Abstract: This article mainly introduces the types of security models for the ASP.NET web application, comparing its advantages and disadvantages, puts forward the choice.
Keywords: security model, trusted sub-model analog / entrustment seed model ASP.NET web application
1. Preface ASP.NET web applications usually belong to multi-layer architecture, which generally be divided into representations, business logic layers, and data access layers from logical structures; clients should access application resources, their identity authentication and authorization must Cross multiple levels. This article mainly discusses resource access security models for sp.net applications.
2. Resource Access Identifies Typical resources to clients provided to clients from Web applications include:
Web server resources such as web page, web services, and static resources (HTML pages and images). Database resources, such as data for each user or application level data. Network resources, such as remote file system resources, etc. System resources, such as registry, event log, configuration file, etc. The client accesses these resources across the layer of the application, and there is an identification to flow through each layer. This identity for resource access includes:
The identifier of the original caller identifies the original caller is acquired and subsequently flowing through each layer of the system. Process identification Local resource access and downstream calls are performed using the current process identity. The feasibility of this approach depends on the boundary to span, because the process identification must be identified by the target system. This requires one of the following two ways:
Use the repeated username and password in the same Windows security domain - using trust and domain accounts, or without trust relationships. Service account uses a (fixed) service account. E.g
For database access, the service account may indicate a fixed SQL username and password by a component connected to the database. Enterprise Services server applications should be used when needed to be fixed. Custom ID When there is no Windows account available, you can use iPrincipal and IIDENTITY to implement your own identity, you can include the details related to the security context.
3. Resource Access Model
3.1 Trusted Subsystem Model As shown in Figure 1, in this model, the original caller's security context is not running through the operating system level, but in the intermediate service layer uses a fixed identifier to access the downstream service and Resource. The trusted subsystem model has been named in this fact: downstream service (probably a database) trust upstream service, allowing its caller to authorize. The example in Figure 1, the database trust the intermediate layer to authorize the caller and only allows the authorized caller to access the database using the trusted identifier.
3.1.1 Resource Access Mode In a trusted subsystem model, the resource access mode is as follows:
Verify the user to authorize the user's mapping to the role to authorize the role member relationship to use a fixed trust identification to access downstream resources
3.1.2 Fixing Identification For accessing a fixed identifier of the downstream system integration resource manager, you can use the process ID, or use a preset Windows account-service account to be provided. For SQL Server Explorer, this means that the Windows authentication of SQL Server.
Use the ASP.NET process identity (default ASPNET account) when using the process identity. When actual applications, you often need to change the ASPNET account to a more secure password and create a Windows account that matches the ASP.NET process account on the SQL Server computer. The specific method is as follows:
Edit the Machine.config file in% windr% / microsoft.net / framework / v1.1.4322 / config directory, reconfigure the password properties on the
3.2 Analog / Entrust Model As shown in Figure 2, when using an analog / entrustment model, a service or component (usually in a logical service layer) uses the operating system analog function to simulate the client ID before accessing the next downstream service. If the service is on the same computer, use the simulation is sufficient, and if the downstream service is located in the remote computer, it is necessary to use the delegate, and the security context of the downstream resource access is the context of the client.
3.3 Selecting a Resource Access Model Comparison of Two Resource Access Models As shown in Table.
A trusted subsystem model simulation / commission model review function backend trust upper service, if the intermediate layer is infringed, the backend resources are vulnerable. The backend service can verify, authorize, and safely on each caller. Scalability supports the connection pool and has good scalability. The connection pool is not supported, and the scalability is poor. The backend ACL management ACL is configured for a single entity and has less management. Each user must be granted a corresponding access level, and the management work is cumbersome when the number of backend resources and the number of users are increased. Technical issues are not entrustted. Need to be commissioned. Most secure service providers do not support commission.
The trusted subsystem model is used in most Internet applications and large intranet applications, mainly because this model can support scalability. The simulation / commission model tends to use for a small system. For these applications, scalable is not the main consideration, and the factors that are primarily considered are review.
3. Related Articles
ASP.NET application security scheme (1) - Authentication.
"ASP.NET application security scheme (2) - authorization.
"Security Scheme (2) - Security Communication for ASP.NET Application.
