Security Scenario of asp.net from MSDN.com

 

1. Internet Security

 

Figure 7.1. An ASP.NET Web application to SQL Server Internet scenario

Figure 7.2. The recommended security configuration for the ASP.NET to SQL Server Internet scenario

Figure 7.3. An ASP.NET to remote Enterprise Services to SQL Server Internet scenario

Figure 7.4. The recommended security configuration for the ASP.NET to remote Enterprise Services to SQL Server Internet scenario

2. Intranet Security

Figure 5.1. ASP.NET to SQL Server

Figure 5.2. The recommended security configuration for the ASP.NET to SQL Server intranet scenario

Figure 5.3. ASP.NET calls a component within Enterprise Services, which calls the database.

Figure 5.4. The recommended security configuration for the ASP.NET to local Enterprise Services to SQL Server intranet scenario

Figure 5.5. ASP.NET to remote Web Service to SQL Server

Figure 5.6. The recommended security configuration for the ASP.NET to Web Service to SQL Server intranet scenario

Figure 5.7. ASP.NET to remoting using .NET Remoting to SQL Server

Figure 5.8. The recommended security configuration for the ASP.NET to remote Web Service to SQL Server intranet scenario

Figure 5.9. ASP.NET calls a component within Enterprise Services, which calls the database

Figure 5.10. ASP.NET calls a component within Enterprise Services, which calls the database. The original caller's security context flows to the database.

 

3. Extranet Security

Exposing a Web Service

 

Figure 6.1. Extranet Web service business-to-business partner exchange

Figure 6.2. The recommended security configuration for the Web service business-to-business partner exchange scenario

4. Exposing a Web Application

 

Figure 6.3. Partner portal scenario

Figure 6.4. The recommended security configuration for the partner portal scenario

 

Security Model for ASP.NET Applications

Figure 2.1. The Web server as an application server

Figure 2.2. The introduction of a remote application tier

Figure 2.3. Security architecture

Figure 2.4. Filtering users with gatekeepers

 

 

Authorization Strategy:

Role based

Resource based

 

Choose the Identities Used for Resource Access:

Original caller's identity

Process identity

Service account

Custom identity

 

Figure 3.1. The Trusted Subsystem model

Figure 3.2. Using multiple identities to access a database to support more fine-grained authorization

Figure 3.3. The impersonation/delegation model

Figure 3.4. Choosing an authentication mechanism for Internet applications

Figure 3.5. Choosing an authentication mechanism for intranet and extranet applications