ArticlesReader.com Menu
Newest Articles
Most Viewed Articles
ArticlesReader.com RSS
Submit Article
Login
Signup
Search the articles

Articles Main Categories
Advice
Animals
Automobiles
Business
Career
Communications
Computer Programming
Computers
Entertainment
Environment
Family
Fashion
Finance
Food
Health & Medical
Home & Garden
Humor
Internet Business
Internet Marketing
Legal
Leisure & Recreation
Marketing
Other
Politics
Reference & Education
Religion
Self Improvement
Sports
Technology & Science
Travel
Writing
Subscribe
Receive alert message from us when new articles submitted to our site for free.

Enter your name

Enter your email

Syndicate

















Related Products
Home::Technology & Science

Access Control List in .NET Framework

Author : Balaji
Access Control List in .NET Framework

Once you complete developing a web application, you need to secure it. This is when the aspect of security comes into picture. There will be some portions of your application which need to be secured from users. Securing an application may need extra hardware to build complex multi-layer systems with firewalls, and also some highly secure features. Security enables you to provide access to a specified user after the user is authenticated and authorized to access the resources in your web application. The Access Control List is used in the authorization process.

The basic concepts of security are Authentication, Authorization, Impersonation and Data or functional security. Authentication is the process that enables to identify a user, so that only that user is provided access to the resources. Authorization is the process that enables to determine whether a particular user can be given access to the resources that the user requests. Impersonation is the process that provides access to resources requested by a user under a different identity. Data or functional security is the process of securing a system physically, updating the operating system and using robust software.

Some elements of an operating system, the Internet Information Server (IIS), and the .NET Framework work in coordination to provide the features required to execute the security concepts mentioned above. For example, Windows 2000 uses its own list of user accounts for identifying and authenticating users. IIS identifies the users based on the information provided by Windows, when the users access a web site. IIS after identification of the users, passes this information to ASP.NET. Then the user information is checked for authorization.

To restrict access to the users for certain resources of an application, a process of identifying the users becomes a necessity. Authentication enables to restrict a user to access the resources by certain ways. It could be a combination of a username and password, a digital certificate, a smart card or a fingerprint reader. The validity of the information provided by the user helps identify the user, so that the user is provided access to the requested resources. The process of successful identification of the user implies that the user is authenticated.

After identification of the user is over, the next step is to determine whether the authenticated user has access to the resources. The process of determining the access to the resources for a particular user is known as Authorization. In Windows based systems, resources have an Access Control List, which provides a list of users who have access to that resource. The list also specifies the kind of access such as read, write, modify, and delete the resource, for each user. For example, if a user requests an ASP page, the operating system checks whether the user has Read access to the page and if the user has read permission, then the operating system allows the IIS to fetch the page. The IIS has authorization settings which enable the IIS to control the access of resources by users. File Access Control Lists are set for a given file or directory using the Security tab in the Explorer property page.

To access online version of the above article, go to http://www.dotnet-guide.com/accesscontrol.html

About the Author

Visit http://www.dotnet-guide.com for a
complete introduction to .NET framework. Learn about ASP.NET, VB.NET, C# and other related technologies.

Spam emails More free articles

Related articles


  1. Lighter Than Air Tubular Flight
  2. Tunneling Concepts for Advanced Warfare
  3. Laser Attack, EA, Scalar Attack on Composite Manufactured Vehicles
  4. How to Build a Mechanical Bullet Which Turns
  5. Shamans and Their Documented Abilities
  6. Weather Control and Creation to Use as a Screen for Troop Advancement
  7. Building a Single Unit CO2 Laser Grid
  8. Military Convoy Artificial Tubes for Safe Travel
  9. Organic Decoy Devices for Warfare (ODDW)
  10. Down Scrolling Text to Find Patterns
  11. Human Motion, Walking, Running and Gait for Identification
  12. Aluminum Oxide to Disrupt Laser Weapons
  13. Preventing Death in a Bio Threat
  14. Re-Designing the ICBM With The Latest and Greatest Technology
  15. Bio-Rhythm Disruption Frequency Identifier for Human Intentions
  16. 747 Onboard Laser Might Cause Mistake and Identity
  17. Active Aerial Minefields
  18. Free Energy from Space
  19. Micro Blimps Cleaning the Air in Buildings to Eliminate Anthrax spores
  20. Surround Panoramic Night Vision is Possible
  21. Confusing MAV Optic Flow Sensors In flight Using Mobiles
  22. MAV Propulsion and Testing
  23. UAV - Terrain Following Technologies
  24. MAVs, UAVs, and Insect Flight Characteristics
  25. Para Trooper Gliders With Angle of Attack Motor or Crank
More related feeds
Nigel Ellis Discusses Role-Based Authorization Plans for SQL ...
So when you look at actually extending that, we think about adding those roles to containers, … for those of you that are familiar with the NT ACL model, an ACL is essentially an Access Control List, the Access Control List has a set of ...

How do I fill an MRU list?
I have dropped a DevEx MRUEdit control onto a form for the first time. Cool little control. I want to fill this thing with a distinct list of part descriptions. Here is my working code for your review: ...

ADO .NET Entity Framework Vote of No Confidence?
NET Entity Framework testers (partly from the NHibernate camp) signed an open letter some weeks ago describing their concerns on some design decisions and the current state of what is about to become version 1.0 of Entity Framework. ...

ADO.NET INTERVIEW QUESTIONS
This is because the server control tags were not converted into their respecting HTML element tags by ASP.Net. This happens when ASP.Net is not properly registered with IIS. .Net framework provides an Administration utility that manages ...

To GUI or not to GUI
2. it needs to be functionally segregated (role based access control) so that different users can access different functions depending on their expertise 3. it needs to be scalable - client/server, many as one changes even with the GUI ...

The Evolution of Visual Basic
Net Debuts April 2003 VB.Net 2003 Debuts they introduces their first .Net platform on the IDE. On November 2005, The Microsoft introduce VB.Net 2005 and fixed some bugs from vb.net 2003 and working on 2.0 .net framework. ...

DimeCasts.Net #19: Generating an RSS Feed with Argotic
In this episode we will walk you though how to create and implement an RSS feed using the Argotic RSS framework. We will walk through generating the document, creating the feed access point and finally creating the hooks so the world ...

Access Control List in .NET Framework
Security enables you to provide access to a specified user after the user is authenticated and authorized to access the resources in your web application. The Access Control List is used in the authorization process. ...

Microsoft Steers Developers to Ajax Roadmap
NET framework. For example, ASP.NET changes the ID of any server-manipulated page element. The DOM features alone in the proposed update to Microsoft’s Ajax tools will simplify client-side access. ...

ADO.Net Questions and answers
NET is an integral part of the .NET Compact Framework, providing access to relational data, XML documents, and application data. ADO.NET supports a variety of development needs. You can create database-client applications and ...

 

 

© 2007 articlesreader.com - All Rights Reserved