Dale SmithCOSC 4010 Computer Security

Authentication & Security in the .NET

environment

Introduction

• With the growing concern in computer security today user authentication plays an important role in keeping a system safe from hackers and intruders that are attempting to breach security by means of breaching a point of authentication to gain access to a system and others.

Form-based authentication

• can allow a developer or administrator the ability to limit access for certain users in an application

• if there were a large number of users or if users have the ability to register themselves, the user’s registration information such as their name, username, password, and email can all be stored in a database structure on the same or another server

Passport Authentication

• centralized account management service that is used to allow multiple users access to multiple web applications using a single user account

• To use Passport Authentication you must purchase an account and pay for a Passport SDK from a service that is under the control of the Microsoft Passport Network

• https://accountservices.passport.net/ppnetworkhome.srf?vv=330&lc=1033

Encryption/Decryption

• using types of validation that involve encrypting and decrypting the values that are taken in from the web application interface in terms of usernames and passwords can be easily accomplished by incorporating encrypt and decrypt functions in the code with a combination of algorithms and storage variables.

Encrypt function

Decrypt function

Intranet .NET Application

• usually used to grant access to employee users of a system

• When using this type of configuration it is most appropriate to use the Windows authentication method where the users are mapped to a valid Windows account

Intranet .NET configuration

User Authenitcation in .NET

• There are many different options when it comes to using the .NET framework for user authentication

• Authentication is a very critical component in Web development

• Hackers today are constantly on the move in efforts to gain access to other remote systems on the Internet today with the purpose of vandalizing, gaining personally in satisfaction of knowing they can do it, and or personal gains referring to finance or software

Security today

• To help in keeping your system up to date there are security white paper sites out there that give information regarding threats on the market (such as the latest spammers), security and service updates, security support, and other information relating to system security

• As an example the Watchguard site provides these types of solutions and they can be found on the web at: http://www.watchguard.com/

Conclusion

• Poorly configured authentication in web applications can leave systems prone to these hackers’ attempts so it is always good to research the capabilities of the technology you are developing or administering in terms of what types of authentication are available on the market

Questions?