In this chapter
I can't tell you how many times I have sat in a meeting where management and marketing painted a rosy picture about the next application that we would be developing. The applications always had the bells and whistles, were easy to use, and would make us tons of money. But the question of security was never raised during these meetings. All marketing wants is a slick application that will attract lots of paying customers. All management wants is to get the application finished on time. And the developers get swept up in the euphoria of the moment and neglect to ask the tough questions about security.
This chapter talks about security for ASP.NET applications. It talks about the security that is available through IIS, and several types of security that are available through ASP.NET. One of the things you will find, though, when you add security to your application, is that security can be at 180 ° odds with marketing's plans of having a Web site that is slick and easy to use. You see, when you add security it makes it harder for users to get where they want to be, because not all users are going to be allowed to access certain Web pages and information. Your job is to balance the ease of use for your Web application with the need for security. You will have to know that the person who is trying to access restricted pages has the proper credentials. This chapter shows you how to add security to your ASP.NET application, and gives you a road map for how to make your decisions when it comes to which security methods you should implement.