| Access control is one of the most important parts of security service architecture. It is thelimit to the resources and the service. It determines whether subjects are permitted to accessobjects. Role-based access control (RBAC) is only a model, therefore the key research of theRBAC now is how to use this kind of access control technology in the specific applicationSystem.Because it is inefficient to realize the RBAC plan flexibly, applicability and extendedlyon the Web, the paper has proposed one kind of W-RBAC solution and has constructed onekind of website access control model after doing research for the method of the RBACapplication system on the web particularly.W-RBAC scheme realizes the RBAC by dividing systematic function module,combining .NET encryption algorithm and verifier technology of server COOKIES, utilizingSQL SERVER2000 relation database to show users, roles, authorities, user/role assignment,role/authority assignment.Website access control model which is constructed according to W-RBAC schemerealizes that when users send out requests, they are checked legitimacy according to theevidence that they offered (user name, password) in the system. If the evidence of users iserrorless, the system takes out all corresponding roles of users, checks every rolecorresponding set of authority one by one. Finally, system offers users the correspondingcontents of websites according to user's authority.The EMC website of Da Lian University of Technology is a web application systembased on. Net. W-RBAC and website model are successfully integrated in the system.W-RBAC scheme based on RBAC and website model reduce complexity of authorizingmanagement, decrease management expenses and improve flexibility, applicability andextendibility of RBAC application on the web effectively. |
PDF Full Text Request