Analyze Of ASP.NET Web Application Security System And Application Research

With the widely use of network ,the importance of network security becomes bulge out .The ASP.NET application is confronted with various threaten and attack .It can establish safety and firm web applications when resist these attack effectively . Most domestic and military unit all use ASP.NET to carry on web site server,but most of them have not carful security scheme , only attach importance to security technology of the network layer such as hardware firewall , they are seldom consider the security design of the application. This article conclude the key problem and technology way of design security ASP.NET web application by analyze and research of the security system of ASP.NET. It mainly include four aspects:manage users,authentication and authorization , manage session and store the secret .This article is also be direct against the requirement of a students information manage system , give the security code example on its key link such as land ,authenticate , manage session . It provide reference for software researchers to analye and design security ASP.NET web application .First , this article research manage users problem on ASP.NET web application which include establish users certificate , manage password , install the password again etc.Manage users include three aspects : establish users certificate , manage the password , install the password again.Users'security character are first depend on the choice of user name and password .user certificate is constitue of the user name and the password. In web applications password which be easy to guess , be able to forecast or be tacit approval are all easy to receive password guess attack and brute force attack ,it also works to the user name which be easy to guess.password which be able to forcast or be tacit approve is possible to reflect security of amount account. Some researchers use tacit approval password so attackers can use search engine to orientate the cite which be easy to attack.Thi article conclude standard which should be observe when exploit"user name/password"application ,it include the limit of the lowest length of the password ;not limit the biggest length of the password ;.the password should include various alphabetic string,include upper and lower case ,number and punctuation ;. allow users use random keyboard characers include space;not allow dictionary word ; not allow to appear user name in the password;use random password only when necessary.This article mainlly discuss the effective way to store passwod in manage password . common three kind is 1.store password itself as common text .2. encryption password and store cipertext. 3. construct a one-way password hash ,and store this hash form in database .Second ,the article analyze the authentication and authorization system of ASP.NET web application .The constructing application type and the way of visiting resourses are all able to effect the authentication and authorization method .Usally there are two design mold one is be trusted constituent system the other is impersonation/entrust.Because ASP.NET have flexible security structure , therefore it can handle all different authentication condition .IIS6 and ASP.NET are two totally different technology ,the two thchnoloy have to be unit to deploy can it realize correct control. IIS7 compose deploy mold ,so it can realize the goal without adjust the installment.The pipe in ASP.NET have two events to provide hook use to handle authentication and authorization . The two are AuththenticateRequest and AuthorizeRequest . Besides , ASP.NET can add together security mode with which subscribe these events . it have suitable modular to handle authentication and authorization based on install of authentication element in web.config ..NET use two interfaces to carry abstract on authentication and authorization :IIdentity and IPrincipal .In tradition ,windows authentication pack identity and role to a not transparent widows brand .In .NET authenticate users and add authorization information part from two completely different procedure . This provide more flexible and feasible in part from two procedure.ASP.NET is perfect in the aspect of abstract authentication and authorization system . Combine it with the insert property of the HTTP pipe can realize security property .Apply IIs with ASP.NET can use to provide the mode of authentication server .Third ,this article analyze security manage session in ASP.NET application .To every visited page , browser ask for server according to the required element which be made in browser.After obtain these element ,the client close its'connection of the server .when obtain the next page ,the browser repeat this process ,but the server totally not know this request connect with the previous request . So the server need to issue some kind of peculiar token ,the browser lead into these token when it visit every time which use to know what sessiones are related . Token is the marked character string specially appointed every session . When use the session token the server can treat a serials of unlink request as a linked connection . The server can give two basic kinds of the token one is session token another is authentication token .This article discuss security strategy according to the token .1.try possible to take external measures to bind token to the user session .2.try best to use SSL totransmit the token.3.alwayse use big enough the keyspace in session token . 4.alwayse use strong random number maker in the session token .5.not receive the new token delivered by user .6.not include plain text use mark character which can be see in the token .The fourth,this article discuss store secret technology in ASP.NET web application .No matter when application handle sensitive data , researchers have to try to avoid users who have not been authorized look over or revise the data . What important is to ensure threat and protected data .we should use transfer security protocol to prevent been monitored . we have to consider about encryption when it necessarily to preserve sensitive data . Which way to choose is based on application design and data type . In the aspect of protect password , hashing is a simple effect way which avoid preserving cleartext . If application have to protect data by encryption , then it can encrypt . There is two different encryption type , they use for different key manage environment .When design system it is a best choose to preserve encryption key on application server . .NET use encryption method to provide high level application server .At last ,according to the demand of a student information manage system this article give the security code example in its'login,authentication ,session manage etc. key segment which provide reference for software researchers to analye and design security ASP.NET web application .