Bukisa Payment: USD$10.69 Received

Hi everyone, after a long period of time using Bukisa (I'm not very active in Bukisa), I finally got paid by Bukisa. I received a total of USD$10.69 from Bukisa 2 weeks ago. For you information, I am very happy to get paid by Bukisa because I have not been very active in Bukisa and I got paid. It is quite easy. 

Anyway, starting today, I will be a lot more active in Bukisa. I hope that Bukisa will be another great source of income for me in the months to come. If you have not participated in Bukisa and you do not know what Bukisa is all about, you can continue reading this post because I will explain further about Bukisa or you can read about Bukisa in details [Bukisa: Write Articles and Get Paid]

Please continue reading for more information about Bukisa.

Bukisa is another site that works almost identical to Triond. Bukisa is a sites where we can publish our articles and make money from our articles CONTINUOUSLY months after months. So, Bukisa is a great site for lazy people like me because all I need to do is to write once and continuously making money over and over again using my articles. 

Bukisa is paying very good amount of money. Currently, Bukisa is paying USD$3.22 for 1000 views on our articles. So, if 1 of our articles get 1000 views, we get USD$3.22. Imagine that you have 100 articles that get 1000 views each and every month? That would be USD$322.00 per month with no extra works.

So, if your blog is making very less income for you or your blog not even make a penny for you, you can consider joining Bukisa because if you write articles, you will get paid in long term and the income is continuous income. 

So, I recommend Bukisa to everyone because it is an amazing site to make money without using a blog. 

I would be very thankful if you could join using this link ( Sign Up for Bukisa Free ), I really hope that you would join me in Bukisa using my link, so that we could be linked together in Bukisa and generate more views on each others articles together to make money faster in Bukisa. Thanks and lets make more money online. 

Note: Join using my link can help to link us together in Bukisa so that we can view each others articles faster generate more money together.

LinkWorth Payment Received: USD$31.94

I have received my LinkWorth payment for November 2010 few days ago. The LinkWorth payment is a total of USD$31.94. This the 10th times I am paid by LinkWorth. 

LinkWorth serves me well and LinkWorth paid me a lot of times. Recently, I have written an ebook about LinkWorth and how to get started ion LinkWorth. It would be good for beginner in LinkWorth. You can download the LinkWorth Ebook Free.

Continue reading to read all my payments from LinkWorth.

All my LinkWorth Payments:

1. LinkWorth Payment: USD$111.04
2. LinkWorth Payment: USD$64.37
3. LinkWorth Payment: USD$79.16
4. LinkWorth Payment: USD$29.45
5. LinkWorth Payment: USD$26.05
6. LinkWorth Payment: USD$59.17
7. LinkWorth Payment: USD$27.07
8. LinkWorth Payment: USD$57.94
9. LinkWorth Payment: USD$25.91

Earn Money From Blog Free E-book: How to Monetize Your Blog Using LinkWorth

Hi everyone, I am glad to inform all that I FINALLY completed my 2nd Earn Money From Blog Free E-book Series: How to Monetize Your Blog Using LinkWorth. 

"How to Monetize Your Blog Using LinkWorth" e-book is free for everyone and all Earn Money From Blog readers as well as visitors can download and read it. I have created this new e-book in PDF file, the format of the contents is PowerPoint Slides. I make the contents into PowerPoint Slides for easier reading and make it more organize by using bullets. 

So, I hope you can read it through and get started to make money from your LinkWorth account. Get LinkWorth started and monetize your blog using LinkWorth. If you have not got a LinkWorth account, you might want to get it Free: Sign Up for LinkWorth Free

If you would like to read all my payments from LinkWorth, you can continue reading for more information.

All my LinkWorth Payments:

1. LinkWorth Payment: USD$111.04
2. LinkWorth Payment: USD$64.37
3. LinkWorth Payment: USD$79.16
4. LinkWorth Payment: USD$29.45
5. LinkWorth Payment: USD$26.05
6. LinkWorth Payment: USD$59.17
7. LinkWorth Payment: USD$27.07
8. LinkWorth Payment: USD$57.94
9. LinkWorth Payment: USD$25.91

Increase Infolinks Earnings by 30% using a Simple Code

Hi everyone, few days ago, I mentioned about a new in text advertising program called Infolinks.com. So far, Infolinks is working great for me. Less than a week using Infolinks, I got some god income from Inforlinks.

In this post, I am going to share a method to increase Infolinks earnings by 30% or more. If you look at my blog carefully, you might notice that there is a text links provided by Infolinks, that is the way to make more money from Infolinks.

Please continue reading to get the code to make the Infolinks text link appear in your blog.


<input type="hidden" name="IL_RELATED_TAGS" value="1"/>

Copy and paste to your blog using "Add a Gadget", "HTML/Javascript". Move the gadget to the location you want and it will appear properly.

Note: You must have the Infolinks.com in-text advertising codes before using the codes in this post. You can refer to Infolinks blog for more information of implementation.

Infolinks: Make More Money From Pay Per Click In Text Advertising

Few days ago, I came across a new site to generate more income from our blog. The site is Infolinks.com which is offering in text advertising for all websites and blogging plaform. If you are confused what is "in text" advertising, just look around Earn Money From Blog, you will notice a lot of text are underlined in Green color. Those are text links created by Inforlinks.com.

Infolinks.com in text advertising is quite similar to in text advertisements of Kontera.com. Personally, I feel that Inforlinks.com is new and it is worth to give it a try. In text advertisements are effective and can engage users more efficiently. It is because by hovering our mouse pointer to the in text links, advertisements will appear to provide more information for readers.

So, in text advertising can actually get more clicks and make us more money. Since I am just starting out to try Infolinks.com, I hope I can see some good results to show you in few months time.

Please read on for more because I have place an important note at the later section of this post.


If your blog is generating low income, you might want to visit Infolinks.com. Maybe it will work well on your blog.

Note: To all blog readers, I am currently working on 2nd ebook "How to Monetize Blog using LinkWorth". Please stay tuned and grab my next ebook. Of course, it is free for every blog readers. 

Thanks for reading and have a great day ahead.

My Triond Income: I have been paid 23 times by Triond

I join Triond in the year 2008 and I am being paid continuously for 2 years and I am sure I will continue to be paid by Triond in the years to come. Although the money is small amount but the amount is increasing months after months. The key to make more money from Triond is simple and straight forward. All we need to do is to write good quality articles to Triond and make recurring income from our articles.

Below are all the payments I received from Triond from year 2008 until now:

June 2008	USD$1.17
August 2008	USD$0.69
October 2008	USD$3.89
November 2008	USD$0.53
December 2008	USD$0.52
January 2009	USD$1.07
February 2009	USD$0.69
March 2009	USD$0.54
April 2009	USD$0.59
May 2009	USD$0.56
June 2009	USD$0.69
July 2009	USD$0.63
August 2009	USD$0.87
September 2009	USD$0.63
November 2009	USD$0.65
December 2009	USD$0.63
January 2010	USD$0.54
March 2010	USD$1.01
May 2010	USD$0.78
June 2010	USD$2.19
July 2010	USD$4.01
August 2010	USD$7.10
September 2010	USD$2.26
TOTAL	USD$ 32.24

Although the amount is really small but in long term, it would be a good long term income. REMEMBER: I am aiming for long term RECURRING income, which means my income from Triond will be continuous each and every month without doing anything.

The amount paid by Triond is small but after adding AdSense to Triond, my income increase 4 times because I am earning from Google AdSense as well as Triond. This is a benefit of using Triond. [My Triond Success: USD$111.95]

Continue reading for more information about my Triond experience.

I do not post any picture of my PayPal receipt from Triond because there are too many of them to show. I hope you don't mind. I will post my coming payment together with picture of Triond receipt in my coming post.

java calculate the time difference

Core Tip: The following procedure describes the time in JAVA in comparison, to obtain the time difference. For example, if you want to implement a function, can be submitted within 30 minutes, not more than 30 minutes after the submission. Then: calculate the time difference ** / SimpleDateFormat sdf = new SimpleDateFormat ('yyyy-MM-dd HH: mm: ss'); S. ..

 The following procedure describes the time in JAVA in comparison, to obtain the time difference. For example, if you want to implement a function, can be submitted within 30 minutes, not more than 30 minutes after the submission. Then:
Calculate the time difference ** /

SimpleDateFormat sdf = new SimpleDateFormat ("yyyy-MM-dd HH: mm: ss");

String systemTime = sdf. Format (new Date ()). ToString ();

To the time of the interception time format string into a string ** /

Date begin = sdf.parse (2008-03-28 11:55:30);

Date end = sdf.parse (systemTime);

long between = (end.getTime ()-begin.getTime ()) / 1000; / / divide by 1000 to convert seconds

long day = between / (24 * 3600);

long hour = between% (24 * 3600) / 3600;

long minute = between% 3600/60;

long second = between% 60/60;

if ((hour == 0) & & (day == 0) & & (minute <= 30)) {/****/}

For example: It is now 2004-03-26 13:31:40

Past :2004-01-02 11:30:24

I now get two dates is poor, poor form: XX XX days XX hours XX minutes seconds

Method One:

DateFormat df = new SimpleDateFormat ("yyyy-MM-dd HH: mm: ss");

try

{

Date d1 = df.parse ("2004-03-26 13:31:40");

Date d2 = df.parse ("2004-01-02 11:30:24");

long diff = d1.getTime () - d2.getTime ();

long days = diff / (1000 * 60 * 60 * 24);

}

catch (Exception e)

{

}

Method Two:

SimpleDateFormat df = new SimpleDateFormat ("yyyy-MM-dd HH: mm: ss");

java.util.Date now = df.parse ("2004-03-26 13:31:40");

java.util.Date date = df.parse ("2004-01-02 11:30:24");

long l = now.getTime ()-date.getTime ();

long day = l / (24 * 60 * 60 * 1000);

long hour = (l / (60 * 60 * 1000)-day * 24);

long min = ((l / (60 * 1000))-day * 24 * 60-hour * 60);

long s = (l/1000-day * 24 * 60 * 60-hour * 60 * 60-min * 60);

System.out.println ("" + day + "days" + hour + "hours" + min + "minutes" + s + "seconds");

Method three:

SimpleDateFormat dfs = new SimpleDateFormat ("yyyy-MM-dd HH: mm: ss");

java.util.Date begin = dfs.parse ("2004-01-02 11:30:24");

java.util.Date end = dfs.parse ("2004-03-26 13:31:40");

long between = (end.getTime ()-begin.getTime ()) / 1000; / / divide by 1000 to convert seconds

long day1 = between / (24 * 3600);

long hour1 = between% (24 * 3600) / 3600;

long minute1 = between% 3600/60;

long second1 = between% 60/60;

System.out.println ("" + day1 + "days" + hour1 + "hours" + minute1 + "sub" + second1 + "seconds");

I am here out of a mistake, not the number of days to double check that the format of time

Here dateA, dateB format with the same yyyy-MM-dd! Remember!

/ **

* Based on the two dates, the number of days apart to obtain

* Method Name:

* @ Param dateA

* @ Param dateB

* @ Return

* /

public static int getBetweenDayNumber (String dateA, String dateB) {

long dayNumber = 0;

long DAY = 24L * 60L * 60L * 1000L;

SimpleDateFormat df = new SimpleDateFormat ("yyyy-MM-dd");

try {

java.util.Date d1 = df.parse (dateA);

java.util.Date d2 = df.parse (dateB);

dayNumber = (d2.getTime () - d1.getTime ()) / DAY;

} Catch (Exception e) {

e.printStackTrace ();

}

return (int) dayNumber;

}

java calculate the time difference

Core Tip: The following procedure describes the time in JAVA in comparison, to obtain the time difference. For example, if you want to implement a function, can be submitted within 30 minutes, not more than 30 minutes after the submission. Then: calculate the time difference ** / SimpleDateFormat sdf = new SimpleDateFormat ('yyyy-MM-dd HH: mm: ss'); S. ..

 The following procedure describes the time in JAVA in comparison, to obtain the time difference. For example, if you want to implement a function, can be submitted within 30 minutes, not more than 30 minutes after the submission. Then:
Calculate the time difference ** /

SimpleDateFormat sdf = new SimpleDateFormat ("yyyy-MM-dd HH: mm: ss");

String systemTime = sdf. Format (new Date ()). ToString ();

To the time of the interception time format string into a string ** /

Date begin = sdf.parse (2008-03-28 11:55:30);

Date end = sdf.parse (systemTime);

long between = (end.getTime ()-begin.getTime ()) / 1000; / / divide by 1000 to convert seconds

long day = between / (24 * 3600);

long hour = between% (24 * 3600) / 3600;

long minute = between% 3600/60;

long second = between% 60/60;

if ((hour == 0) & & (day == 0) & & (minute <= 30)) {/****/}

For example: It is now 2004-03-26 13:31:40

Past :2004-01-02 11:30:24

I now get two dates is poor, poor form: XX XX days XX hours XX minutes seconds

Method One:

DateFormat df = new SimpleDateFormat ("yyyy-MM-dd HH: mm: ss");

try

{

Date d1 = df.parse ("2004-03-26 13:31:40");

Date d2 = df.parse ("2004-01-02 11:30:24");

long diff = d1.getTime () - d2.getTime ();

long days = diff / (1000 * 60 * 60 * 24);

}

catch (Exception e)

{

}

Method Two:

SimpleDateFormat df = new SimpleDateFormat ("yyyy-MM-dd HH: mm: ss");

java.util.Date now = df.parse ("2004-03-26 13:31:40");

java.util.Date date = df.parse ("2004-01-02 11:30:24");

long l = now.getTime ()-date.getTime ();

long day = l / (24 * 60 * 60 * 1000);

long hour = (l / (60 * 60 * 1000)-day * 24);

long min = ((l / (60 * 1000))-day * 24 * 60-hour * 60);

long s = (l/1000-day * 24 * 60 * 60-hour * 60 * 60-min * 60);

System.out.println ("" + day + "days" + hour + "hours" + min + "minutes" + s + "seconds");

Method three:

SimpleDateFormat dfs = new SimpleDateFormat ("yyyy-MM-dd HH: mm: ss");

java.util.Date begin = dfs.parse ("2004-01-02 11:30:24");

java.util.Date end = dfs.parse ("2004-03-26 13:31:40");

long between = (end.getTime ()-begin.getTime ()) / 1000; / / divide by 1000 to convert seconds

long day1 = between / (24 * 3600);

long hour1 = between% (24 * 3600) / 3600;

long minute1 = between% 3600/60;

long second1 = between% 60/60;

System.out.println ("" + day1 + "days" + hour1 + "hours" + minute1 + "sub" + second1 + "seconds");

I am here out of a mistake, not the number of days to double check that the format of time

Here dateA, dateB format with the same yyyy-MM-dd! Remember!

/ **

* Based on the two dates, the number of days apart to obtain

* Method Name:

* @ Param dateA

* @ Param dateB

* @ Return

* /

public static int getBetweenDayNumber (String dateA, String dateB) {

long dayNumber = 0;

long DAY = 24L * 60L * 60L * 1000L;

SimpleDateFormat df = new SimpleDateFormat ("yyyy-MM-dd");

try {

java.util.Date d1 = df.parse (dateA);

java.util.Date d2 = df.parse (dateB);

dayNumber = (d2.getTime () - d1.getTime ()) / DAY;

} Catch (Exception e) {

e.printStackTrace ();

}

return (int) dayNumber;

}

Featured email transfer class for PHP

PHPMailer is a PHP useful to send the message class. It supports the use smtp server to send mail, also supports Sendmail, qmail, Postfix, Imail, Exchange, Mercury, Courier and other mail servers. If the server also supports SMTP authentication, multiple SMTP to send (but not quite sure what's the use.) Mail may include multiple TO, CC, BCC and REPLY-TO, supports both text and HTML mail format, you can wrap in support of attachments and images in various formats, custom e-mail first class basic mail functions. Because only contains a PHP mail function, so PHPMailer is greatly enhanced its is believed that meet the needs of many people, huh, huh.Which mainly include two types of documents: send mail function used to implement the class.phpmailer.php and smtp implementation class.smtp.php. Then there can achieve a variety of error output file, and a very detailed document. Software released under the LGPL agreement.

Is also very simple to use, see the following example to understand:

require ("class.phpmailer.php");

$ Mail = new PHPMailer ();

$ Mail-> IsSMTP (); / / send via SMTP 
$ Mail-> Host = "smtp1.site.com; smtp2.site.com"; / / SMTP servers 
$ Mail-> SMTPAuth = true; / / turn on SMTP authentication 
$ Mail-> Username = "jswan"; / / SMTP username 
$ Mail-> PassWord = "secret"; / / SMTP password 
'Www.knowsky.com 
$ Mail-> From = "from@email.com"; 
$ Mail-> FromName = "Mailer"; 
$ Mail-> AddAddress ("josh@site.com", "Josh Adams"); 
$ Mail-> AddAddress ("ellen@site.com"); / / optional name 
$ Mail-> AddReplyTo ("info@site.com", "Information");

$ Mail-> WordWrap = 50; / / set word wrap 
$ Mail-> AddAttachment ("/ var / tmp / file.tar.gz"); / / attachment 
$ Mail-> AddAttachment ("/ tmp / image.jpg", "new.jpg"); 
$ Mail-> IsHTML (true); / / send as HTML

$ Mail-> Subject = "Here is the subject"; 
$ Mail-> Body = "This is the HTML body "; 
$ Mail-> AltBody = "This is the text-only body";

if (! $ mail-> Send ()) 
{ 
echo "Message was not sent "; 
echo "Mailer Error:". $ mail-> ErrorInfo; 
exit; 
}

echo "Message has been sent";

See PHPMailer homepage: http://phpmailer.sourceforge.net/

Featured email transfer class for PHP

PHPMailer is a PHP useful to send the message class. It supports the use smtp server to send mail, also supports Sendmail, qmail, Postfix, Imail, Exchange, Mercury, Courier and other mail servers. If the server also supports SMTP authentication, multiple SMTP to send (but not quite sure what's the use.) Mail may include multiple TO, CC, BCC and REPLY-TO, supports both text and HTML mail format, you can wrap in support of attachments and images in various formats, custom e-mail first class basic mail functions. Because only contains a PHP mail function, so PHPMailer is greatly enhanced its is believed that meet the needs of many people, huh, huh.Which mainly include two types of documents: send mail function used to implement the class.phpmailer.php and smtp implementation class.smtp.php. Then there can achieve a variety of error output file, and a very detailed document. Software released under the LGPL agreement.

Is also very simple to use, see the following example to understand:

require ("class.phpmailer.php");

$ Mail = new PHPMailer ();

$ Mail-> IsSMTP (); / / send via SMTP 
$ Mail-> Host = "smtp1.site.com; smtp2.site.com"; / / SMTP servers 
$ Mail-> SMTPAuth = true; / / turn on SMTP authentication 
$ Mail-> Username = "jswan"; / / SMTP username 
$ Mail-> PassWord = "secret"; / / SMTP password 
'Www.knowsky.com 
$ Mail-> From = "from@email.com"; 
$ Mail-> FromName = "Mailer"; 
$ Mail-> AddAddress ("josh@site.com", "Josh Adams"); 
$ Mail-> AddAddress ("ellen@site.com"); / / optional name 
$ Mail-> AddReplyTo ("info@site.com", "Information");

$ Mail-> WordWrap = 50; / / set word wrap 
$ Mail-> AddAttachment ("/ var / tmp / file.tar.gz"); / / attachment 
$ Mail-> AddAttachment ("/ tmp / image.jpg", "new.jpg"); 
$ Mail-> IsHTML (true); / / send as HTML

$ Mail-> Subject = "Here is the subject"; 
$ Mail-> Body = "This is the HTML body "; 
$ Mail-> AltBody = "This is the text-only body";

if (! $ mail-> Send ()) 
{ 
echo "Message was not sent "; 
echo "Mailer Error:". $ mail-> ErrorInfo; 
exit; 
}

echo "Message has been sent";

See PHPMailer homepage: http://phpmailer.sourceforge.net/

The practical application of program resources, ASP.NET application security model visit

The second Internet Guide: Framework, generally did not result from the logical framework is divided into that layer, business logic and data visiting layer; client process to visit the actual use of resources, their authentication and authorization is bound to span multiple levels. This article discuss the practical application of procedures SP.NET application resources application security model visit 2. Resources WEB visiting the practical application of identification procedures of foreign assistance to the client's typical resources include: Web server resources, such as Web pages, Web services, and static resources (static Web pages and images). Database resources, such as the text for ...: Summary: This paper describes. NET WEB application of the practical application of procedures for application of the model species, compare their advantages and disadvantages of proposed selection mechanism.

KEYexpress: the trusted security model sub-model to imitate / ASP.NET application sub-model commissioned by the practical application of WEB application

1. Introduction

ASP.NET WEB Application Application is the practical application of procedures are usually multi-system framework, the general did not result from the logical framework is divided into that layer, business logic and data visiting layer; client process to visit the actual use of resources, their authentication and authorization necessarily span multiple levels. This article discuss the practical application of procedures SP.NET application application security model resource visit

2. Resources visiting logo

WEB practical use of foreign assistance program to the client's typical resources include:

Web resources such as Web pages, Web services, and static resources (static web pages and images). 
Resources, such as the data for each user or the practical application of program-level data. 
Internet resources, such as remote document resource. 
Resources, such as, the event log and configuration documentation.

The practical application of procedures across the client layer to visit this part of the resources, to have a logo through all layers. That the identity of visitors to resources, including:

Original identity of the caller identity of the caller is the original and subsequent access through each layer. 

Process of identification of local resources is the application of visits and calls the downstream stop the current process ID. The feasibility of this approach relies on to cross the border, as the process identity must be the purpose of system identification. This needs to stop calling the following two methods:

Interface with one win in the security domain

Cross-win interface security domain - application and domain trust accounts, or there is no link to the application of trust duplicate user name and password. 
This method applies a service account the (fixed) service account. For example, the database's visit, the service account is estimated that by connecting to the database components that a regular SQL database user name and password. 
When the demand for fixed win the interface ID should be the actual application of Enterprise Services server application program. 
Custom logo does not win the interface when the account is available, the application did not score there Iprincipal and Iidentity construct their own identity, no results contain detailed information about the security context.

3. Resource visiting model

3.1 The trusted subsystem model

Figure 1 shows, in this model, the original caller's security context does not flow through the operating system level services, but application service layer in the middle of a fixed identity to visiting the downstream services and resources. Trusted subsystem model gets its name from the fact that a: the downstream services (estimated to be a database) Trust upstream services that allow the caller to stop authorization. The example in Figure 1, the database layer on the caller trust the authority to stop and allow only authorized caller ID visit the database of trusted applications.

3.1.1 Resource visiting model

In the trusted subsystem model, the resource visit the following pattern:

Authentication of users to stop the user mapping for the role authorization based on role membership to contact to stop applying a fixed trusted identity downstream resources visit

3.1.2 fixed identity

Together resources for visiting the control device downstream system of fixed identity, no results application process identity, application did not score a pre-set win interface account - service account to help. For the SQL database server resource control device, which means win on the SQL database server interface authentication.

Usually used when the application process ASP.NET application identity application process identity (ASPNET account for tacit knowledge). The actual practical application, we often need to change the ASPNET account to a more secure password, and the SQL database server MIRROR create an ASP.NET application with the account application process that matches the account interface on the match win. Specific tips are as follows:

Edit in% windr% / Microsoft.NET application application / Framework/v1.1.4322/CONFIG Machine.config under the list of documents, will element to reconfigure the password attribute, its default value to ; or through ASPNET_setreg.exe props, the user name and password saved to the registry, configure the following: < !-enable = "true" UserName = "Registry: HKLM / SOFTWARE / YourAPP / processsModel / ASPNET_SETREG, userName" passexpress = "Registry: HKLM / SOFTWARE / YourAPP / processsModel / ASPNET_SETREG, passexpress" ->

Another part of the application of the practical application of procedures specified SQL database account (char string in the connection name and password specified by the user) to visit SQL database server. In this case, the database must be configured for SQL database authentication. Saved in the configuration file needs the connection string encryption char.

3.2 Imitation / delegation model

Shown in Figure 2, the application copy / delegation model, a service or component (usually located in the business service layer logic) in the visit prior to the next downstream services, the application operating system copy function to mimic the client identity. If the service is on the same computer, the application of imitation is sufficient, if the downstream service is located on a remote computer applications also demand commission, the security context of the downstream resource is visiting the client's context.

3.3 Select resources to visit Model

Trial of two resources, such as visiting the model shown in Table I.

Trusted subsystem model to imitate / delegation model

The upper back-end services, trust audit function, if the infringement of the middle layer, the back-end resources vulnerable. Back-end service performance for each caller did not stop the authentication, authorization, security is good.

Scalability to support connection pooling, better scalability. Does not support connection pooling, scalability poor.

Control of the back-end ACL ACL configuration for a single entity to stop, control workers less.Each user must be granted the appropriate visit level, back-end resources and the number of users increases, the control of workers cumbersome.

Difficulties do not delegate the performance. Demand for commission. Most of the security services to help does not support delegates.

In most practical use of Internet programs and the practical application of a large intranet application process will be trusted subsystem model, mainly because this model can support scalability. Imitation / delegation model for small systems tend to. For this part of the practical application of procedures, scalability is not that the main planning factors, the main factor is the audit plan.

The practical application of program resources, ASP.NET application security model visit

The second Internet Guide: Framework, generally did not result from the logical framework is divided into that layer, business logic and data visiting layer; client process to visit the actual use of resources, their authentication and authorization is bound to span multiple levels. This article discuss the practical application of procedures SP.NET application resources application security model visit 2. Resources WEB visiting the practical application of identification procedures of foreign assistance to the client's typical resources include: Web server resources, such as Web pages, Web services, and static resources (static Web pages and images). Database resources, such as the text for ...: Summary: This paper describes. NET WEB application of the practical application of procedures for application of the model species, compare their advantages and disadvantages of proposed selection mechanism.

KEYexpress: the trusted security model sub-model to imitate / ASP.NET application sub-model commissioned by the practical application of WEB application

1. Introduction

ASP.NET WEB Application Application is the practical application of procedures are usually multi-system framework, the general did not result from the logical framework is divided into that layer, business logic and data visiting layer; client process to visit the actual use of resources, their authentication and authorization necessarily span multiple levels. This article discuss the practical application of procedures SP.NET application application security model resource visit

2. Resources visiting logo

WEB practical use of foreign assistance program to the client's typical resources include:

Web resources such as Web pages, Web services, and static resources (static web pages and images). 
Resources, such as the data for each user or the practical application of program-level data. 
Internet resources, such as remote document resource. 
Resources, such as, the event log and configuration documentation.

The practical application of procedures across the client layer to visit this part of the resources, to have a logo through all layers. That the identity of visitors to resources, including:

Original identity of the caller identity of the caller is the original and subsequent access through each layer. 

Process of identification of local resources is the application of visits and calls the downstream stop the current process ID. The feasibility of this approach relies on to cross the border, as the process identity must be the purpose of system identification. This needs to stop calling the following two methods:

Interface with one win in the security domain

Cross-win interface security domain - application and domain trust accounts, or there is no link to the application of trust duplicate user name and password. 
This method applies a service account the (fixed) service account. For example, the database's visit, the service account is estimated that by connecting to the database components that a regular SQL database user name and password. 
When the demand for fixed win the interface ID should be the actual application of Enterprise Services server application program. 
Custom logo does not win the interface when the account is available, the application did not score there Iprincipal and Iidentity construct their own identity, no results contain detailed information about the security context.

3. Resource visiting model

3.1 The trusted subsystem model

Figure 1 shows, in this model, the original caller's security context does not flow through the operating system level services, but application service layer in the middle of a fixed identity to visiting the downstream services and resources. Trusted subsystem model gets its name from the fact that a: the downstream services (estimated to be a database) Trust upstream services that allow the caller to stop authorization. The example in Figure 1, the database layer on the caller trust the authority to stop and allow only authorized caller ID visit the database of trusted applications.

3.1.1 Resource visiting model

In the trusted subsystem model, the resource visit the following pattern:

Authentication of users to stop the user mapping for the role authorization based on role membership to contact to stop applying a fixed trusted identity downstream resources visit

3.1.2 fixed identity

Together resources for visiting the control device downstream system of fixed identity, no results application process identity, application did not score a pre-set win interface account - service account to help. For the SQL database server resource control device, which means win on the SQL database server interface authentication.

Usually used when the application process ASP.NET application identity application process identity (ASPNET account for tacit knowledge). The actual practical application, we often need to change the ASPNET account to a more secure password, and the SQL database server MIRROR create an ASP.NET application with the account application process that matches the account interface on the match win. Specific tips are as follows:

Edit in% windr% / Microsoft.NET application application / Framework/v1.1.4322/CONFIG Machine.config under the list of documents, will element to reconfigure the password attribute, its default value to ; or through ASPNET_setreg.exe props, the user name and password saved to the registry, configure the following: < !-enable = "true" UserName = "Registry: HKLM / SOFTWARE / YourAPP / processsModel / ASPNET_SETREG, userName" passexpress = "Registry: HKLM / SOFTWARE / YourAPP / processsModel / ASPNET_SETREG, passexpress" ->

Another part of the application of the practical application of procedures specified SQL database account (char string in the connection name and password specified by the user) to visit SQL database server. In this case, the database must be configured for SQL database authentication. Saved in the configuration file needs the connection string encryption char.

3.2 Imitation / delegation model

Shown in Figure 2, the application copy / delegation model, a service or component (usually located in the business service layer logic) in the visit prior to the next downstream services, the application operating system copy function to mimic the client identity. If the service is on the same computer, the application of imitation is sufficient, if the downstream service is located on a remote computer applications also demand commission, the security context of the downstream resource is visiting the client's context.

3.3 Select resources to visit Model

Trial of two resources, such as visiting the model shown in Table I.

Trusted subsystem model to imitate / delegation model

The upper back-end services, trust audit function, if the infringement of the middle layer, the back-end resources vulnerable. Back-end service performance for each caller did not stop the authentication, authorization, security is good.

Scalability to support connection pooling, better scalability. Does not support connection pooling, scalability poor.

Control of the back-end ACL ACL configuration for a single entity to stop, control workers less.Each user must be granted the appropriate visit level, back-end resources and the number of users increases, the control of workers cumbersome.

Difficulties do not delegate the performance. Demand for commission. Most of the security services to help does not support delegates.

In most practical use of Internet programs and the practical application of a large intranet application process will be trusted subsystem model, mainly because this model can support scalability. Imitation / delegation model for small systems tend to. For this part of the practical application of procedures, scalability is not that the main planning factors, the main factor is the audit plan.