| An Introductory Guide to Building and Deploying More Secure Sites with ASP.NET and IIS |
| MSDN |
| ASP.NET and Microsoft Internet Information Services (IIS) work together to make building secure Web sites a breeze. But to do it right, you have to know how the two interrelate and what options they provide for securing access to a Web site's resources. This article, the first in a two-part series, explains the ABCs of Web security as seen through the eyes of ASP.NET and includes a hands-on tutorial demonstrating Windows authentication and ACL authorizations. A range of security measures and authentication methods are discussed, including basic authentication, digest authentication, and role-based security. |
|
| ASP .NET Security Issues |
| MSDN |
| This month I'm starting a series of columns dedicated to security in the Microsoft® .NET Framework, and I figured that the best place to start would be one of its most popular features, ASP .NET. |
|
| Custom Security Implementation |
| C#Today |
| In the previous articles in this series, we have discussed the security architectures and schemes available to developers in the .NET framework. Code access security and role based security are the two main types of security available to developers. In this article, Kaushal Sanghavi explores .NETs support for building a custom security scheme by implementing our own identity and principal classes that rely on user information stored in a database. In the previous article on Custom Security Permissions, we focused on Code Access Security, while in this article we focus on extending .NETs support for Role Based Security. |
|
| Implementing .NET Role-Based Security without COM+ |
| Egg Head Cafe |
| Security is important. Most developers don't like security. It requires a lot of thought. It requires study. Most developers would rather just "write code", and leave security to "somebody else". Unfortunately, if you are a developer and your job is to produce an application, then guess who that "somebody else" usually is? It's YOU. Even behemoth Microsoft got the message loud and clear. They've made security the single most important thing, above everything else. Wanna know why .NET Server, which was supposed to be released back in March, is delayed until the third quarter? Security! They weren't satisfied, and so they went back to the drawing board, so to speak. And its for real, too. The Microsoft insiders with whom I am privileged to speak with from time to time are totally focused on security. |
|
| Implementing Role-Based Security with ASP.NET |
| 4Guys from Rolla |
| In my previous article, I demonstrated how authentication providers can be used to manage the process of authenticating users. I also showed that classes and methods exist within the .NET Framework that can be used to inspect the basic attributes of a current user. In this article, I will extend upon that base, by showing how the .NET Framework provides support for the implementation of role based security. |
|
| Managed Security Context in ASP.NET |
| MSDN |
| In my November 2001 column I focused on the unmanaged security context that is used in an ASP.NET application. It's very important to choose this security context wisely, as any calls to the operating system or to your own unmanaged DLLs and COM components will run here. This month, I'll focus on the way you can make use of your managed security context. |
|
| Quick and easy user-level security checks |
| The Code Project |
| A library to manage the low-level details behind user-level security. |
|
| Quick and easy user-level security checks |
| The Code Project |
| A library to manage the low-level details behind user-level security. |
|
| Understanding .NET Code Access Security |
| C# Corner |
| When we are running an application and we need to run a feature for which, the application does not have the relevant module, the application connects to the Internet and downloads the module into the Global Assembly Cache (GAC) and begins executing. This is done without being prompted to us. |
|
| Unify the Role-Based Security Models for Enterprise and Application Domains with .NET |
| MSDN |
| Role-based security allows administrators to assign access permissions to users based on the roles they play rather than on their individual identities. These privileges can be used to control access to objects and methods, and are easier to identify and maintain than user-based security. The .NET Framework provides two role-based security models, which are exposed as two namespaces: System.Enterprise-Services and System.Security.Permissions. Presented here is a comparison of the two options and a discussion of when each is the right choice. The author also demonstrates the process involved in setting up access security and discusses role memberships. |
|
