asp.net中的网页安全性 [英] web pages security in asp.net
问题描述
亲爱的朋友们;
我需要一些代码或方法来增强页面安全性
例如dll,asp.net和脚本中的安全性参考
以及如何利用他们的代码
谢谢
您可以使用ASP.Net的内置授权功能
http://msdn.microsoft.com/en-us/library/ff649100.aspx [ ^ ]
例如,通过将以下内容添加到web.config中,您将拒绝所有未从您的网站内容进行身份验证的用户
< 授权 > ; < 拒绝 =" ?" > < /authorization >
然后,您需要考虑用户将如何进行身份验证.您会使用表单身份验证 [Windows身份验证 [ ^ ](用于Intranet应用程序)?
您可以将其他web.config文件添加到应用程序目录结构内的特定文件夹.例如,假设我在网站的某个部分仅用于管理员",我将添加一个名为Admin(或其他名称)的文件夹,并将所有页面放在其中.
然后,使用以下命令将web.config添加到Admin文件夹中...
< 配置 > ; < system.web > < 授权 > < 允许 =" 管理员" / < 拒绝 =" *" / < /authorization > < /system.web > < /configuration >
现在,任何试图访问此文件夹的人都将具有其角色成员身份,并且仅允许Administrators角色成员查看内容.您可以使用重定向处理任何未授权"响应.
阅读安全基础 [ ^ ]
请阅读此链接,
安全措施:ASP.NET安全措施一目了然 [ ASP.NET 2.0安全最佳实践(和声明性PrincipalPermission属性) [ ^ ]
Hi dear friends;
I need some code or method for enhancements page security
for example dll ,security reference in asp.net and scripts
And what utilize their code
Thank you
You can use the built in authorisation functionality of ASP.Net
http://msdn.microsoft.com/en-us/library/ff649100.aspx[^]
For example, by adding the following to your web.config you would deny all users that are not authenticated from your site content
<authorization> <deny users="?"/> </authorization>
Then you would need to consider how the user is going to authenticate. Will you use Forms Authentication[^] or Windows Authentication[^] (for something like an Intranet application)?
You can add additional web.config files to particular folders within your application directory structure. For example, say I have a section of the site that is for ''Administrators'' only, I''d add a folder called Admin (or whatever) and put all my pages in there.
Then, I''d add a web.config to the Admin folder with the following...
<configuration> <system.web> <authorization> <allow roles="Administrator" /> <deny users="*" /> </authorization> </system.web> </configuration>
Now, anyone trying to access this folder will have their role membership interogated and only members of the Administrators role will be allowed to view the contents. You can handle any ''Not authorised'' response with a redirect.
Have a read up on Security Basics[^]
Please read this links,
Security Practices: ASP.NET Security Practices at a Glance[^]
and
ASP.NET 2.0 Security Best Practices (and the declarative PrincipalPermission attribute) [^]
这篇关于asp.net中的网页安全性的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
