programming4us
           
 
 
Windows Server

Windows Server 2008 : Controlling Access to Web Services (part 3)

- Free product key for windows 10
- Free Product Key for Microsoft office 365
- Malwarebytes Premium 3.7.1 Serial Keys (LifeTime) 2019
12/13/2010 11:09:32 AM
Understanding ASP.NET Impersonation

Impersonation is a security method by which an IIS Web request is processed using the security information provided by a specific user account or the user who is accessing the site. When ASP.NET impersonation is disabled (the default setting), the security context for processing requests is based on the account used by the Web application. When you enable impersonation, you can specify a user account for determining the security context. (See Figure 3.) To provide the username and password information, click the Set button.

Figure 3. Configuring ASP.NET impersonation settings

Another option is to configure ASP.NET impersonation to the Authenticated User option. This setting specifies that the security permissions of a user who has been authenticated (using one of the other authentication options) will be used to provide access to content. This setting is useful when you want to use file system permissions that use specific users and groups to decide which content should be protected. When used in this way, it is most appropriate for environments that support relatively small numbers of users, such as department-level intranet Web servers.

Understanding Client Certificate Authentication

In addition to the other available types of authentication options, IIS provides support for using client certificates for validating the identity of a Web user. This method requires users to have security certificates installed on their computers. When a request is made for protected content, IIS automatically validates the identity of the client by querying the certificate information. There are three main modes by which client certificates can be used:

  • One-To-One mappings In this configuration, the Web server must contain a copy of the client certificate used by every computer that will access restricted content. The server compares its copy of the certificate with the one that is presented by the client to validate requests.

  • Many-To-One mappings It is often impractical to manage certificates for all possible Web users on the server. Although this method is slightly less secure, many-to-one mappings are based on the Web server performing authentication by using certain information found in the client certificate. A common example is validating the organization information in the certificate to ensure that the user is coming from a trusted company.

  • Active Directory mappings Active Directory Certificate Services can simplify the creation and management of client certificates. To enable this method, organizations must first set up their own certificate-based infrastructure.

Because of the certificate requirements for client certificate authentication, this method is most often used in environments in which systems administrators have control over end users’ computers. It is impractical to require certificates for publicly accessible Internet Web sites and applications.

Understanding Authentication Requirements

Handlers and modules manage IIS authentication. The specific authentication options available for a Web server are based on the Web Server (IIS) role services that are installed. The list of available role services includes:

  • Basic Authentication

  • Windows Authentication

  • Digest Authentication

  • Client Certificate Mapping Authentication

  • IIS Client Certificate Mapping Authentication

To add or remove a security-related role service, open Server Manager, expand the Roles section, right-click Web Server (IIS), and then select either Add Role Services or Remove Role Services. (See Figure 4) Because role services will affect the available authentication options for the entire Web server, determine the requirements of all the Web applications and Web content on your server.

Figure 4. Viewing installed authentication-related role services

In addition to role service settings, each of the authentication methods has specific module requirements, as shown in Table 1. For more information about managing modules, see the “Managing Request Handlers” section discussed earlier in this article.

Table 1. IIS Authentication Methods and Their Requirements
Authentication MethodsRequired Module(s)
AnonymousAnonymousAuthModule
ASP.NET ImpersonationManagedEngine
BasicBasicAuthModule
 TokenCacheModule
Client CertificatesiisClientCertificateMappingModule
Client Certificates (Active Directory Mapping)CertificateMappingAuthenticationModule
DigestDigestAuthModule
FormsFormsAuthenticationModule
WindowsWindowsAuthenticationModule
Other -----------------
- Windows Server 2008 : Configuring IIS Security (part 9)
- Windows Server 2008 : Configuring IIS Security (part 8) - Adding Handler Mappings
- Windows Server 2008 : Configuring IIS Security (part 7)
- Windows Server 2008 : Configuring IIS Security (part 6) - Understanding Handler Mappings
- Windows Server 2008 : Configuring IIS Security (part 5) - Connecting to a Remote Server Using IIS Manager
- Windows Server 2008 : Configuring IIS Security (part 4) - Configuring Feature Delegation
- Windows Server 2008 : Configuring IIS Security (part 3)
- Windows Server 2008 : Configuring IIS Security (part 2)
- Windows Server 2008 : Configuring IIS Security (part 1)
- Windows Server 2008 Server Core : Performing Server Updates
- Windows Server 2008 Server Core : Deciding How to Perform Maintenance
- Windows Server 2008 Server Core : Performing Application Installations
- Configuring Internet Information Services (part 7)
- Configuring Internet Information Services (part 6) - Migrating From IIS 6.0
- Configuring Internet Information Services (part 5) - Managing Web Server Configuration Files
- Configuring Internet Information Services (part 4)
- Configuring Internet Information Services (part 3) - Understanding Web Applications
- Configuring Internet Information Services (part 2) - Creating and Configuring Web Sites
- Configuring Internet Information Services (part 1) - Working with IIS Management Tools
- Windows Server 2008 : Installing the Web Server Role (part 9) - Using Windows System Resource Manager
 
 
 
Top 10
 
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Finding containers and lists in Visio (part 2) - Wireframes,Legends
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Finding containers and lists in Visio (part 1) - Swimlanes
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Formatting and sizing lists
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Adding shapes to lists
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Sizing containers
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 3) - The Other Properties of a Control
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 2) - The Data Properties of a Control
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 1) - The Format Properties of a Control
- Microsoft Access 2010 : Form Properties and Why Should You Use Them - Working with the Properties Window
- Microsoft Visio 2013 : Using the Organization Chart Wizard with new data
- First look: Apple Watch

- 3 Tips for Maintaining Your Cell Phone Battery (part 1)

- 3 Tips for Maintaining Your Cell Phone Battery (part 2)
programming4us programming4us