Događaj
Power BI DataViz Svetsko prvenstvo
14. feb 16 - 31. mar 16
Sa 4 šanse za ulazak, možete osvojiti konferencijski paket i stići do LIVE Grand Finale u Las Vegasu
Saznajte višeOvaj pregledač više nije podržan.
Nadogradite na Microsoft Edge biste iskoristili najnovije funkcije, bezbednosne ispravke i tehničku podršku.
ASP.NET Core enables developers to configure and manage security. The following list provides links to security topics:
These security features allow you to build robust and secure ASP.NET Core apps.
For Blazor security coverage, which adds to or supersedes the guidance in this node, see ASP.NET Core Blazor authentication and authorization and the other articles in Blazor's Security and Identity node.
ASP.NET Core provides many tools and libraries to secure ASP.NET Core apps such as built-in identity providers and third-party identity services such as Facebook, Twitter, and LinkedIn. ASP.NET Core provides several approaches to store app secrets.
Authentication is a process in which a user provides credentials that are then compared to those stored in an operating system, database, app or resource. If they match, users authenticate successfully, and can then perform actions that they're authorized for, during an authorization process. The authorization refers to the process that determines what a user is allowed to do.
Another way to think of authentication is to consider it as a way to enter a space, such as a server, database, app or resource, while authorization is which actions the user can perform to which objects inside that space (server, database, or app).
ASP.NET Core and EF contain features that help you secure your apps and prevent security breaches. The following list of links takes you to documentation detailing techniques to avoid the most common security vulnerabilities in web apps:
There are more vulnerabilities that you should be aware of. For more information, see the other articles in the Security and Identity section of the table of contents.
We recommend using the most secure authentication option. For Azure services, the most secure authentication is managed identities.
Avoid Resource Owner Password Credentials Grant because it:
Managed identities are a secure way to authenticate to services without needing to store credentials in code, environment variables, or configuration files. Managed identities are available for Azure services, and can be used with Azure SQL, Azure Storage, and other Azure services:
When the app is deployed to a test server, an environment variable can be used to set the connection string to a test database server. For more information, see Configuration. Environment variables are generally stored in plain, unencrypted text. If the machine or process is compromised, environment variables can be accessed by untrusted parties. We recommend against using environment variables to store a production connection string as it's not the most secure approach.
Configuration data guidelines:
For more information, see:
For information on other cloud providers, see:
For guidance on creating a reliable, secure, performant, testable, and scalable ASP.NET Core app, see Enterprise web app patterns. A complete production-quality sample web app that implements the patterns is available.
Povratne informacije za ASP.NET Core
ASP.NET Core je projekat otvorenog koda. Izaberite vezu da biste pružili povratne informacije:
Događaj
Power BI DataViz Svetsko prvenstvo
14. feb 16 - 31. mar 16
Sa 4 šanse za ulazak, možete osvojiti konferencijski paket i stići do LIVE Grand Finale u Las Vegasu
Saznajte višeObuka
Modul
Secure a .NET web app with the ASP.NET Core Identity framework - Training
Learn how to add authentication and authorization to a .NET web app using the ASP.NET Core Identity framework.
Certifikacija
Microsoft Certified: Azure Security Engineer Associate - Certifications
Demonstrate the skills needed to implement security controls, maintain an organization’s security posture, and identify and remediate security vulnerabilities.
Dokumentacija
Overview of ASP.NET Core Authentication
Learn about authentication in ASP.NET Core.
Introduction to Identity on ASP.NET Core
Use Identity with an ASP.NET Core app. Learn how to set password requirements (RequireDigit, RequiredLength, RequiredUniqueChars, and more).
Use Identity to secure a Web API backend for SPAs
Learn how to use Identity to secure a Web API backend for single page applications (SPAs).