Chapter 11. ASP.NET authentication and authorization


This chapter covers
  • Authentication and authorization in ASP.NET
  • FormsAuthentication and WindowsAuthentication
  • UrlAuthorization
  • The Membership and Roles APIs
  • Building custom providers for the Membership and Roles APIs


The previous chapter was about code security and common threats in web applications. At this point, you have a clear understanding of what security is and how to avoid problems by analyzing user input. Now it’s time to talk about two important and somewhat related topics—authentication and authorization.

ASP.NET has great flexibility in terms of authentication and authorization, which let you control access to web resources based on a different matrix of permissions by ...

Get ASP.NET 4.0 in Practice now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.