This Article will describe a overview of Security model of ASP.Net and How does it interact with IIS . All Request From Clients directly comes to IIS (Internet Information Server), then the request passes to ASP.NET Application. See The General Block Diagram [Fig 1].
IIS Attempts to authenticate the user , IIS Accepts all request including Anonymous user and loges them in IUSR_[ServerName] account . If IIS Authenticate user successfully , it passes the user to ASP.NET with additional information of that user. ASP.NET then verify user with his own security model that are configured as predefined. After Asp.net verify user, user are allows to access information on sites based on there permission.
If users are allow to access some files or database from the application , Operating System Checks its own security permission.
Notes : ASP.NET Code doesn't run under the IUSR_[ServerName] accounts because IUSR_[ServerName] accounts doesn't have sufficient privilege to run asp.net code , even IIS allows anonymous user to access.
Check second Attachment for details information. Its showing you first client autheticate by IIS then its comes to IIS.
There are different types of security setting available in IIS like
Form Authentication
Anonymous Authetication
We can change the Sesstion by selection properties of Virtual Directories from IIS
 Attachments
|
No responses found. Be the first to respond and make money from revenue sharing program.
|