摘要
为了提高用户身份认证和授权管理的灵活性,从Web应用系统的安全性角度出发,讨论了一种在.NETFramework下保证应用程序安全性的身份验证和授权模型,并给出了模型的具体实现方法。该模型利用Forms身份验证方法对用户的身份进行鉴别。在授权处理上,模型结合统一资源定位(UniformResourceLocator,URL)授权模式和用户所具有的系统角色,分别从页面级和页面操作级对用户的访问进行控制。该模型在企业局域网环境内能够提供比较灵活的身份认证和基于角色的授权服务。实际应用表明,基于该模型的Web应用系统能够对用户的访问进行有效的控制,从而保证了系统的安全性。
In order to improve the flexibility of system, this paper discusses an authentication and authorization model in.NET Framework of web application from the view of web application security, and describes the implementation of this model. The model uses Forms Authentication to identify users. As for authorization, the model uses URL Authorization and system roles to manage user' saccess on the page level and page operation level, respectivdy. The model could provide authentication and authorization services expediently in an intranet. Practical application indicates that web application based on the model can control user' s access effectively, consequently it enhances the security of the system.
出处
《信息与电子工程》
2006年第3期206-211,共6页
information and electronic engineering