Authentication and Authorization

Properly securing your Web sites has always been challenging//复发化. ASP.NET 1.x made significant improvements//重大改进 upon earlier technologies by encapsulating the security model //嵌入安全机制into the Framework. Security services are provided in the form of identities and roles//身份和角色. You can programmatically //在方案上create identities //身份based on credentials //证明书that are verified against //核实,针对查证the user store //商店,仓库of your choice, and then persist //允许this identity //身份through the user's session. You can also implement roles-based //基于角色的security in a variety of ways. For example, you can map//映射 roles to a folder so that only authenticated //证明为真users with proper role membership//成员角色 can access//访问 the folder.

All of this, however, required custom user data storage//用户数据仓库, a lot of code to bind the security services //绑定安全服务to the user data, and custom administrative interfaces //管理接口to manage Web site security.

It's not an overstatement//过多描述 to say that security support in ASP.NET 2.0 and VWD is a quantum //数量leap//跳跃 over ASP.NET 1.x—the most comprehensive//广泛的 security model and suite //一组,套of features to date. The legacy limitations//遗留下来的局限性have been designed out. The new Provider API//<asp.net2.0提供的功能> provides user data storage services//用户数据存储服务 right out of the box//<不懂什么意思>. Additionally//另外, VWD provides a Web administration application for setting up and managing your security system. The Provider API is also extensible//可扩展的, fully supporting custom user data storage//传统的数据存储. What is more, a suite //一组of new security controls will make your life much easier when building such user interfaces //用户接口as new user registration, login and lost password.

The following diagram //示意图gives you an overview //概貌of the evolution //进化,进展of ASP.NET security support:



In this next series //一系列of lessons you will build a robust security mechanism //机制for your Web application using the new authentication //验证and authorization//授权 features of ASP.NET 2.0 and VWD.