zoukankan      html  css  js  c++  java
  • 安全概念: Impersonation, Authentication, Authorization

    Impersonation
    Sometimes we want users' requests to be run in the security context of some other user identity. For that we use impersonation. Impersonation is a process in which a user accesses the resources by using the identity of another user. An example of impersonation is the use of the IUSR_machinename account that is created by IIS. When a Web site has anonymous access enabled, then IIS runs all the users' requests using the identity of the IUSR_machinename account.

     

    Authentication
    Authentication is a process in which the security infrastructure makes sure that the users are who they say they are. In order to do this, the security infrastructure collects the user's credentials, usually in the form of user ID and password, checks those credentials against any credentials' store. If the credentials provided by the user are valid, then the user is considered an authenticated user.

     

    Authorization
    Once we have authenticated the user and the user has valid credentials, it is time to check authorization.

    Authorization is a process in which the security infrastructure checks whether the authenticated user has sufficient rights to access the requested resource. If user has sufficient rights to access a resource, for example, the user has "write rights" on a file, then the operation succeeds; otherwise the operation fails.

     

    出处:

    http://www.15seconds.com/Issue/020312.htm

  • 相关阅读:
    移动端的头文件
    时间倒计时
    H5 判断应用是否打开或是下载
    创建 XMLHttpRequest 对象
    JS 发送POST
    总结题
    uploadify 插件,去了进度条
    PC 拖动 以百分比计算
    pc 拖动效果,拖动带范围
    spring.net 在demo中的分析
  • 原文地址:https://www.cnblogs.com/awpatp/p/1647571.html
Copyright © 2011-2022 走看看