Chapter 16. Security in Your ASP.NET 4 Web Site

WHAT YOU WILL LEARN IN THIS CHAPTER:

  • Important terminology you'll encounter when dealing with security

  • The ASP.NET application services that drive the security model of ASP.NET

  • How you can let users sign up for an account for your site

  • How users can reset their passwords or request new ones

  • How you can manage the users and roles in your database at development time

  • How you can present different content to different users based on their access rights in the system

Until now you have been creating pages in your web site that are accessible to all visitors to your site. There is yet no way to block certain resources like ASPX files or even whole folders for specific users. That means, for example, that currently anyone can access your Management folder and start messing with the genres and reviews in the system.

Clearly this is not something you'd want in a production web site. So, you need to think of a good security strategy to stop unwanted users from accessing specific content. You also need to look at a mechanism that enables users to sign up for a new account and at the same time enables you to designate certain users as managers of your web site and grant them special access rights.

ASP.NET 4 ships with all the tools you need to create a solid and safe security mechanism. In this chapter you learn how to make use of these tools in your ASP.NET web site.

Before you start looking at how security is implemented in the ASP.NET Framework, you ...

Get Beginning ASP.NET 4: in C# and VB now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.