| Every public and private software system is endemic to malicious attacks for a variety of reasons. Naturally, this demands for security system interface, herein called Security Framework, that reasonably secures the content of the data, maintains privacy and allows for flexible user control. Design and selection of the appropriate Security Framework is a daunting task. This thesis begins with a brief overview of design and implementation of effective Web-Based Security Framework (WBSF) in .NET Environment. It describes in detail the system's the necessary and common components such as methods of authentication internal and external requests, Role-Based Access Control (RBAC), data storage and encryption, among other key building blocks of a successful WBSF. We also review various strategies in choosing the suitable security system, since protecting the online application involves a fundamentally different approach due to its public user interface. We conclude this project with design and implementation of a sample WBSF for California State University, Long Beach. |
