Chapter 13. Introduction to ASP.NET Security

By Kevin Price

IN THIS CHAPTER

• New Security Features in ASP.NET ”And How to Use Them

• Authentication for Web Services

• Code Access Security and ASP.NET

Now it's time to deal with a rather complex topic that has many noncomplex solutions. If there ever was an example of the phrase "ignorance is bliss," security is the winner. It seems that all is happy and running well until somebody points out a hole in your application that has exposed a Web or database server. Another developer's view on security is that it is a hopeless case. "Why should my company even worry about this ”no matter what we do, someone can still get through it." These are the same people who don't bathe because they're only going to get dirty again. When it comes to securing your ASP.NET application, what you don't know or choose not to know can have devastating effects on your ability to continue to collect a paycheck, or worse . In an effort from Microsoft to help your servers stay secure, some additions were made in ASP.NET over what you may already be used to from the ASP-based application on Internet Information Server. Most of these items are quite easy to implement with little to no impact on scalability or manageability of the application. It is the intent of this chapter to present the features provided to secure your ASP.NET applications in a manner that makes you, the developer, comfortable. The purpose of this chapter is to familiarize you with the concepts of what is available in ASP.NET with regard to security. This chapter will cover an introduction to the new features provided by ASP.NET, such as forms authentication, impersonation, and Microsoft Passport.