1. Internet Security
Figure 7.1. An ASP.NET Web application to SQL Server Internet scenario
Figure 7.2. The recommended security configuration for the ASP.NET to SQL Server Internet scenario
Figure 7.3. An ASP.NET to remote
Figure 7.4. The recommended security configuration for the ASP.NET to remote
2. Intranet Security
Figure 5.1. ASP.NET to SQL Server
Figure 5.2. The recommended security configuration for the ASP.NET to SQL Server intranet scenario
Figure 5.3. ASP.NET calls a component within
Figure 5.4. The recommended security configuration for the ASP.NET to local
Figure 5.5. ASP.NET to remote Web Service to SQL Server
Figure 5.6. The recommended security configuration for the ASP.NET to Web Service to SQL Server intranet scenario
Figure 5.7. ASP.NET to remoting using .NET Remoting to SQL Server
Figure 5.8. The recommended security configuration for the ASP.NET to remote Web Service to SQL Server intranet scenario
Figure 5.9. ASP.NET calls a component within
Figure 5.10. ASP.NET calls a component within
3. Extranet Security
Exposing a Web Service
Figure 6.1. Extranet Web service business-to-business partner exchange
Figure 6.2. The recommended security configuration for the Web service business-to-business partner exchange scenario
4. Exposing a Web Application
Figure 6.3. Partner portal scenario
Figure 6.4. The recommended security configuration for the partner portal scenario
Security Model for ASP.NET Applications
Figure 2.1. The Web server as an application server
Figure 2.2. The introduction of a remote application tier
Figure 2.3. Security architecture
Figure 2.4. Filtering users with gatekeepers
Authorization Strategy:
Role based
Resource based
Choose the Identities Used for Resource Access:
Original caller's identity
Process identity
Service account
Custom identity
Figure 3.1. The Trusted Subsystem model
Figure 3.2. Using multiple identities to access a database to support more fine-grained authorization
Figure 3.3. The impersonation/delegation model
Figure 3.4. Choosing an authentication mechanism for Internet applications
Figure 3.5. Choosing an authentication mechanism for intranet and extranet applications