Sams Teach Yourself ASP.NET in 21 Days, Second Edition By Chris Payne
Table of Contents
Day 21. Securing Your ASP.NET Applications
Q&A
Q1:
How can I encode and decode data?
A1:
Encoding and decoding data is part of cryptography, which is beyond the scope of this book. However, ASP.NET does support cryptographic operations and more, including digital signature creation, hashing, and message authentication. The System.Security.Cryptography namespace provides all the methods and objects you'll need for these mechanisms. See the .NET Framework SDK documentation for more information.
Q2:
Does the ASP.NET security system protect non-ASP.NET resources?
A2:
Unfortunately, no. Resources such as .txt, .htm, .jpg, .gif, and so on, which aren't associated with ASP.NET, aren't protected by security settings in the web.config file. Even though .aspx files or directories may be protected by web.config, users can view these other files freely (assuming they know the exact filenames, of course).
You can force ASP.NET to protect these files by mapping them to the ASP.NET process (aspnet_wp.exe) through the IIS Admin tool. This will cause security settings to be applied to these files, but it may result in a performance decrease.
