Team LiB
Previous Section Next Section

List of Figures

Chapter 1: Introduction

Figure 1: .NET Web Application Security

Chapter 2: Security Model for ASP.NET Applications

Figure 2.1: The Web server as an application server
Figure 2.2: The introduction of a remote application tier
Figure 2.3: Security architecture
Figure 2.4: Filtering users with gatekeepers
Figure 2.5: IPrincipal and IIdentity implementation classes

Chapter 3: Authentication and Authorization Design

Figure 3.1: The Trusted Subsystem model
Figure 3.2: Using multiple identities to access a database to support more fine-grained authorization
Figure 3.3: The impersonation/delegation model
Figure 3.4: Choosing an authentication mechanism for Internet applications
Figure 3.5: Choosing an authentication mechanism for intranet and extranet applications

Chapter 4: Secure Communication

Figure 4.1: A typical Web deployment model
Figure 4.2: A typical Web deployment model, with secure communications

Chapter 5: Intranet Security

Figure 5.1: ASP.NET to SQL Server
Figure 5.2: The recommended security configuration for the ASP.NET to SQL Server intranet scenario
Figure 5.3: ASP.NET calls a component within Enterprise Services which calls the database
Figure 5.4: The recommended security configuration for the ASP.NET to local Enterprise Services to SQL Server intranet scenario
Figure 5.5: ASP.NET to remote Web Service to SQL Server
Figure 5.6: The recommended security configuration for the ASP.NET to Web Service to SQL Server intranet scenario
Figure 5.7: ASP.NET to remoting using .NET Remoting to SQL Server
Figure 5.8: The recommended security configuration for the ASP.NET to remote Web Service to SQL Server intranet scenario
Figure 5.9: ASP.NET calls a component within Enterprise Services which calls the database
Figure 5.10: ASP.NET calls a component within Enterprise Services which calls the database. The original caller’s security context flows to the database.

Chapter 6: Extranet Security

Figure 6.1: Extranet Web service business to business partner exchange
Figure 6.2: The recommended security configuration for the Web service business to business partner exchange scenario
Figure 6.3: Partner portal scenario
Figure 6.4: The recommended security configuration for the partner portal scenario

Chapter 7: Internet Security

Figure 7.1: An ASP.NET Web application to SQL Server Internet scenario
Figure 7.2: The recommended security configuration for the ASP.NET to SQL Server Internet scenario
Figure 7.3: An ASP.NET to remote Enterprise Services to SQL Server Internet scenario
Figure 7.4: The recommended security configuration for the ASP.NET to remote Enterprise Services to SQL Server Internet scenario

Chapter 8: ASP.NET Security

Figure 8.1: ASP.NET security services
Figure 8.2: IIS and ASP.NET gatekeepers working together
Figure 8.3: Configuring ASP.NET application security
Figure 8.4: ASP.NET Windows authentication uses IIS to authenticate callers
Figure 8.5: Forms authentication sequence of events
Figure 8.6: Using an out of process serviced component to provide a fixed identity for network resource access
Figure 8.7: Impersonating separate anonymous Internet user accounts per application (v-dir)

Chapter 9: Enterprise Services Security

Figure 9.1: Enterprise Services role-based security architecture
Figure 9.2: Gatekeepers within an Enterprise Services application
Figure 9.3: Configuring Enterprise Services security
Figure 9.4: Authentication level negotiation

Chapter 10: Web Services Security

Figure 10.1: Platform/transport level security
Figure 10.2: Message level security
Figure 10.3: Web services security architecture
Figure 10.4: Configuring ASP.NET Web service security
Figure 10.5: Flowing the original caller’s security context
Figure 10.6: The trusted subsystem model
Figure 10.7: Web service client certificate authentication
Figure 10.8: The Web service authenticates the trusted Web application
Figure 10.9: Client certificate authentication with Web services

Chapter 11: .NET Remoting Security

Figure 11.1: The .NET remoting architecture
Figure 11.2: Server-side processing
Figure 11.3: Remote objects called by an ASP.NET Web application
Figure 11.4: Flowing the original caller’s security context
Figure 11.5: The trusted subsystem model

Chapter 12: Data Access Security

Figure 12.1: Key data access security issues
Figure 12.2: SQL Server gatekeepers
Figure 12.3: The trusted sub-system and impersonation/delegation models for database access
Figure 12.4: Connecting to SQL Server using multiple SQL user database roles
Figure 12.5: The ASP.NET Web application uses a COM+ server application to interact with DPAPI
Figure 12.6: SQL Server Properties dialog with Audit level settings

Chapter 13: Troubleshooting Security Issues

Figure 13.1: IIS extended logging properties

How To—Use Forms Authentication with SQL Server 2000

Figure 1: Logon page Web form

How To—Use DPAPI (Machine Store) from ASP.NET

Figure 1: DPAPIClientWeb Web Form

How To—Use DPAPI (User Store) from ASP.NET with Enterprise Services

Figure 1: ASP.NET Web application uses a serviced component in an Enterprise Services server application to interact with DPAPI
Figure 2: DPAPIWeb Web Form

How To—Store an Encrypted Connection String in the Registry

Figure 1: Encryption Test Harness dialog box

How To—Call a Web Service Using Client Certificates from ASP.NET

Figure 1: ASP.NET calls a serviced component to invoke the Web service
Figure 2: Security Alert dialog box
Figure 3: Web Form control arrangement

How To—Call a Web Service Using SSL

Figure 1: Security Alert dialog box
Figure 2: WebForm1.aspx form

How To—Use IPSec to Provide Secure Communication Between Two Servers

Figure 1: How To solution configuration

How Does It Work?

Figure 1: IIS and ASP.NET communication
Figure 2: ASP.NET pipeline processing

Cryptography and Certificates

Figure 1: Digital certification process
Figure 2: The symmetric crypto class inheritance hierarchy
Figure 3: The asymmetric crypto class inheritance hierarchy
Figure 4: The hash crypto class inheritance hierarchy

.NET Web Application Security

Figure 1: The .NET Web application security framework

Team LiB
Previous Section Next Section