Skip to Content
Beginning ASP.NET 3.5: In C# and VB
book

Beginning ASP.NET 3.5: In C# and VB

by Imar Spaanjaars
March 2008
Intermediate to advanced content levelIntermediate to advanced
766 pages
21h 15m
English
Wrox
Content preview from Beginning ASP.NET 3.5: In C# and VB

15.4. Practical Security Tips

The following list provides some practical security tips.

  • Although the concept of security is introduced quite late in the chapter, you shouldn't see it as an afterthought. To ensure you create a solid and secure application you should keep security in mind from the very early stages of your web site development. Deciding whether you want to have areas that are only accessible to certain users, and whether you are going to force users into getting an account for your site before they get access is best done as early as possible. The later in the process you introduce these concepts, the more difficulties you'll face when integrating this functionality.

  • Try to group resources like ASPX pages under folders that represent roles in your system. Take, for example, the Management folder in the Planet Wrox web site. All pages related to the management of your site are packed together in a single folder, making it very easy to block the entire folder with a single <location> element in the web.config file. When the files you want to protect are scattered throughout your web site, you'll need more time to configure the application, and you'll end up with an unclear view of the active security settings.

  • When you create roles to differentiate between users on your web site, try to limit the number of different roles your system has. You'll find that your system becomes much easier to manage with only a handful of logically grouped roles than with a large number ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Start your free trial

You might also like

Beginning ASP.NET 4: in C# and VB

Beginning ASP.NET 4: in C# and VB

Imar Spaanjaars
Professional ASP.NET 3.5 SP1 Edition: In C# and VB

Professional ASP.NET 3.5 SP1 Edition: In C# and VB

Bill Evjen, Scott Hanselman, Devin Rader

Publisher Resources

ISBN: 9780470187593Purchase book