Chapter 27. Writing a Secure Web Site Using ASP.NET

for RuBoard

By Kevin Price

IN THIS CHAPTER

  • Designing a Secure Web Site

  • Implementing a Secure Web Site

By now, you should be familiar with the concepts involved in setting up a basic, secure Web site using Windows 2000 and Internet Information Services (IIS). To review the basics, see Chapter 16, "Data Transport Integrity: Keeping Data Uncorrupted." In this chapter, you learn how to use the following techniques to write a secure Web site using ASP.NET.

  • Use Advanced IIS Security tools to secure your site

  • Use Authentication to allow or deny users

  • Use Authorization to determine which users can execute code used in the site

  • Implement your secure Web site

  • Learn tactics used by hackers to attack your Web site

In this chapter, we will analyze the fictitious "SecureOffice" Web site. Before its creation, however, we will step through the decision-making process to look at our "requirements" and determine exactly which new features from ASP.NET we should use.

SecureOffice is a simple Web site that allows users to log in and read their material online. The goal of this Web site is to enable network users to log in, using their Windows 2000 credentials, and have access to certain company documentation that they have created. The hardware scenario is one server, protected by a firewall with port 80 open for inbound and outbound TCP; and port 443 open for HTTPS. Our user base should be considered basic, meaning they can open a browser and navigate through an application, but explaining security to them would be a lost cause. The key selling point is that you can create a secure site and have it up and running quickly.

NOTE

It is well beyond the scope of this book to discuss how to configure every possible option for whatever firewall you may be using. Please consult the documentation that came with your product regarding limiting port access. Also keep in mind that no Web site needs NetBIOS ports (135-139) exposed on an external interface.


Given that extensive set of requirements, pun intended, knowing that the data might contain proprietary information and your reputation is at stake, let's begin.

for RuBoard


. NET Framework Security
.NET Framework Security
ISBN: 067232184X
EAN: 2147483647
Year: 2000
Pages: 235

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net