•Modular Design:
–Reduced exposure at installation and runtime
•.Net Integration:
–Forms Auth for any content
–Use of .NET Role and Membership Providers
•Built in anonymous account
–Easier to administer, restore, and configure
•Application Pool Isolation
–Improved Sandboxing between applications
•URLAuthorization and Request Filtering
–New choices for improving security
•Kernel mode SSL and authentication
–Faster negotiation of security exchanges, fewer problems
•Features implemented as discrete modules
•Modularity improves security
-Reduced module set by default at install
-Remove modules that you do not need
•Extensibility allows security customization
•Add authentication, logging, or blocking mechanisms
•Integrated pipeline enables Forms authentication with any content
•Leverage existing user database with .NET Role/Membership providers
Examples: Store user names in:
Active directory or local SAM
SQL 2005 Express for static site users
ADAM for users and groups in a PHP application
DB2 mainframe users and groups in ASP.net
No comments:
Post a Comment