Application and session
If you work through these examples in this chapter, you will see how easy it is to use session and application variables. It won't be long before you are totally comfortable with doing this in your applications.
Chapter 18. Security
In this chapter
I can't tell you how many times I have sat in a meeting where management and marketing
This chapter talks about security for ASP.NET applications. It talks about the security that is available through IIS, and several types of security that are available through ASP.NET. One of the things you will find, though, when you add security to your application, is that security can be at 180 ° odds with marketing's plans of having a Web site that is slick and easy to use. You see, when you add security it makes it harder for users to get where they want to be, because not all users are going to be allowed to access certain Web pages and information. Your job is to balance the ease of use for your Web application with the need for security. You will have to know that the person who is trying to access restricted pages has the proper credentials. This chapter shows you how to add security to your ASP.NET application, and gives you a road map for how to make your decisions when it comes to which security
Web Security Overview
It is one thing to worry about security on your company's network, but it is another thing to worry about security in a Web application. Connections can come from anyplace in the world, and the possibility of data interception exists
Authentication is one of the foremost
A client machine can surf to many Web sites without fear of who is managing the site and its content. But when it comes to sending sensitive information, such as Social Security numbers and credit card
The other side of the coin appears when the client is trying to access information that is itself sensitive; medical records would be a good example. A
Other examples of when the server must verify identity is when the client is trying to access some
Web application developers should always be aware of the level of security that is required for a situation. They should add only the security services that are necessary. Each additional security requirement makes your application more complex and can have significant impact on its design.