| ASP .NET Security Issues |
| MSDN |
| This month I'm starting a series of columns dedicated to security in the Microsoft® .NET Framework, and I figured that the best place to start would be one of its most popular features, ASP .NET. |
|
| Custom Security Implementation |
| C#Today |
| In the previous articles in this series, we have discussed the security architectures and schemes available to developers in the .NET framework. Code access security and role based security are the two main types of security available to developers. In this article, Kaushal Sanghavi explores .NETs support for building a custom security scheme by implementing our own identity and principal classes that rely on user information stored in a database. In the previous article on Custom Security Permissions, we focused on Code Access Security, while in this article we focus on extending .NETs support for Role Based Security. |
|
| HTTP Handlers and HTTP Modules |
| 15 Seconds |
| Using HTTP handlers and modules. |
|
| Implementing .NET Role-Based Security without COM+ |
| Egg Head Cafe |
| Security is important. Most developers don't like security. It requires a lot of thought. It requires study. Most developers would rather just "write code", and leave security to "somebody else". Unfortunately, if you are a developer and your job is to produce an application, then guess who that "somebody else" usually is? It's YOU. Even behemoth Microsoft got the message loud and clear. They've made security the single most important thing, above everything else. Wanna know why .NET Server, which was supposed to be released back in March, is delayed until the third quarter? Security! They weren't satisfied, and so they went back to the drawing board, so to speak. And its for real, too. The Microsoft insiders with whom I am privileged to speak with from time to time are totally focused on security. |
|
| Implementing Role-Based Security with ASP.NET |
| 4Guys from Rolla |
| In my previous article, I demonstrated how authentication providers can be used to manage the process of authenticating users. I also showed that classes and methods exist within the .NET Framework that can be used to inspect the basic attributes of a current user. In this article, I will extend upon that base, by showing how the .NET Framework provides support for the implementation of role based security. |
|
| Role Based Security |
| C#Today |
| One of the most common ways of handling authorization is via a technique known as Role Based Security (other techniques use individual user information to grant or deny access). Different variations of role based security have existed in Windows for a long time now. Windows NT and Windows 2000 define built in user groups, such as Administrators, Power Users, etc, and users are granted access to files and network shares based on their Windows group memberships. MTS and COM+ introduced role based security at the application development level, and the .NET framework builds upon this. In this article, Kaushal Sanghavi explores .NETs support for role based security and how it can be used to build a flexible authorization scheme. |
|
| Understanding .NET Code Access Security |
| C# Corner |
| When we are running an application and we need to run a feature for which, the application does not have the relevant module, the application connects to the Internet and downloads the module into the Global Assembly Cache (GAC) and begins executing. This is done without being prompted to us. |
|
| Web Services Enhancements 2.0 Support for WS-Policy |
| MSDN |
| Want to write less code and interoperate more? Use the assertions support in WSE 2.0 and the standard expressions for Web service applications in WS-Policy to enter a whole new age of reason. |
|
