For more information, see the following resources:
For information about establishing a secure Machine.config and Web.config configuration, see Chapter 19, "Securing Your ASP.NET Application and Web Services."
For a printable checklist, see "Checklist: Securing ASP.NET" in the "Checklists" section of this guide.
For information on securing your developer workstation, see "How To: Secure Your Developer Workstation" in the "How To" section of this guide.
For more information on authentication and authorization in ASP.NET, see Chapter 8, "ASP.NET Security," in "Microsoft patterns & practices Volume I, Building Secure ASP.NET Applications: Authentication, Authorization, and Secure Communication " at http://msdn.microsoft.com/library/en-us/dnnetsec/html/SecNetch08.asp .
For walkthroughs of using Forms Authentication, see "How To: Use Forms Authentication with SQL Server 2000" and "How To: Use Forms Authentication with Active Directory", in the "How To" section of "Microsoft patterns & practices Volume I, Building Secure ASP.NET Applications: Authentication, Authorization, and Secure Communication " at http://msdn.microsoft.com/library/en-us/dnnetsec/html/SecNetHT00.asp .
For more information about using regular expressions, see Microsoft Knowledge Base article 308252, "How To: Match a Pattern by Using Regular Expressions and Visual C# .NET."
For more information about user input validation in ASP.NET, see MSDN article " User Input Validation in ASP.NET" at http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnaspp/html/pdc_userinput.asp .
For more information about the Secure cookie property, see RFC2109 on the W3C Web site at http://www.w3.org/Protocols/rfc2109/rfc2109 .
For more information on security considerations from the Open Hack competition, see MSDN article "Building and Configuring More Secure Web Sites" at http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnnetsec/html/openhack.asp .