|
|
Extranet applications are those that share resources or applications across two different companies or divisions. The applications and resources are exposed over the Internet. One of the main challenges associated with extranet applications is developing an authentication approach that both parties agree to. Your choices may be limited in this respect because you may need to interoperate with existing authentication mechanisms.
Extranet applications generally share some common characteristics:
You have tighter control over user accounts, compared to Internet scenarios.
You may have a higher level of trust for the user accounts, compared to applications that have Internet users.
The scenarios presented in this chapter that are used to illustrate recommended authentication, authorization, and secure communication techniques include:
Exposing a Web Service
Exposing a Web Application
| Note |
The scenarios described in this chapter change the password of the default ASPNET account used to run ASP.NET applications to allow duplicated accounts to be created on remote computers for network authentication purposes. This requires an update to the <processModel> element of Machine.config. <processModel> credentials should not be stored in plain text in machine.config. Instead use the aspnet_setreg.exe utility to store encrypted credentials in the registry. For more information, see Chapter 8, “ASP.NET Security” and article Q329290, “HOWTO: Use the ASP.NET Utility to Encrypt Credentials and Session State Connection Strings” in the Microsoft Knowledge Base. |
|
|