Chapter 11. Security

This chapter covers

  • Requiring authentication and authorization
  • Preventing cross-site scripting attacks
  • Mitigating cross-site request forgeries
  • Avoiding JSON hijacking

Security is often a vague and amorphous topic in web application development. We rely on the web server to keep our application secure, and we rely on our programming platform. The rest sometimes seems theoretical and rare. In this chapter, we’ll describe possible attacks and exactly what to do to prevent them by using two main approaches.

The first is traditional management of authentication and authorization. Authentication is ensuring that the user has supplied the proper credentials to access the system. When a user logs in, usually by providing a ...

Get ASP.NET MVC 2 in Action now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.