asp.net - Bring the users identity from the presentation tier to the application tier -

-

For our n-level application, we are looking for a way to use the identity level from the presentation level to the application level Are there. Our application is a classic 3-level application with low levels:

  • UI - presentation level
  • Application / WCF category
  • Database level

    The app is not coming to the internet and can connect to the presentation-level local network. Our problem is that a user enters the presentation level and we want the presentation level to pass, although the identification level of user aspects is the level. How can this be done? Is it possible to do this with a claim based authentication? We are currently looking to implement IWSTrust13SyncContract in the STS service, but it seems that the user should be accessible to the application level for the browser. Can someone give me some suggestions about how to contact this

    You can represent the impersonation / delegation Or use reliable subsystem models - See

    Impersonation / Delegation works best with Windows authentication, but it may still be that your presentation is reliable for tier server delegation.

    • In this model, the application level authenticates and authorizes the end user.

      With a more general reliable subsystem model:

      • The presentation tier authenticates the end user
      • The application-level usually wants to authenticate the presentation tier Such as the use of Windows authentication and accept the request from the service account that only runs the presentation step, or some other authentication method, e.g.
      • Use the client certificate, only accept the request from a specific IP address, ...
      • Depends on the application-level presentation tier to authorize the end user

        Methods of handling the authorization:

        • The presentation class calls the application category through a mask. This mask is used by applicanton tier All the necessary authorities are.

        • The application-level application-level passes through the end-user's identity. It may be in-band (polluting your operation contracts with an additional parameter), or may be out-of-band, e.g. In a custom SOAP header, if you use a SOAP header, you can make your application code transparent with WCF using the virtual client-side to inject the headers, and take action on the header For server-side you can.

          Whether with the in-band or out-of-band, you are relying on the rendering tier, so that it can be identified that it passes through the application level. Therefore it is important to prove the level of presentation, and to protect against human-in-the-middle attacks, on the basis of your environment, e.g. Using HTTPS.

Comments

Post a Comment

Popular posts from this blog

php - PDO bindParam() fatal error -

-
I am trying to learn PDO, now I have written this small code, but it gives me a serious error: < P> Fatal error: Call a member function at a non-object dot () ... $ con = new mysqli ("127.0.0.1", "root", "", "csvdangercheck"); $ Query = $ con- & gt; ("Id,` var1`, `var2`) values ​​(" id,: var1,: var2) ";); $ query- & gt; bypass pattern (': id', $ id); $ query- & gt; BindParam (': var1', $ VAL1); $ Query- & gt; bindParam (': var2', $ val2); $ Query-> Executed (); I Trying to use print_r ($ con-> errorInfo ()) but Fatal error: Undefined method mysqli :: errorInfo ( ) ... can someone tell me what am I missing? Flaffeh said, you have PDO Missing Mysqy, try it: $ con = new PDO ('mysql: host = 127.0.0.1; dbname = csvdangercheck', 'root', '');
Read more

logging - How can I log both the Request.InputStream and Response.OutputStream traffic in my ASP.NET MVC3 Application for specific Actions? -

-
For a specific set of tasks, I need to log in to the incoming request inputstream as well as outgoing response. is. I am using an ActionFilterAttribute for this and overriding the OnActionExecuted and OnResultExecuted methods. So I'm starting with this idea ... Public category ActionLoggerAttribute: ActionFilterArrbit {Public Override Zero On-Offed Execution (ActionActioned Contact Filter Filter) {base.OnActionAxecuted (FilterContext); HttpRequestBase request = filterContext.HttpContext.Request; // TODO: Log the request. InputStream} Public Override Zero OnResultExecuted (ResultExecutedContext FilterContext) {base.OnResultExecuted (filterContext); HTTPRPSPointBase Response = FilterContacts Hpptex response; // TODO: Log on Response.OutputStream}} Ideally I'll hook it up with enterprise library logging because I'm already using it for error logging. Am I reaching the input and output stream at the right time? Can I easily use the Enterprise Library to log i
Read more

java - Why my included JSP file won't get processed correctly? -

-
I am trying to create Java web framework (and learning), and on the basis of 'Code Generator In the process of making the material view of the database in the process of development, I stumbled into a difficulty, which I do not know how to solve it. First of all, I want the following index.jsp : & lt; Body & gt; Use all pages to be created. & Lt;% @ include file = "header.jsp"% & gt; & Lt; Hours / & gt; & Lt;% @ included file = "body.jsp"%> & Lt; Hours / & gt; & Lt;% @ include file = "footer.jsp"% & gt; & Lt; / Body & gt; And, in body.jsp , I should have it like this: & lt; Jsp: include page = "$ {Application_modul}"%> Where application_modul is an attribute defined in its controller: request.setAttribute ("application_modul", "USER_ACCOUNT \\ ' View_user_account.jsp "); This file can be found properly, but the processed JSP does
Read more