???? ID: 306590 - ????? ???????: 04 ?????? 2010 - ??????: 2.0

?????: asp.NET ??????? ????? ???

???? ?????? ???????????? ?????? ???????? KB ?? ???????? ????? ?? ??? ???? ????? ????
?? ???????? ?? ?????? ??? ?? ?? ???? ???? ???? ??.
?????? ??????This article applies to a different operating system than the one you are using. Article content that may not be relevant to you is disabled.
?? ???? ?? ???????? ???? ?? ????? Microsoft .NET Framework ????? ????????? ????????:
  • System.Web.Security
  • System.Web.Principal

?? ????? ??

??? ?? ??????? ???? | ??? ?? ??????? ????

??????

?? ???? ?? ????? asp.NET ???? ?? ??? ?????? ????? ?? ????????

???????? asp.NET ???????, ?? ??? ????? Microsoft ???????? ???? ?????:
305140  (http://support.microsoft.com/kb/305140/EN-US/ ) ?????: asp.NET Roadmap
????? ?? ???? ????

???? ???????

ASP.NET ???? ?? ???? ????????? ?? ??? ??????? ?? ??????????? ???? ?? ??? ?? ???? ???????? ??? ASP.NET ??????? Microsoft ??????? ?????????? ???????? (IIS) ?? ??????? ?? ??? ?? ??? ??? ???? ?? ?? asp.NET ??????? ???? ?? ??????????? ???? ?? ??? ??????? ?? ??????? ?????? ????? ???? ??? ASP.NET ??? ?? ????? ???-?????? ??????? ?????? ?? Microsoft Windows ?? ???-Windows ?????????? ???? ?? ??? ??????????? ?? ???? ???

?? ???? ?? ????? ???????? ??? ??????? ??:
????? ?? ???? ????

??? ?????? ?? ??? ??????? ?? ??????

????? ????? ?? ????????? ??????? ?? ?????? ?? ?? ??????? ?? ?????? ???? ??:
  1. ??? ??????? ?? ?????? ?? ?? IIS ????? .aspx ????? ??????
  2. IIS ???? ?? ??? ??????? ??????????? ??? ??? ??? ????
  3. IIS ??????? authenticates ?? asp.NET ????? ????????? ???? ?? ??? ??????? ?? ?????? ?? ??? ???????? ???? ???????? ???? ???
  4. IIS ?? ??? ????????? ?? ??? ??????????? ???????? ?? ???????? ???? ?? ?????? asp.NET decides ?????? ?????? ?? ?? ????? ?? ??? ?????????? ?? ?????????? ???? ?? ??? ?? ????? Microsoft ?????? ????? ????? (ASP) ?? asp.NET ?? ??? distinct ????, ??? asp.NET ?? impersonates ?????? ?????????? ???????? ??? ??? ????????? ?? ????? ???? ?? ??? ?? ??? ???? ?????????????????? ?? ??? Web.config ????? ??? ????? ??? ?? ???????True.
??????? ?????? ?? ???? ??? ???? ??????? ?? ??? ?????? ????? ???? ??? .NET Framework ?????????? ????????? ??? (SDK) ?? ??? ????????:
ASP.NET ???? ????
(vs.71) http://MSDN.Microsoft.com/en-us/library/xa68twcb .aspx (http://msdn.microsoft.com/en-us/library/xa68twcb(vs.71).aspx)
ASP.NET ??? impersonating ?? ???? ??? ???????? ??????? ?? ??? Microsoft ???????? ??? ???? ????? ?? ??? ????? ???? ?????? ?? ????? ????:
306158  (http://support.microsoft.com/kb/306158/EN-US/ ) ??????? ?? ???: ??????????? ????????? asp.NET ?? ???? ?????????
????? ?? ???? ????

??????? ??????????? ????????

IIS ??? IIS ??? ???????-?????? ??????????? ???????? ???? ???? ?? ???????? ??? ????, ASP.NET ???? ??????? (?? ????) ??? ??????????? ??????? ???? (XML) ??????????? ??????? ??????????? ????????? ?????? ?? simplifies ????????: ???? ??????? standpoint ?? ???? ????????? ?? ????????? ??, ?? ???? ????????? adopts ??????? ???? necessitates ????? IIS ??????? ?? ??? ??????????? ?? ???? asp.NET ????????? ???? ???????????? ????? (Web.config) ?? ?????? ???

????? ??????????? ???????? asp.NET ??????? ?? ??????? ???:
????? ?? ???? ????

???????

??????? ?? ????? ?? ?????????? ??? ?? ??????? ???? ????? ??????????? ??????? ???? ?? ?? ??????????? ??? ?????????? ?? ????? ????????? ???

ASP.NET ??? ?????????? ????????? ?? ?????? ???? ??:

??????? ???????

??????? ??????? ?????? ??????? ?????? ??? ?????????????? ???????????? ??????? ???? (HTML) ??????? ?????? ???? ??????????? ???? ???????????? ?? ??? ?????? ?? ???????? ???? ??? ?????????? ??????????? ?????? ???? ?? ?? ?? ??????? submits, ?? ??? ????????? authenticates ?????? ????, ?? ?????? ?? ???? ???? ?? ??? ??? ???? ????????? ???? issues. ?? ???? ??? ????????????? ?? ????? ?? ??????? ???? ?? ??? ??? ????? ??? ??????? ?? ?????? ?????? ???????? ???? ????? ????

??????? ?????????? ?? ???? ??? ???? ??????? ?? ??? ?????? .NET Framework SDK ??? ????? ???? ?? ??? ????????:
??????? ??????? ???????
(vs.71) http://MSDN.Microsoft.com/en-us/library/907hb5w9 .aspx (http://msdn.microsoft.com/en-us/library/907hb5w9(vs.71).aspx)
??????? ??????? asp.NET ??? ???????? ???????, ?? ??? Microsoft ???????? ??? ???? ????? ?? ??? ????? ???? ?????? ?? ????? ????:
301240  (http://support.microsoft.com/kb/301240/EN-US/ ) ???????-?????? TO HOW: ??????????? C# .NET ?? ????? ???? ???? asp.NET ????????? ??? ??????????

Windows ??????????

Windows ??????????, IIS ?????????? ????????? ???? ??, ?? ???????? ???? asp.NET ????? ????????? ???? ?? ??? ???????? ????? ??????? ?? ?? ?? ??????? ?????? Windows ?? ????? ???? ?? ??? ?????? ??? ?? Windows ?? ????? ???? ????? ?? ???? ?? ?? ??? asp.NET ???? ?? ??? ?????? ??? ???? ?? ???? IIS authenticates Windows ?????????? ???? ?? ?????????? ???? ?? ??? ????????

Windows ?????????? ?? ???? ??? ???? ??????? ?? ??? .NET Framework SDK ???????? ??? ????? ???? ?????:
WindowsAuthenticationModule ???????
(vs.71) http://MSDN.Microsoft.com/en-us/library/907hb5w9 .aspx (http://msdn.microsoft.com/en-us/library/907hb5w9(vs.71).aspx)

???????? ???????

???????? ??????? ?? ?? centralized ??????? ????, ?? Microsoft ?????? ????? ??, ?? ???? ??? ??? ?? ?? ????? ?????? ?? ??? ???? ????????? ??? ??? ???????? ??? ??????????, ???????? ??????? ????? ??? ?? ?? ?? ?? ???? ????? ?? ??? ?????? ?? ??? ??? ?????

???????? ?????????? ?? ???? ??? ???? ??????? ?? ??? .NET Framework SDK ???????? ??? ????? ???? ?????:
???????? ??????? ???????
(vs.71) http://MSDN.Microsoft.com/en-us/library/f8e50t0f .aspx (http://msdn.microsoft.com/en-us/library/f8e50t0f(vs.71).aspx)

??????? ???????

?? ?? ???? ???? ??? ????????? ?? ??? ??????? ???? ????? ??????? ??????? ?? ????? ???? ???? ??, ???? ????? ?? ??????? ??????? ?? ??? ?????? ??? Among all authentication providers, Default authentication provides maximum performance for your application. This authentication provider is also used when you use your own custom security module.

????? ?? ???? ????

Authorization

Authorization is the process that verifies if the authenticated user has access to the requested resources.

ASP.NET offers the following authorization providers:

FileAuthorization

TheFileAuthorizationModuleclass performs file authorization and is active when you use Windows authentication.FileAuthorizationModuleis responsible for performing checks on Windows Access Control Lists (ACLs) to determine whether a user should have access.

UrlAuthorization

TheUrlAuthorizationModuleclass performs Uniform Resource Locator (URL) authorization, which controls authorization based on the URI namespace. URI ???????? ??? ??? ????? ??????? ?? ????? ?? NTFS ????????? ?? ????? ???? ???? ?? ????? ?? ???? ???

UrlAuthorizationModule???? ???? ??; ???? ??????? ?? ??????? ????????? assertions ??????, ?? ??? ?? ??? ?? ????????????, (???? ???????, testers ?? ??????????) ????? ?? (???? GET ?? POST) ???????? ???? ?? ??? URI ???????? ?? arbitrary ??? ?? ??? ????? ?? ???????? ???? ?? ??? ??????? ?? ????? ?? ???? ????

ASP.NET ??? ????????? ?? ???? ??? ???? ??????? ?? ??? .NET Framework SDK ???????? ??? ????? ???? ?????:
ASP.NET ???????
(vs.71) http://MSDN.Microsoft.com/en-us/library/wce3kxhd .aspx (http://msdn.microsoft.com/en-us/library/wce3kxhd(vs.71).aspx)
????? ?? ???? ????

???-?????? ???????

?????? ?????????? ???? ??? asp.NET ??? ???-?????? ??????? ???-?????? ??????? Microsoft COM + ?? Microsoft ????????? ????? (MTS) ?? ????? ???? ?? ?? ???? ??? ASP.NET ??? ???-?????? ??????? Windows ???? ?? ?????? ?? ????? ???? ??? ?????? ?? ???, ??? Windows ?????????? ?? ????????? ????? ??, ?? ?????????? ?? ????? ?? ?? Windows ????? (User.Identity.Name "Domain\username" =)? ?? ??? ??????? ????? ??????? ?? ??? ????? ?? ???? ???? ?? ??????? ????? ?? ????? ?? ???? ???? ?????? ?? ???::

Visual Basic .NET ???
If User.IsInRole("BUILTIN\Administrators") Then
   Response.Write("You are an Admin")
Else If User.IsInRole("BUILTIN\Users") then
   Response.Write("You are a User")
Else
   Response.Write("Invalid user")
End if
????? C# .NET ???
if ( User.IsInRole("BUILTIN\\Administrators"))
   Response.Write("You are an Admin");
else if (User.IsInRole("BUILTIN\\Users"))
   Response.Write("You are a User");
else
   Response.Write("Invalid user");
??? ?? ??????? ??????? ?? ????? ?? ??? ???, ????? ??? ???? ????? ???? ?? ??? ?????? ??????????; ???? ????????? ?? ???? ?????? ??? ?????? ?????????? ????? ????? ????, ?? ?????OnAuthenticate??????? ??????? ?? ???? (??? ?? ?? ?? ?????? ??? ??????? ???????) ?? ??? ????? ?? ???GenericPrincipal???????? ?? ????? ???? ?? ??? ?? ??????????????HttpContext ???? ????? ??? ?? illustrates ??:

Visual Basic .NET ???
Public Sub Application_AuthenticateRequest(s As Object, e As EventArgs)
   If (Not(HttpContext.Current.User Is Nothing)) Then
      If HttpContext.Current.User.Identity.AuthenticationType = "Forms" Then
         Dim id as System.Web.Security.FormsIdentity = HttpContext.Current.User.Identity
         Dim myRoles(3) As String
         myRoles(0)= "managers"
         myRoles(1)= "testers"
         myRoles(2)= "developers"
         HttpContext.Current.User = new System.Security.Principal.GenericPrincipal(id,myRoles) 
      End If
   End If
End Sub
????? C# .NET ???
public void Application_AuthenticateRequest(Object s, EventArgs e)      
{
   if (HttpContext.Current.User != null)
   {
      if (HttpContext.Current.User.Identity.AuthenticationType == "Forms" ) 
      {
         System.Web.Security.FormsIdentity id = HttpContext.Current.User.Identity;
         String[] myRoles = new String[3];
         myRoles[0]= "managers";
         myRoles[1]= "testers";
         myRoles[2]= "developers";
         HttpContext.Current.User = new System.Security.Principal.GenericPrincipal(id,myRoles);
      }
   }
}
?????? ?? ???? ?????????? ??? ?? ????? ?????? ?? ?? ??????? ????? ?? ????? ??, ????? ??? ?? ????? ???? (?? ????) ??? ???? .aspx ?????:

Visual Basic .NET ???
If User.IsInRole("managers") Then
   Response.Write("You are a Manager")
Else If  User.IsInRole("testers") Then
   Response.Write("You are a Tester")
Else If User.IsInRole("developers") Then
   Response.Write("You are a Developer")
End if
????? C# .NET ???
if (User.IsInRole("managers"))
   Response.Write("You are a Manager");
else if (User.IsInRole("testers"))
   Response.Write("You are a Tester");
else if (User.IsInRole("developers"))
   Response.Write("You are a Developer");
???????? ??????? ?? ???, ???? ?? ???? ?????? ?? ????? ?? ???? ?? Microsoft ???????? ??? ?????::
306238  (http://support.microsoft.com/kb/306238/EN-US/ ) ???-?????? TO HOW: ??????????? Visual Basic .NET ?? ????? ???? ???? asp.NET ????????? ??? ???????-?????? ?????????? ?? ??? ???????
???-?????? ??????? ?? ???? ??????? ?? ??? .NET Framework SDK ???????? ??? ????? ???? ?????:
???-?????? ???????
(vs.71) http://MSDN.Microsoft.com/en-us/library/52kd59t0 .aspx (http://msdn.microsoft.com/en-us/library/52kd59t0(vs.71).aspx)
????? ?? ???? ????

??????

ASP.NET ??????? ????????????? ?? ??????? ?? ??? ????? MSDN ????? ???? ?????:
ASP.NET ??? ???????: .NET ??????? ??????????
HTTP://MSDN.Microsoft.com/en-us/library/ms978378.aspx (http://msdn.microsoft.com/en-us/library/ms978378.aspx)
ASP.NET ?? ???? ??? ???? ??????? ??????? ?? ??? ????? MSDN ?????? ???? ?? ???????:
Microsoft.public.dotnet.Framework.aspnet (http://msdn.microsoft.com/newsgroups/default.aspx?query=microsoft.public.dotnet.framework.aspnet&dg=&cat=en-us-msdn&lang=en&cr=US&pt=&catlist=774F24A2-F71F-425F-AC2B-DC48AB0DA5C9&dglist=&ptlist=&exp=&sloc=en-us)
???????? ??????? ?? ??? ?????? ?? Microsoft ???????? ??? ????? ?? ??? ????? ???? ???????? ?? ????? ????:
311094  (http://support.microsoft.com/kb/311094/EN-US/ ) BUG: "ConfigurationException" ?????? ????? ?? Impersonated ???? ???? ?? ??? ???????????
306359  (http://support.microsoft.com/kb/306359/EN-US/ ) PRB: Request.ServerVariables("LOGON_USER") ???? ????? ???????? ??? asp.NET
313091  (http://support.microsoft.com/kb/313091/EN-US/ ) TO HOW: ??????? ?????????? ??? ????? ?? ??? Visual Basic .NET ?? ????? ???? ???????? ?????
313116  (http://support.microsoft.com/kb/313116/EN-US/ ) PRB: ??????? ??????? ?????? ???? ???? ????????? ???? ?? ??? loginUrl ?????
???? ??????? ?? ???, ????? ?????????? ?????:
Reilly, Douglas J.Designing Microsoft asp.NET ????????? (http://www.microsoft.com/mspress/books/toc/5136.aspx) . Microsoft ?????, 2001?

Esposito, Dino.ASP.NET ?? ADO.NET ??? ??? ?????? (http://www.microsoft.com/learning/en/us/Books/5727.aspx) . Microsoft ?????, 2001?
????? ?? ???? ????
???? ???? ???? ??:
  • Microsoft ASP.NET 1.0
  • Microsoft ASP.NET 1.1
????? ?? ???? ????
??????: 
kbproductlink kbarttyperoadmap kbconfig kbinfo kbsecurity kbweb kbmt KB306590 KbMthi
????? ?? ???? ????
???? ?????? ???????????? ?????? ????????
??????????: ?? ???? ?? ???? ??????? ?? ????? ?? Microsoft ????-?????? ?????????? ?????? ?????? ???? ??? ??. Microsoft ???? ??? ????-???????? ?? ????-???????? ????? ?????? ?? ???? ???????? ???? ?? ???? ????? ????? ??? ?? ??? ?????? ?? ???? ???? ???? ??? ????? ??. ???????, ????-???????? ???? ????? ???? ???? ???? ???. ?????, ????????, ?????-???? ?? ??????? ?? ???????? ?? ???? ???, ???? ?? ??? ?????? ???? ???? ??? ????? ??? ?? ???? ??. Microsoft ??????? ??? ???? ?? ?????? ?? ??????????, ????????? ?? ??? ?????? ?? ???? ????? ?? ???? ???????? ?? ??? ???? ????? ?? ??? ????????? ???? ??. Microsoft ????-?????? ?????????? ?? ????? ?????? ?? ?? ??? ??.
?????????? ?? ??????? ????????? ??????? ??:306590  (http://support.microsoft.com/kb/306590/en-us/ )
????? ?? ???? ????