| An Introductory Guide to Building and Deploying More Secure Sites with ASP.NET and IIS |
| MSDN |
| ASP.NET and Microsoft Internet Information Services (IIS) work together to make building secure Web sites a breeze. But to do it right, you have to know how the two interrelate and what options they provide for securing access to a Web site's resources. This article, the first in a two-part series, explains the ABCs of Web security as seen through the eyes of ASP.NET and includes a hands-on tutorial demonstrating Windows authentication and ACL authorizations. A range of security measures and authentication methods are discussed, including basic authentication, digest authentication, and role-based security. |
|
| An Introductory Guide to Building and Deploying More Secure Sites with ASP.NET and IIS, Part 2 |
| MSDN |
| Forms authentication is one of the most compelling and useful new features of ASP.NET. It enables developers to declaratively specify which files on their site can be accessed and by whom, and allows identification of a login page. When an unauthenticated user attempts to retrieve a page protected by forms authentication, ASP.NET automatically redirects them to the login page and asks them to identify themselves. Included here is an overview of forms authentication and what you need to know to put it to work. Also included is hard-to-find information on the security of cookie authentication and on combining forms authentication with role-based URL authorizations. |
|
| ASP .NET Security Issues |
| MSDN |
| This month I'm starting a series of columns dedicated to security in the Microsoft® .NET Framework, and I figured that the best place to start would be one of its most popular features, ASP .NET. |
|
| Custom Security Implementation |
| C#Today |
| In the previous articles in this series, we have discussed the security architectures and schemes available to developers in the .NET framework. Code access security and role based security are the two main types of security available to developers. In this article, Kaushal Sanghavi explores .NETs support for building a custom security scheme by implementing our own identity and principal classes that rely on user information stored in a database. In the previous article on Custom Security Permissions, we focused on Code Access Security, while in this article we focus on extending .NETs support for Role Based Security. |
|
| High-Performance .NET Application Development & Architecture |
| DotNetJunkies |
| It has always been a goal of project architects to plan an effective strategy from the ground up in regards to an new application. All relevant factors are taken into consideration with respect to the application, from its design and layout to a functional website infrastructure. |
|
| HTTP Handlers and HTTP Modules |
| 15 Seconds |
| Using HTTP handlers and modules. |
|
| Implementing .NET Role-Based Security without COM+ |
| Egg Head Cafe |
| Security is important. Most developers don't like security. It requires a lot of thought. It requires study. Most developers would rather just "write code", and leave security to "somebody else". Unfortunately, if you are a developer and your job is to produce an application, then guess who that "somebody else" usually is? It's YOU. Even behemoth Microsoft got the message loud and clear. They've made security the single most important thing, above everything else. Wanna know why .NET Server, which was supposed to be released back in March, is delayed until the third quarter? Security! They weren't satisfied, and so they went back to the drawing board, so to speak. And its for real, too. The Microsoft insiders with whom I am privileged to speak with from time to time are totally focused on security. |
|
| Implementing Role-Based Security with ASP.NET |
| 4Guys from Rolla |
| In my previous article, I demonstrated how authentication providers can be used to manage the process of authenticating users. I also showed that classes and methods exist within the .NET Framework that can be used to inspect the basic attributes of a current user. In this article, I will extend upon that base, by showing how the .NET Framework provides support for the implementation of role based security. |
|
| Role Based Security |
| C#Today |
| One of the most common ways of handling authorization is via a technique known as Role Based Security (other techniques use individual user information to grant or deny access). Different variations of role based security have existed in Windows for a long time now. Windows NT and Windows 2000 define built in user groups, such as Administrators, Power Users, etc, and users are granted access to files and network shares based on their Windows group memberships. MTS and COM+ introduced role based security at the application development level, and the .NET framework builds upon this. In this article, Kaushal Sanghavi explores .NETs support for role based security and how it can be used to build a flexible authorization scheme. |
|
| Role-based Security with Forms Authentication |
| DevHood |
| Forms Authentication in ASP.NET can be a powerful feature. With very little code and effort, you can have a simple authentication system that is platform-agnostic. If your needs are more complex, however, and require more efficient controls over assets, you need the flexibility of groups. Windows Authentication gives you this flexibility, but it is not compatible with anything but Internet Explorer since it uses NTLM, Microsoft's proprietary authentication system. Now you must choose how to manage your assets: provide multiple login pages / areas and force users to register for each, or assign groups to users and limit access to pages / areas to particular groups. |
|
| Security Headaches? Take ASP.NET 2.0 |
| MSDN |
| See the improved security features of ASP.NET 2.0 |
|
| Understanding .NET Code Access Security |
| C# Corner |
| When we are running an application and we need to run a feature for which, the application does not have the relevant module, the application connects to the Internet and downloads the module into the Global Assembly Cache (GAC) and begins executing. This is done without being prompted to us. |
|
| Web Services Enhancements 2.0 Support for WS-Policy |
| MSDN |
| Want to write less code and interoperate more? Use the assertions support in WSE 2.0 and the standard expressions for Web service applications in WS-Policy to enter a whole new age of reason. |
|
