IIS before they’re allowed to access secure content in your website. The user login information can be transmitted in several ways (depending on the network environment, the requesting browser, and the way IIS is configured), but the end result is that the user is authenticated using a local Windows account. Typically, this makes Windows authentication best suited to intranet scenarios, in which a limited set of known users is already registered on a network server. To implement Windows-based security with known users, you need to follow three steps: 1. Set the authentication mode to Windows authentication in the web.config file. (If you prefer a graphical tool, you can use the WAT during development or IIS Manager after deployment.) 2. Disable anonymous access for a directory by using an authorization rule. 3. Configure the Windows user accounts on your web server (if they aren’t already present). The member
More Less

Related notes for COMP 1020

Log In


OR

Join OneClass

Access over 10 million pages of study
documents for 1.3 million courses.

Sign up

Join to view


OR

By registering, I agree to the Terms and Privacy Policies
Already have an account?
Just a few more details

So we can recommend you notes for your school.

Reset Password

Please enter below the email address you registered with and we will send you a link to reset your password.

Add your courses

Get notes from the top students in your class.


Submit