计算机专业毕业外文翻译--aspnet中认证安全特征评述-jsp程序(编辑修改稿)

计算机专业毕业外文翻译--aspnet中认证安全特征评述-jsp程序(编辑修改稿)内容摘要：

turn make request to the other resources. Access to resources will be granted or denied based on the identity that is being impersonated. 2 Authentication in ASP. NET Authentication is one of the foremost features of web application’s security. In ASP. NET , authentication is done at two levels . [2]First , Inter Information Server (IIS) will perform the required authentication , then send out the request to ASP. NET , as described in Figure 1. For ASP. NET application , the underlying web server is IIS. Therefore , every ASP. NET application can continue to leverage the security options provided by IIS .When the user requests a specific resource on the system, that request will e to IIS. IIS authenticates the user requesting the resource and then hands off the request and the security token for the authenticating user to ASP. NET worker process. ASP. NET worker process will decide whether to impersonate the authenticated user supplied by IIS or not . If impersonation is enabled in the configuration setting in Web. config file , then ASP. NET worker process impersonates the authenticated user. Otherwise , the thread will run under the ASP. NET worker process identity. After all , checks whether the authenticated user is authorized to access these resources. If they are allowed to , ASP. NET serves the request。 otherwise it sends an“access denied”error message back to the user. Fig. 1 Security flow of IIS and ASP. NET ASP. NET provides builtin support for user authentication through several authentication providers. [1,4] These are Forms based authentication , which is the application that is secured by using a custom authentication model with cookie support , Passport authentication , an application that is secured by using Microsoft Passport authentication. Passport is a single sign on technology developed by Microsoft for use on the web and the Windows authentication which is an application secured by using integrated windows authentication where access to a web application is allowed only to those users who are able to verify their windows credentials. There are scenarios where some applications do not use the authentication at all or the developer may want to develop custom authentication code. In this case , ASP. NET can set the authentication mode to none. This article will briefly cover the Formsbased , passport and windows authentications. FormsBased Authentication Formsbased authentication is used to implement customized logic for authenticating users without having to worry about session management using a cookie. It gives a developer more access to specify which files on the site can be accessed and by whom , and allows identification of a login page . [3 ]This mechanism will automatically redirect the unauthenticated user to login page and ask them to provide proper credentials ( e. g. username/ password bination) . If login is successful , ASP. NET then issues the cookie to the user and redirect them to specific resources that they originally requested. This cookie allows the user to revisit particular protected resources without having to repeatedly login. The mechanism is shown as below : Fig. 2 Form authentication flow In figure above , the user requests the restricted resources first . This request will go to IIS first and the user is authenticated by IIS. If the anonymous access is enabled in IIS or the user is successfully authenticated , it will hand off the request to ASP. NET application. ASP. NET checks to see whether a valid authentication cookie is attached to the request . If it is , it means the user credentials has been previously authenticated. ASP. NET will then perform the authorization check. If the user is authorized to access those resources , the access will be granted. Otherwise , the“accessdenied”message is sent . If the request does not have any cookie attached , ASP. NET redirects the user to the login page and solicits the credentials then resubmits for authentication. The application code checks those credentials. If authenticated , ASP. NET will attach the authentication ticket in the form of cookie to the response. If failed , the user can be redirected back to the login page telling the user that the username/ password is invalid. Set Up FormsBased Authentication Generally, setting up the Formsbased authentication involves 4 steps [2]。