Ezine

This article can also be found in the Premium Editorial Download "Information Security magazine: Identity crisis solved: Tips from a top identity management expert."

Download it now to read this article plus other related content.

Layered Defenses
Critical pieces of security in any application are making sure anyone requiring access is properly validated, giving them only the permissions they need and holding them accountable for their actions.

With most applications, control is applied when the user first authenticates via a username and password. They are usually not reauthenticated as they move deeper into authorized resources; so, if someone hijacks the session, they could have broad access to crack deeper into the enterprise.

In addition, even legitimate users tend to be given wider access than they need based on file permissions.

.NET addresses both problems by allowing programmers to build security into each level or tier of operation: Web server, programming language, operating system and database.

Typically, a user would first interact with the IIS Web server for basic authentication and limited access. .NET enables enterprises to build in security at each tier as the user works with additional resources, downloading mobile code to work with business and commercial apps and accessing data on the corporate back end.

Let's track this through the .NET environment. Users connect to a system via the Web server, where they can be validated with a certificate and basic password; they're granted authorization based on their subnet and given access to the application. The application can require a Passport account, perform URL validation and be assigned to certain

    Requires Free Membership to View

.NET roles. After the application performs its checks, the server can also authenticate. Finally, when the user tries to access the data, Windows authentication is performed, and users are only given access to information based on object roles built into SQL server.

These roles are a differentiating point for .NET, helping developers tighten security and make it easier to manage.

This was first published in May 2006

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: