外文翻译---一个为构建更安全aspnet和iis网站的入门指南-jsp程序(编辑修改稿)

外文翻译---一个为构建更安全aspnet和iis网站的入门指南-jsp程序(编辑修改稿)内容摘要：

t IIS has to offer to make deploying secure sites as easy as possible. This is the first in a twopart series on building secure Web sites with . In this installment, you39。 ll learn how integrates with IIS and Windows and how the three can be bined to protect resources using Windows authentication and access control list (ACL) file authorizations. Part two of this article will cover forms authentication—a cool new feature of that lets you secure sites using a bination of formbased logins and URL resource authorizations. Understanding Web Security At the application level, Web security is first and foremost about securing pages so that they can39。 t be retrieved by unauthorized users—for example, preventing nonmanagers from viewing pages containing salary data and performance evaluations on the pany intra or preventing other people from viewing your My eBay pages. At a slightly deeper level, you might want to know who requested the page so you can personalize it for that individual. Either form of protection requires two overt actions on the part of the application: identify the originator of each request and define rules that govern who can access which pages. A Web server identifies callers using a mechanism called authentication. Once a caller is identified, authorization determines which pages that particular caller is allowed to view. supports a variety of authentication and authorization models. Understanding the options that are available to you and how they interrelate is an important first step in designing a site that restricts access to some or all of its resources or that personalizes content for individual users. Authentication Authentication enables the recipient。