ASP.NET Contains its Own Portable Configuration and Security Model

Perhaps the biggest complication any web developer faces during a development cycle comes when the application has been completed and is ready for deployment to a production server environment. For secured applications especially, this process can become painstaking, as the application's user accounts and associated privileges must also be ported into production.

To accommodate web developers' needs for application configuration and security portability, Microsoft minimized the interdependence on Internet Information Server and Windows user accounts for securing web applications and adopted the use of XML as a configuration language to make the process a snap. In every ASP.NET or ASP.NET Web Services application, a file called web.config exists within the application's virtual root. This file contains numerous areas of configuration specifics.

Two of these sections – authentication and authorization – are illustrated in the following code fragment. Extracted from a complete web.config file, this XML code demonstrates how a web application can be configured to deny anonymous requests.

Using the ? wildcard (which represents anonymous requests to this application) as the attribute value of a single XML node, this application has been shielded against any unauthenticated clients.

When the application containing the web.config file that this code exists within is deployed to a production server, the security specifics it identifies will be deployed with it. What's better is that, should the security or configuration needs change, they can be implemented through a simple XML authoring process, which can be completed in any text editor.

In Chapter 7 of this book, we'll take a more in-depth look at the various methods at your disposal for authentication and authorization.

Part 1 : What is ASP.NET? Part 2 : Why a New Version? Part 3 : Seven Things You Need to Know about ASP.NET Part 4 : ASP.NET is Compiled, Not Interpreted Part 5 : ASP.NET is Multi-language Part 6 : ASP.NET is Multi-device and Multi-browser Part 7 : ASP.NET Languages are Truly Object-oriented Part 8 : Server-aware HTML Controls Part 9 : Portable Configuration and Security Model Part 10 : How Does ASP.NET Work? Part 11 : State Management Part 12 : The Role of XML in ASP.NET Part 13 : Summary Buy Fast Track ASP.NET here © Copyright 2002 Wrox Press These chapter is written by Brady Gaster, Marco Bellinaso & Kevin Hoffman and taken from "Fast Track ASP.NET" published by Wrox Press Limited in June 2002; ISBN 1861007191; copyright © Wrox Press Limited 2002; all rights reserved. No part of these chapters may be reproduced, stored in a retrieval system or transmitted in any form or by any means -- electronic, electrostatic, mechanical, photocopying, recording or otherwise -- without the prior written permission of the publisher, except in the case of brief quotations embodied in critical articles or reviews.