20.2. The ASP.NET Security Model

As you've seen in previous chapters, web requests are fielded first by the IIS web server, which examines the file type. If the file type is registered to ASP.NET, the web server passes the request to ASP.NET. Figure 20-1 shows how these levels interact.

Figure 20.1. IIS and ASP.NET interaction

You can apply security at several places in this chain. First, consider the process for an ordinary (non-ASP.NET) web page request:

  1. IIS attempts to authenticate the user. Generally, IIS allows requests from all anonymous users and automatically logs them in under the IUSR_[ComputerName] account. IIS security settings ...

Get Beginning ASP.NET 3.5 in C# 2008: From Novice to Professional, Second Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.