Exam Ref AZ-300 Microsoft Azure Architect Technologies by Timothy L. Warner & Nicole Stevens & Derek Schauland & Mike Pfeiffer
Author:Timothy L. Warner & Nicole Stevens & Derek Schauland & Mike Pfeiffer [Timothy L. Warner]
Language: eng
Format: epub
Publisher: Microsoft Press
Published: 2019-11-24T16:00:00+00:00
Forms-based authentication
A legacy form of authentication is forms-based authentication. You may have come across this when you’ve been looking to rearchitect legacy on-premises applications to the cloud. This method of authentication has an HTML-based web form, which means it must be viewed and filled in on a browser. Therefore, the use case for this authentication is purely user intervention login; the user fills in information on the form, normally a username and password to authenticate against. One of the advantages to using this method was that the user didn’t have to be part of the domain to authenticate because the authentication process could be performed against a username and password stored within a database. Figure 4-1 shows the general flow of forms-based authentication, which works like so:
Figure 4-1 Forms-based authentication process 1. The user opens a website, and the browser requests a page that requires authentication.
2. The web server receives the request and serves a page with the login form.
3. The user enters credentials and submits them to the form. The form posts the credentials to the web server (in plaintext).
4. The web server authenticates the customer against the data stored in the database. If the information is correct, the user is redirected back to the application entry page with a session cookie.
5. The browser sends the session cookie to receive the original resource requested in step 1.
6. The server grants the request because it includes the authentication cookie. The server serves the page and resources.
There are security issues with this implementation that you need to be aware of when you’re determining whether to rearchitect or lift directly into the cloud:
■ The credentials are sent as plaintext. You must be securing any traffic to this site with HTTPS, although this is always best practice.
Download
This site does not store any files on its server. We only index and link to content provided by other sites. Please contact the content providers to delete copyright contents if any and email us, we'll remove relevant links or contents immediately.
Exploring Deepfakes by Bryan Lyon and Matt Tora(7728)
Robo-Advisor with Python by Aki Ranin(7625)
Offensive Shellcode from Scratch by Rishalin Pillay(6105)
Microsoft 365 and SharePoint Online Cookbook by Gaurav Mahajan Sudeep Ghatak Nate Chamberlain Scott Brewster(5023)
Ego Is the Enemy by Ryan Holiday(4958)
Management Strategies for the Cloud Revolution: How Cloud Computing Is Transforming Business and Why You Can't Afford to Be Left Behind by Charles Babcock(4438)
Python for ArcGIS Pro by Silas Toms Bill Parker(4183)
Elevating React Web Development with Gatsby by Samuel Larsen-Disney(3889)
Machine Learning at Scale with H2O by Gregory Keys | David Whiting(3626)
Learning C# by Developing Games with Unity 2021 by Harrison Ferrone(3285)
Speed Up Your Python with Rust by Maxwell Flitton(3231)
Liar's Poker by Michael Lewis(3223)
OPNsense Beginner to Professional by Julio Cesar Bueno de Camargo(3195)
Extreme DAX by Michiel Rozema & Henk Vlootman(3172)
Agile Security Operations by Hinne Hettema(3124)
Linux Command Line and Shell Scripting Techniques by Vedran Dakic and Jasmin Redzepagic(3109)
Essential Cryptography for JavaScript Developers by Alessandro Segala(3083)
Cryptography Algorithms by Massimo Bertaccini(3001)
AI-Powered Commerce by Andy Pandharikar & Frederik Bussler(2983)
