다음을 통해 공유


Overview of ASP.NET Security

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1

Most Web sites need to selectively restrict access to some portions of the site. You can think of a Web site as somewhat analogous to an art gallery. The gallery is open for the public to come in and browse, but there are certain parts of the facility, such as the business offices, that are accessible only to people with certain credentials, such as employees. When a Web site stores its customers' credit card information in a database, for example, ASP.NET helps protect the database from public access. ASP.NET security addresses this and many other security issues.

ASP.NET, in conjunction with Internet Information Services (IIS), can authenticate user credentials such as names and passwords using any of the following authentication methods:

  • Windows: Basic, digest, or Integrated Windows Authentication (NTLM or Kerberos).

  • Microsoft Passport authentication

  • Forms authentication

  • Client Certificate authentication

ASP.NET helps control access to site information by comparing authenticated credentials, or representations of them, to NTFS file system permissions or to an XML file that lists authorized users, authorized roles (groups), or authorized HTTP verbs.

The topics in this section describe the specifics of ASP.NET security.

This section includes the following information: