Tải bản đầy đủ - 0 (trang)
Chapter 14. Windows Server 2003 Passports

Chapter 14. Windows Server 2003 Passports

Tải bản đầy đủ - 0trang

canalsobeextendedtoanorganization'sintranet,Web-based

mailsystem,andmore.

.NETPassportsareprotectedbyencryptionandstrictprivacy

policies.Ausercanpermitsomeorallofthisinformationhe

providestobesenttoaparticularWebsite.Forinstance,auser

signsontoaWebsiteusinghis.NETPassport.Theusercan

thenopttoprovideadditionalinformationbecausethis

particularWebsiteisane-commercesitethathetrusts.

The.NETPassportSSIoptionenablesorganizationstoprovide

consumerswithaneasyandsecurewaytosigninandmake

transactionsonaWebsite.Microsoftalsohasdeveloped.NET

PassportforKids,whichhelpsaWebsitecomplywiththe

Children'sOnlinePrivacyProtectionAct(COPPA)standards.

COPPArequiresthatoperatorsofonlineservicesorWebsites

obtainparentalconsentpriortothecollection,use,disclosure,

ordisplayofchildren'spersonalinformation.







TheBenefitsofUsing.NETPassports

Usingpassportsonyourownsiteorforapersonalaccount

providesnumerousbenefits..NETPassportisdesignedforboth

consumersandbusinessesalike,andsomeofitsmanybenefits

areasfollows:

.NETPassportprovidesconvenientandquicker

authenticationservice.

SSIkeepsusersfromhavingtorememberdifferent

usernamesandpasswordsfordifferentsitestheyvisit.

.NETPassportallowsuserstoeasilyconnecttositesfrom

variousdevicesincluding,butnotlimitedto,cellphones

andPocketPCs.

.NETPassportallowsbusinessestoeasilyrecognize

customersandpersonalizetheirexperience.

.NETPassportisversatile,allowingyoutoapplyittovarious

accessmethods,includingActiveDirectoryandWeb-based

applicationssuchasOutlookWebAccess(OWA).

Organizationsrequiringtightersecuritycanuseasecondary

layerofsecurity(suchasafour-digitpersonalidentification

number,orPIN,toaccompanyapassword).ThePINcannot

bestoredonthelocalcomputerortheorganizationhosting

.NETPassportservices.



InstallingandConfiguring.NETPassports

The.NETPassportserviceisoneofmany.NETservicesthat

Microsoftprovides.Aswithanyservicethatyouwanttoaddto

yourexistinginfrastructure,youwillwanttothoroughlytest

.NETPassportsinalabenvironmentpriortoimplementingthe

serviceinaliveproductionenvironment.

Because.NETPassportscontaininformationaboutusers,the

informationmustbeprotectedtoensureprivacyand

confidentiality.Asaresult,beforeyouusethe.NETPassport

service,youmustmeetvariousMicrosoftprerequisitestokeep

.NETPassportlegitimatethroughouttheInternet.Thefollowing

processisrequiredbeforeyouimplement.NETPassportson

yoursite:

CreateapassportaccountonMicrosoft's.NETPassportWeb

site(http://www.passport.com).

Reviewandadheretothe.NETPassportPrivacyPolicy

locatedat

http://www.passport.net/Consumer/PrivacyPolicy.aspand

theMicrosoftStatementofPolicyat

http://www.microsoft.com/info/privacy.htm.Ifyouare

planningtouse.NETPassportforKids,itisimportantto

alsoreviewandadheretothe.NETPassportKidsPrivacy

Statement

(http://www.passport.net/Consumer/KidsPrivacyPolicy.asp?

lc=1033).

ObtainaPreproduction(PREP)IDtobegintesting.NET

Passportonyoursite.Asmentionedearlier,youshould

alwaystestthisfunctionalitybeforeputtingitinto

production.



Whenyou'redevelopingaWebsitewith.NETPassportin

thePREPenvironment(andinaliveproduction

environment),youmustdisplayyourprivacypolicy.This

policyshouldconformtoMicrosoft'spolicies.

Priortoyoursitegoinglivewith.NETPassport,youmust

signacontract.

AfterasiteisissuedaSiteID,anencryptionkeyissenttothe

site.Thekeyisasharedsecretbetweenthesiteandthe.NET

Passportsystem(thatis,theloginserver).Thisallowsusersto

beauthenticatedand,equallyimportant,itallowsthesiteto

obtainuserauthenticationinformation.



Caution

Althoughrare,insomecases,upgradingfrom

Microsoft.NETPassportSoftwareDevelopmentKit

(SDK)version2.1totheWindowsServer2003

versionof.NETPassportcouldpotentiallydowngrade

.NETPassportfunctionality.Tominimizeanypossible

effectsfromanupgrade,runIISin6.0moderather

thanIIS5.0compatibilitymode.Wheneverpossible,

performacleaninstalloftheWindowsServer2003

versionof.NETPassport.



ObtainingaPREPID

APREPIDallowsanorganizationtouse.NETPassportonatest

sitebeforegoinglive.WithoutthePREPID,sitescouldnottest

the.NETPassportauthentication.ThisPREPIDisfortestinguse



only,soaliveSiteIDisrequiredtobeabletousethe.NET

Passportsiteinproduction.

ToobtainaPREPID,gototheMicrosoft.NETServicesManager

Websitelocatedathttps://www.netservicesmanager.com,as

showninFigure14.1.



Figure14.1.The.NETServicesManagerWebsite.



[Viewfullsizeimage]



Atthispoint,you'regiventheoptionto

Createa.NETPassportapplicationforthedevelopment/test

environment

Downloadinformationonhowtoimplementvarious.NET



Services

Viewsamplesites

Obtainbusiness-relatedinformation

Createandmanageanapplication

Tobegintheregistrationprocessforobtaininga.NETPassport

PREPID,dothefollowing:

1. ClicktheCreateandManageanApplicationlink.Ifyou

haven'tsignedinwitha.NETPassportaccount,you'llbe

directedtoeitherlogonorcreateanew.NETPassport

account.Referto"Workingwith.NETPassportAccounts"

laterinthischapterforinformationoncreatinga.NET

Passportaccount.

2. Afterreadingthetermsandagreement,clicktheAccept

Termsbuttontocontinue.ThisbringsyoutotheUser

Informationpage,whichasksforyourcontactinformation.

You'llalsochoosewhichnotificationsyouwanttoreceive.

3. OntheCreateandManageanApplicationpage,click

CreateApplication.

4. OntheCreatePreproductionApplicationpage,typeinthe

nameoftheapplicationandthenclicktheSubmitbutton.

5. ClicktheAddServicebuttonandselectthetypeof

passportservice(s)foryourdevelopment/testsite.Youcan

choosefrom.NETPassport,KidsPassportwithSSI,or

MicrosoftAlerts.ClicktheNextbuttonwhendoneto

advancetotheregistrationpages.



6. Dependingonwhichselectionyoumade,youhavetofill

outdifferentregistrationinformation.Inthisexample,the

Websitefeaturesthe.NETPassportoption.OntheGeneral

.NETPassportInformationpage,entertheappropriate

informationinthedialogboxes.Theboldfaceareassuchas

WebSiteTitle,DomainName,DefaultReturnURL,and

PrivacyPolicyLocationarerequiredinformation.When

you'refinished,clicktheNextbuttonsoyoucanbegin

providingco-brandinginformation.

7. Entertheappropriateco-brandinginformation.The

minimumrequiredinformationistheco-brandingimage.

ClickNexttoprovideother.NETPassport-related

information,suchasregistrationreturnpages,anddisable

copyright,asshowninFigure14.2.



Figure14.2..NETPassportregistration.

[Viewfullsizeimage]



8. OnthenextWebpage,enterthe.NETPassportSSI

information.TheExpireCookieURLinformationisrequired.

Thisisthelocationofthepagethatwilldeleteallthe

cookiessetby.NETPassportforthesite.

9. IfyouselectedKidsPassport,asinthisexample,enterthe

accountremovalanddataURLsaswellasthetypeof

consentneeded(limitedorfullconsent).

10. ClicktheSubmitbuttonwhendone.Thenextscreen

providesthe.NETPassportinformationforyoursite.The

pagedisplaystheSiteID(forthepreproduction

environment),lastmodificationdate,status,and

compliancerating.



UsingthePassportManagerAdministration

Utility

AdministratorsmustusethePassportManagerAdministration

utility,showninFigure14.3,toinstallandconfigure.NET

Passports.ThisutilityshouldberunafterreceivingthePREPID.



Figure14.3.ThePassportManager

Administrationutility.



[Viewfullsizeimage]



Inpreviousversionsof.NETPassport,thePassportManager

AdministrationutilitywasprovidedintheSDK,whichalso

includesseveraltoolsanddocumentationtomakeimplementing

.NETPassportsmucheasier.InWindowsServer2003,the

PassportManagerAdministrationutilityisbundledwithinthe

operatingsystem.

TobeginusingthePassportManagerAdministrationutility,do

thefollowing:

1. ChooseStart,Run,andthentypeMSPPCNFG.EXEintheRun

dialogboxtostartthePassportManagerAdministration

utility.

2. EnterthePREPIDthatyoureceivedintotheSiteIDbox.

3. Entertheappropriateinformationaboutyoursitesuchas

ReturnURL,CookiePath,andsoon.



Fororganizationswithmultipleservers,youcansavethe

PassportManagerAdministrationutilityconfigurationtoafile

thatcanbeexportedtoanotherserver.SelectSaveAsfromthe

FilemenutosaveaPassportConfigurationFile(*.ppi).



ObtaininganEncryptionKey

Foryoursitetoacquireuserauthenticationinformationfrom

the.NETPassportsystemforuseontheparticipatingsite,you

mustfirstdownloadanencryptionkey.Theencryptionkey

givesasiteauthorizationtoreceiveuserauthentication

informationfromthe.NETPassportsystem.

Todownloadanencryptionkey,dothefollowing:

1. GototheMicrosoft.NETServicesManagerWebsiteand

signinusing.NETPassport.

2. ClicktheApplicationstabandthenclickManage

Applications.

3. Selecttheapplicationthatyoucreatedearlierandthenclick

theNextbutton.

4. ClicktheDownloadKeyoption,andthenclicktheRequest

Keybutton.Microsoftthensendsyouanemailcontaining

thelinktousetoobtainthekey.

5. OntheCreateYourSecurityKeypage,showninFigure14.4,

typeinafour-digitorcharactersecuritykeytwiceand

provideanswerstothethreequestionsofyourchoosing.It

isimportanttorememberyouranswersforthesecondpart

ofobtainingyourkey.ClickContinuewhendone.



Figure14.4.Obtaininganencryptionkey.

[Viewfullsizeimage]



6. Answerthethreequestionsthatyoujustprovidedanswers

forandthenclickContinue.

7. OntheSecurityKeySign-inpage,enterthefour-digitor

charactersecuritykeyandclicktheSignInbutton.

8. ScrolldowntheDownloadKeypageandthenselectthe

operatingsystemandWebserveryouplantouse.

9. ClicktheDownloadKeybutton.Whenpromptedforthefile

download,clickSave.



Tài liệu bạn tìm kiếm đã sẵn sàng tải về

Chapter 14. Windows Server 2003 Passports

Tải bản đầy đủ ngay(0 tr)

×