NGWS SDK Documentation  

This is preliminary documentation and subject to change.
To comment on this topic, please send us email at ngwssdk@microsoft.com. Thanks!

ASP+ Web Application Security

Most Web sites need to selectively restrict access to some portions of the site. A Web site can be somewhat analogous to an art gallery. The gallery is open for the public to come in and browse, but there are certain parts of the facility, such as the business offices, where the public is not allowed. Another example of the need for security is where the Web site must record a purchaser's credit card information. The file or database where such information is collected must be secured from public access. ASP+ security features can solve these and many other security needs.

ASP+, working in conjunction with Internet Information Services (IIS) 5.0, can authenticate user credentials (such as names and passwords) using any of five different authentication methods: Basic, Digest, Windows, Passport, and Cookie authentication. Access to site information can be controlled in either of two ways: by comparing authenticated credentials (or representations of them) to NTFS file system (NTFS) permissions, or by comparing them to an XML file containing authorized users, authorized roles (groups), or authorized HTTP verbs.

The following sections describe these capabilities in more detail:

How ASP+ Security Works

ASP+ Architecture

ASP+ Data Flow

ASP+ Authentication

ASP+ Authorization

ASP+ Impersonation

Designing Secure ASP+ Applications