| 一种基于双角色的代码授权Web安全组件的设计 |
| |
| 引用本文: | 杨君,雷电.一种基于双角色的代码授权Web安全组件的设计[J].微计算机应用,2004,25(6):660-664. |
| |
| 作者姓名: | 杨君 雷电 |
| |
| 作者单位: | 上海大学,机电工程与自动化学院,上海,200072 |
| |
| 基金项目: | 上海高等学校科学技术发展基金资助 (0 3AK11) |
| |
| 摘 要: | 安全性问题一直是计算机软件应用中的一个重大问题。本文介绍了一种适用于ASP.NET应用程序的基于双角色的代码授权安全技术,通过对代码进行静态的或动态的授权配置,在受安全保护的代码被调用或被执行前验证用户身份,只有通过验证的用户才被授予执行特定操作的权限,从而才能调用或执行代码。应用这种技术可以保护只允许特定用户执行的特定操作,保护业务规则,应对数据信息篡改泄漏的威胁,并防止恶意行为。考虑到组件的重用性,作者设计了安全组件。
|
| 关 键 词: | 双角色 代码授权 Web 组件 ASP.NET 身份验证 |
Design of a Web Security Component for Code Authorization Based on Dual-roles |
| |
| YANG Jun,LEI Dian.Design of a Web Security Component for Code Authorization Based on Dual-roles[J].Microcomputer Applications,2004,25(6):660-664. |
| |
| Authors: | YANG Jun LEI Dian |
| |
| Abstract: | Security is one of weighty problems in computer software application at all times. This paper presents a method that provides guidelines for designing code authorization based on dual-roles in ASP NET application. Through performing authorization configuration for code statically or dynamically, authenticating user's identity is requested before protected code is executed, and only authenticated users can get the permission to perform specific actions. Using this technique can allow appointed users to perform certain actions, protect business rules, prevent data tampering and information disclosure and avoid malicious acts. Considering the reusability of component, the author design a security component using this method. |
| |
| Keywords: | security Dual-roles authentication authorization ASP NET component |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
