Authentication and Authorization
2007-04-12 14:11
253 查看
Properly securing your Web sites has always been challenging//复发化. ASP.NET 1.x made significant improvements//重大改进 upon earlier technologies by encapsulating the security model //嵌入安全机制into the Framework. Security services are provided in the form of identities and roles//身份和角色. You can programmatically //在方案上create identities //身份based on credentials //证明书that are verified against //核实,针对查证the user store //商店,仓库of your choice, and then persist //允许this identity //身份through the user's session. You can also implement roles-based //基于角色的security in a variety of ways. For example, you can map//映射 roles to a folder so that only authenticated //证明为真users with proper role membership//成员角色 can access//访问 the folder.
All of this, however, required custom user data storage//用户数据仓库, a lot of code to bind the security services //绑定安全服务to the user data, and custom administrative interfaces //管理接口to manage Web site security.
It's not an overstatement//过多描述 to say that security support in ASP.NET 2.0 and VWD is a quantum //数量leap//跳跃 over ASP.NET 1.x—the most comprehensive//广泛的 security model and suite //一组,套of features to date. The legacy limitations//遗留下来的局限性have been designed out. The new Provider API//<asp.net2.0提供的功能> provides user data storage services//用户数据存储服务 right out of the box//<不懂什么意思>. Additionally//另外, VWD provides a Web administration application for setting up and managing your security system. The Provider API is also extensible//可扩展的, fully supporting custom user data storage//传统的数据存储. What is more, a suite //一组of new security controls will make your life much easier when building such user interfaces //用户接口as new user registration, login and lost password.
The following diagram //示意图gives you an overview //概貌of the evolution //进化,进展of ASP.NET security support:
In this next series //一系列of lessons you will build a robust security mechanism //机制for your Web application using the new authentication //验证and authorization//授权 features of ASP.NET 2.0 and VWD.
All of this, however, required custom user data storage//用户数据仓库, a lot of code to bind the security services //绑定安全服务to the user data, and custom administrative interfaces //管理接口to manage Web site security.
It's not an overstatement//过多描述 to say that security support in ASP.NET 2.0 and VWD is a quantum //数量leap//跳跃 over ASP.NET 1.x—the most comprehensive//广泛的 security model and suite //一组,套of features to date. The legacy limitations//遗留下来的局限性have been designed out. The new Provider API//<asp.net2.0提供的功能> provides user data storage services//用户数据存储服务 right out of the box//<不懂什么意思>. Additionally//另外, VWD provides a Web administration application for setting up and managing your security system. The Provider API is also extensible//可扩展的, fully supporting custom user data storage//传统的数据存储. What is more, a suite //一组of new security controls will make your life much easier when building such user interfaces //用户接口as new user registration, login and lost password.
The following diagram //示意图gives you an overview //概貌of the evolution //进化,进展of ASP.NET security support:
In this next series //一系列of lessons you will build a robust security mechanism //机制for your Web application using the new authentication //验证and authorization//授权 features of ASP.NET 2.0 and VWD.
相关文章推荐
- Authentication and Authorization for ASP.Net Application
- How-to: Enable User Authentication and Authorization in Apache HBase
- Yii - 验证和授权(Authentication and Authorization)
- Claims-Based Authentication and Authorization
- IIS authentication and authorization
- Building Secure ASP.NET Applications: Authentication, Authorization, and Secure Communication
- Building Secure ASP.NET Applications: Authentication, Authorization, and Secure Communication
- How-to: Enable User Authentication and Authorization in Apache HBase
- 【主流身份管理技术辨析】Authentication and Authorization: OpenID vs OAuth2 vs SAML
- Authentication and Authorization in ASP.NET Web API
- Authentication and Authorization
- [Java EE][Security] - Understanding Security Realms - 2. DB authentication and authorization
- Riaservice 验证和授权(Authentication and Authorization)(转载)
- Akka(42): Http:身份验证 - authentication, authorization and use of raw headers
- Building Secure ASP.NET Applications: Authentication, Authorization, and Secure Communication
- (待翻译)Building Secure ASP.NET Applications: Authentication, Authorization, and Secure Communication
- Authentication and Authorization for ASP.Net Application
- JAAS最经典的文章:USER AUTHENTICATION AND AUTHORIZATION IN THE JAVA(TM) PLATFORM
- ASP.NET authentication and authorization
- Authentication and Authorization in the Google Data Protocol