.NET Tutorials, Forums, Interview Questions And Answers
Welcome :Guest
Sign In
Win Surprise Gifts!!!

Top 5 Contributors of the Month
david stephan
Gaurav Pal
Post New Web Links

Security In Website

Posted By:      Posted Date: September 12, 2010    Points: 0   Category :ASP.Net
Hi guys,This is my first time, i am going to put my software application online.It directly starts with logging in and does some financial processing.From the Security point of view, What all is required to be taken into consideration ?1) how can i encrypt all the information sent to the server from the client ?2) how can i make sure everything is secured and wht points should i take care of.Thank you all

View Complete Post

More Related Resource Links

question about multi user website and security



i am developing a multi-user website using Dynamic Data and wondered if someone could answer the following or provide advice:

what is the best way of protecting data so someone (who has a login to the site) cannot see records intended ONLY to be viewable by another valid user?

as far as i can see a user can simply tamper with querystring or url values (if using routing) and bring up the details of records they should not.


any help qould be gratefully appreciated. i am drawing a blank so far and the easiest option may be to back to a traditional asp.net site where i can control things simply by use of a Session variable (UserID)



An add-on for this website failed to run. Check the security settings in Internet options for potent


Hello everyone,,

I am using IE8 and getting this problem.

An add-on for this website failed to run. Check the security settings in Internet options for potential conflicts.

Can anyone help me,,,plz

Security tips reqd for website database

I need to provide access to a SQL Server 2008 database to a website for a client. I haven't done this before and I'm looking for tips on security.

The website will be hosted on a server either in a DMZ or external to the network. Access to the SQL server will be through a Cisco router.
The network is a workgroup, not a domain. The website needs write access to one database.

The client wants enough flexibility that I can't restrict them to using stored procedures. It'll be their responsibility to ensure they don't wreck their database.

I'll give them datawriter permissions on that database, and enforce a strict password policy.

What other things should I do to safeguard the SQL server from the evils of the internet?

SharePoint Tutorial - Security

Security in SharePoint is comprised of users, groups and roles.

Users, Groups and Roles

A user account comes from the authentication system. For example, if Active Directory is used to authenticate then the user accounts will come from it.

There are two types of groups SharePoint uses: domain groups and SharePoint groups.

Asp.net web site security database


Hello all, I'm new to asp.net and I'm currently practising some few stuffs. I'm creating a hotel reservation system using ASP.net Web site in visual studio 2008 and I currently don't have an App_Data in my solution explorer unlike visual web developer.

1. I have planned to make users of the website login before making their reservations.

2. I have also planned to develop the website such that I will be able to know all reservations made by each user.

First and formost, I will like to know how I can access/View the security database?

Secondly, how do I link my custom made reservation database and the security database in order to achieve my second plan above.?

Someone help me.

Thank you.



hello i have the following problem

i have upload my content to hosting server but i get the following error

Security Exception

Description: The application attempted to perform an operation not allowed by the security policy.  To grant this application the required permission please contact your system administrator or change the application's trust level in the configuration file.

Exception Details: System.Security.SecurityException: Request for the permission of type 'System.Web.AspNetHostingPermission, System, Version=, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed.

Source Error:

An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.

Stack Trace:

[SecurityException: Request for the permission of typ

Resources for soup-to-nuts of website development lifecycle



 I'm looking for a website, or book, or some resource that can lead me down the path from website design to implementation/deployment. I know that covers a ton of material, but I am really looking for the bullet points, or high-lights, to make sure that I think of everything. I am mostly fuzzy on security measures and deployment since I haven't been involved in those aspects before.

Background:  I have been a programmer for many years, and with a little over 3 years' experience coding websites in vb.net/asp.net with sql server. Due to recent restructuring/layoffs at our firm, I find myself in the position of lead IT person - I'm feeling a bit underqualified but I feel this is my chance to work hard and step up to it. I'm very good at vb.net, master pages, css, asp.net, sql server. I'm worried that the person who was the lead before was doing a bunch of stuff that I'm not aware of...so I need to start learning more than just the code. I don't need lessons on how to code anything...I need to learn how it all gets put together - the next step up.

thanks for any suggestions!

website load testing


How can i check "load testing" on my site (its using vb.net and SQL server)? Any free tool available or can it be done through windows server IIS?

Difference Btw Website vs Web application and Virtual directory in IIS 7


May i know what is the Differenc that they actually make in IIS7 .

Please tell me at a low level as i am still a novice in Asp.Net


Thanks in Advance.


Why isn't my Views/Home/Home.Master file published when I publish my website?


Hi All,

I spent the better part of today hunting down an elusive error.  I was getting a message saying that it couldn't find the Index view for the Home controller, and it gave a list of locations it searched, e.g., ~/Views/Home/Index.aspx.  This was really confusing as the file definitely existing and was at ~/Views/Home/Index.aspx, the first place in the list of locations it searched for the view!

What I eventually discovered was that there was a file that did not get published when I used Visual Studio's "Publish" feature (this is on the "Build" menu).  That file was Views/Home/Home.master, and (as you can probably guess) is the master file used by Views/Home/Index.aspx.

Once I copied that file into place manually, it started working.  But I am left wondering--why???  Why does this file not get published?  It's a part of my project, I can see it in the solution explorer, and it's obviously a critical file that's necessary for the MVC app to run.  It has the same permissions as every other file in my project.  So why wouldn't it get copied?  And how can I fix it so it does get copied?

Thanks for any suggestions on this!


VS2010 Professional .NET 4.0 Remote Debugging ASP Website Project


Trying to remote debug ASP website from VS2010 Pro to Windows Server 2003 machine.  Specifically, trying to debug a Web Service, but breakpoint says, "The breakpoint will not currently be hit. No symbols have been loaded for this document."  This happens for all compiled code though.  I have read this is due to missing PDB files and the work around is to manually copy them, as noted here.  Problem is, I cannot find any PDB files for my project, except referenced libraries, which I can remote debug.


  • web.config has <compilation debug="true">
  • Debugger is attached to wewp.exe process on remote server
  • Installed VS2010 remote debugger from DVD (as I can remote debug referenced libraries)

This is beyond frustrating.  I migrated my code from VS2008 .Net3.5 to VS2010 .Net4.0 to take advantage of the inherent multithreading framework.  Debugging works when using local host and was stable until deployment to test server.

Thanks in advance,


System.Security.SecurityException: Request for the permission of type 'System.Web.AspNetHostingPerm


Good Day all,

Having an issue with an outside user accessing my IIS7 box. I do not have this problem when running the website from my host machine. I found this post: Http://forums.asp.net/t/1371394.aspx. I assure you that this is not a solution because I am not storing any of my files on a network share. 

What do you think my approach should be. 

I already have read rights to IIS user to my BIN folder. 

Thanks for the help. 

XBAP Security


We have a small XBAP file upload app that we are having trouble deploying. We were getting security errors when we were pushing this application that we don't get when running in our development environments on our machines. We gave the XBAP app full permissions and still got errors. Then we created a personal certificate and were able to get this to work. But that means we have to load a client side certificate for each and every machine that wants to run this which is ridiculous. Does anyone have a solution for this?

Intranet Users Challenged When Using Windows Integrated Security


We've setup an intranet site using Windows Integrated Security. Its up and running and users can access it. However, they are being challenged with a login dialog for the server when they initially access the site.

Isn't is possible to configure the server so that the users aren't challenged AND are recognized as being already authenticated by Windows? We're trying to go with a seamless experience, whereby all they have to do is login to their machine like normal and then go from there.

Security Question Answer Retrieval


I know there is a method built in for retrieving the encrypted password, but how do I retrieve the encrypted security answer?

What I want to do is have a member profile update screen that the end user can update their password and security question and answer. However, when they get to this page, I want to already be showing the security question (the easy part) and its answer (the not so easy part).

I have updated web.config with passwordFormat=Encrypted and have added a machineKey with the generator (forgot the link, but located on eggheadcafe somewhere).

I haven't done ANYTHING yet, since I already have a user store with hashed information. I wanted to get some functionality done before publishing, wiping the store and recreating users (only a couple developers).


Creating a user friendly alias for the website path


 Hello mates,

I am hosting my ASP.NET application on a Windows 2003 Server.

To browse to my application one has to type the path :http://serverName/applicationName

I want users to only type  applicationName on the web adress area.I believe there is something to do with alias and CNAME on DNS records that can adress this.

Any help on how to go about doing this will be highly appreciated.

ASP.NetWindows Application  .NET Framework  C#  VB.Net  ADO.Net  
Sql Server  SharePoint  Silverlight  Others  All   

Hall of Fame    Twitter   Terms of Service    Privacy Policy    Contact Us    Archives   Tell A Friend