Just the Facts

 

  • The ASP.NET worker process runs under a weak account named ASPNET or NETWORK SERVICE, depending on the process model in use. None of these accounts has administrative privileges.

  • You can change the worker process account, but you should at least give the new account full permissions on the folders where the ASP.NET runtime creates temporary files.

  • Forms authentication is the most common way of protecting ASP.NET pages and resources from unauthorized access in an Internet application. It works by attaching an authentication ticket to the request to prove the identity of the user; an HTTP module intercepts any requests and checks for that.

  • Membership API complements Forms authentication by decoupling the page code and the code that works with user information. This second type of code is isolated in a provider component that can be plugged into and out of the configuration file.

  • The role management API provides a rich API to manage roles and an HTTP module that uses a provider to extract role information for the user and that attaches that to the request.

  • The membership API is integrated with Visual Studio .NET through the WSAT tool, and it gives administrators a tool to manage users and roles offline.

  • The membership API is linked to a new family of controls for common login-related operations, such as password recovery and change, user creation, and login display.

  • Secure applications depend on secure coding practices that prevent common attacks. The key rule to apply all the time is, "Don't trust user input." Sanitizing any data the user inserts in the application is key, and validation controls and coded validation rules can raise the security bar much higher for attackers.

 


Programming Microsoft ASP. Net 2.0 Core Reference
Programming Microsoft ASP.NET 2.0 Core Reference
ISBN: 0735621764
EAN: 2147483647
Year: 2004
Pages: 112
Authors: Dino Esposito

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net