Desarrollo de aplicacion seguras

Building Secure ASP.NET Applications
Authentication, Authorization, and Secure Communication

Clients

Authentication, Authorization and Secure Communication

Web Server IIS

ASP.NET

IIS ASP.NET Web Services

Enterprise Services (COM+)

IIS ASP.NET .NET Remoting

SQL Server Database Server

Information in this document, including URL and other Internet Web site references, issubject to change without notice. Unless otherwise noted, the example companies, organizations, products, domain names, e-mail addresses, logos, people, places and events depicted herein are fictitious, and no association with any real company, organization, product, domain name, e-mail address, logo, person, place or event is intended or should be inferred. Complying with all applicablecopyright laws is the responsibility of the user. Without limiting the rights under copyright, no part of this document may be reproduced, stored in or introduced into a retrieval system, or transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise), or for any purpose, without the express written permission of Microsoft Corporation. Microsoft, MS-DOS, Windows,Active Directory, C#, Visual Basic, Visual Studio, and Win32 are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries. © 2002 Microsoft Corporation. All rights reserved. Version 1.0 The names of actual companies and products mentioned herein may be the trademarks of their respective owners.

Contents
About This Book xxi
Summary . . .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxi Applies To . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxi What This Guide is About . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxi Who Should Read This Guide? . . . . . . . .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxiii What You Must Know . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxiii Feedback and Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxiii The Team That Brought You This Guide . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . xxiii Contributors and Reviewers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxiv

At a Glance

xxvii

Chapter 1 – Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxvii Chapter 2 – Security Model for ASP .NET Applications . . . . . . . . . . . . . . . . . . . . . . . . xxvii Chapter 3 –Authentication and Authorization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxvii Chapter 4 – Secure Communication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxix Chapter 5 – Intranet Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxx Chapter 6 – Extranet Security . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . . . xxxii Chapter 7 – Internet Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxxiii Chapter 8 – ASP .NET Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxxiv Chapter 9 – Enterprise Services Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxxv Chapter 10 –Web Services Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxxvii Chapter 11 – .NET Remoting Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxxviii Chapter 12 – Data Access Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxxix Chapter 13 – Troubleshooting Security Issues . . . . . . . . . . . . . . . ....