.NET Tutorials, Forums, Interview Questions And Answers
Welcome :Guest
Sign In
Win Surprise Gifts!!!

Top 5 Contributors of the Month
Gaurav Pal
Post New Web Links

ASP.NET Security: An Introductory Guide to Building and Deploying More Secure Sites with ASP.NET and

Posted By:      Posted Date: August 21, 2010    Points: 0   Category :ASP.Net

ASP.NET and Microsoft Internet Information Services (IIS) work together to make building secure Web sites a breeze. But to do it right, you have to know how the two interrelate and what options they provide for securing access to a Web site's resources. This article, the first in a two-part series, explains the ABCs of Web security as seen through the eyes of ASP.NET and includes a hands-on tutorial demonstrating Windows authentication and ACL authorizations. A range of security measures and authentication methods are discussed, including basic authentication, digest authentication, and role-based security.

Jeff Prosise

MSDN Magazine April 2002

View Complete Post

More Related Resource Links

ASP.NET Security: An Introductory Guide to Building and Deploying More Secure Sites with ASP.NET and


Forms authentication is one of the most compelling and useful new features of ASP.NET. It enables developers to declaratively specify which files on their site can be accessed and by whom, and allows identification of a login page. When an unauthenticated user attempts to retrieve a page protected by forms authentication, ASP.NET automatically redirects them to the login page and asks them to identify themselves. Included here is an overview of forms authentication and what you need to know to put it to work. Also included is hard-to-find information on the security of cookie authentication and on combining forms authentication with role-based URL authorizations.

Jeff Prosise

MSDN Magazine May 2002

Secure By Design: Your Field Guide To Designing Security Into Networking Protocols


If you were to build a new communications protocol from scratch, how would you address security? Here the authors take a look at that question and generate some valuable insights into secure protocols.

Mark Novak and Andrew Roths

MSDN Magazine September 2006

Geneva Framework: Building A Custom Security Token Service


A Security Token Service, or STS, acts as a security gateway to authenticate callers and issue security tokens carrying claims that describe the caller. See how you can build a custom STS with the "Geneva" Framework.

Michele Leroux Bustamante

MSDN Magazine January 2009

Cutting Edge: Building A Secure AJAX Service Layer


This month Dino builds a service layer that authenticates users of Silverlight 2 and ASP.NET AJAX services to prevent illegal access to sensitive back-end services.

Dino Esposito

MSDN Magazine September 2008

Trustworthy Computing: Lessons Learned from Five Years of Building More Secure Software


Five years ago, Bill Gates issued a directive to enhance security across the board. Since then, many valuable lessons have been learned about building more secure software.

Michael Howard

MSDN Magazine November 2007

Security Briefs: Step-by-Step Guide to InfoCard


In my April 2006 column I began a discussion of InfoCard, the upcoming identity metasystem, which is being prepared for release in the Windows VistaT timeframe. If you haven't read that column, you should definitely start there because I'm going to assume you're familiar with the basics I covered.

Keith Brown

MSDN Magazine May 2006

Secure It: WS-Security and Remoting Channel Sinks Give Message-Level Security to Your SOAP Packets


As more organizations adopt XML-based Web Services, the need for message-level security has become evident. WS-Security, now supported in the Microsoft .NET Framework, addresses this need. Using the WS-Security framework, developers can implement channel sinks to intercept Remoting messages as they pass through the .NET Remoting infrastructure. The sink can read the message, change it, and pass it along. During this process, the message can be signed for added security. This article explains how to implement a Remoting channel sink that will modify the Remoting message by including a UserName token in the header, then sign the body using the token.

Neeraj Srivastava

MSDN Magazine November 2003

WS-Security: New Technologies Help You Make Your Web Services More Secure


Without good security, Web Services will never reach their potential. WS-Security and its associated technologies, the focus of this article, represent the future of security for Web Services. Provided here is an overview of these emerging security standards that explains what they do, how they work, and how they get along together. Topics discussed include integrity and confidentiality and how these are provided by public key cryptography, WS-Security, and more. Some of the key components of WS-Security, such as the wsu namespace, are also covered.

David Chappell

MSDN Magazine April 2003

Security in IIS 6.0: Innovations in Internet Information Services Let You Tightly Guard Secure Data


Security improvements have been a top priority in the evolution of IIS. IIS 6.0, which will be part of Windows .NET Server, has improved security features and a new approach to server configuration. New security-related tools for IIS, including IIS LockDown, make securing your server against attack easier than ever. The author explains how and why you can shut down services with IIS LockDown. He discusses limiting port access with TCP/IP filtering, controlling how files are served with extension mapping, what's new for Secure Sockets Layer, the use of URLScan, and more.

Wayne Berry

MSDN Magazine September 2002

.NET Framework: Building, Packaging, Deploying, and Administering Applications and Types-Part 2


Part 1 of this series discussed how types built for the common language runtime can be shared among applications in the Microsoft .NET Framework regardless of the .NET languages used to build them. This second part continues with building assemblies by first covering security, sharing assemblies, versioning, localization, and side-by-side execution. Because in .NET two DLLs with the same name can be loaded as long as another attribute-which can include the localization language-differs, versioning is much easier than it used to be, so DLL Hell may become a thing of the past.

Jeffrey Richter

MSDN Magazine March 2001

.NET Framework: Building, Packaging, Deploying, and Administering Applications and Types


Types that are built for the Common Language Runtime can be shared among applications in the Microsoft .NET Framework no matter which of the .NET languages they were built in, an obvious benefit to developers. This article describes the building, packaging, and deploying of applications and types for the .NET Framework, including the role and significance of assemblies, private and otherwise. The way metadata and assemblies help to solve some historical problems like versioning conflicts and DLL Hell, and how they improve system stability are also discussed.

Jeffrey Richter

MSDN Magazine February 2001

Web Security: Putting a Secure Front End on Your COM+ Distributed Applications


The Internet requires that developers provide a different security model for clients than is used on a closed network. Because it would be too resource-intensive for both the client and server to prove their identity to each other, you need to look at other ways to ensure secure communications. This article covers the options, from digital certificates to public and private key encryption to Secure Sockets Layer and Web certificates. The discussion covers the installation of certificates in Microsoft Internet Information Services along with other options specific to IIS. This article was adapted from Keith Brown's Programming Windows Security (Addison-Wesley), due out in July 2000.

Keith Brown

MSDN Magazine June 2000

Administrator and Developer Guide to Code Access Security in SharePoint Server 2007

Explore configuration options, get best practices for managing CAS in SharePoint environments, and walk through a complex CAS scenario.

MySites vs. Sub-sites - Can security be unique for each subsite

Good Day; I have a sharepoint farm with several 100,000 mysites, each of these mysites consumes 2MB of space when being set up.  There is no need for this in the way we implement and use sharepoint.  As we are moving from Sharepoint 2007 to Sharepoint 2010 I am looking to change our format if possible.  What I am thinking is to change from individual MySites for each user and move to 1 MySite for each organization and then a sub-site for each user in that organization.  My question is, if I create an MySite named Company-A and then have 600 sub-sites below it, named User-1, User-2,...User600 for example, can I set up individual security on each sub-site or is their security profile inherited from their main MySite.  For further detail I need to offer individuals the ability to control their own security or have the company control the security for them but some users will have more permissions that others, some will be able to use difference services and service apps while others will have very limited access.  I can do this when I give each user their own MySite but that is a lot of overhead, so by switching to 1 MySite per Orgnaization and individual sub-sites, I save a lot of space, overhead, and increase my performance of crawls, etc... Can what I am thinking be done? How granular is security trimming for sub-sites? Thanks C

Building and Deploying Projects

One of my biggest obstacles to development is that whenever I want to deploy a change I have to run a series of powershell scripts to destroy the site, retract the solution, install the solution and create the site. With the current small to medium size of my project they take about 6 to 8 minutes to run, that's a lot of downtime/time when i'm not coding during a day! I'd be keen to hear about how anyone else builds, we've used VS2010 deployment in the past but we occasionally ran into strange issues, so hence the powershell - i think VS largely does the same thing anyway? My second question is can i parallelise any of these tasks? For instance, should it be safe to destroy the site and retract the solution at the same time rather than one after the other? Thanks, HC

Secure channel cannot be opened because security negotiation with the remote endpoint has failed

Please help me to pinpoint what's wrong with the configurations. CoreClient client = new CoreClient(); client.ClientCredentials.UserName.UserName = "test"; client.ClientCredentials.UserName.Password = "test"; string msg = client.SayHello(); //==== ERROR Happens here Error message: Secure channel cannot be opened because security negotiation with the remote endpoint has failed. This may be due to absent or incorrectly specified EndpointIdentity in the EndpointAddress used to create the channel. Please verify the EndpointIdentity specified or implied by the EndpointAddress correctly identifies the remote endpoint. Configurations: Host: <behaviors> <serviceBehaviors> <behavior name="DefaultBehavior"> <serviceMetadata httpGetEnabled="true"/> <serviceDebug includeExceptionDetailInFaults="false"/> <serviceCredentials> <serviceCertificate findValue="MyServerCert" x509FindType="FindBySubjectName" storeLocation="LocalMachine" storeName="My"/> <userNameAuthentication userNamePasswordValidationMode="Custom" customUserNamePasswordValidatorType="Promotion.Services.UsernameValidator, LibraryIIS" /> </serviceCredentials> </behavior>
ASP.NetWindows Application  .NET Framework  C#  VB.Net  ADO.Net  
Sql Server  SharePoint  Silverlight  Others  All   

Hall of Fame    Twitter   Terms of Service    Privacy Policy    Contact Us    Archives   Tell A Friend