本文介绍了信息安全中的核心概念——身份冒充、认证及授权。详细解释了如何通过使用其他用户的凭据来访问资源的身份冒充过程;认证过程则确保用户身份的真实性;授权则进一步检查已认证用户是否拥有访问特定资源的权限。
Impersonation
Sometimes we want users' requests to be run in the security context of some other user identity. For that we use impersonation. Impersonation is a process in which a user accesses the resources by using the identity of another user. An example of impersonation is the use of the IUSR_machinename account that is created by IIS. When a Web site has anonymous access enabled, then IIS runs all the users' requests using the identity of the IUSR_machinename account.
Authentication
Authentication is a process in which the security infrastructure makes sure that the users are who they say they are. In order to do this, the security infrastructure collects the user's credentials, usually in the form of user ID and password, checks those credentials against any credentials' store. If the credentials provided by the user are valid, then the user is considered an authenticated user.
Authorization
Once we have authenticated the user and the user has valid credentials, it is time to check authorization.
Authorization is a process in which the security infrastructure checks whether the authenticated user has sufficient rights to access the requested resource. If user has sufficient rights to access a resource, for example, the user has "write rights" on a file, then the operation succeeds; otherwise the operation fails.
出处:
扫一扫
28
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
