Chapter 16. Security in Your ASP.NET 4 Web Site
WHAT YOU WILL LEARN IN THIS CHAPTER:
Important terminology you'll encounter when dealing with security
The ASP.NET application services that drive the security model of ASP.NET
How you can let users sign up for an account for your site
How users can reset their passwords or request new ones
How you can manage the users and roles in your database at development time
How you can present different content to different users based on their access rights in the system
Until now you have been creating pages in your web site that are accessible to all visitors to your site. There is yet no way to block certain resources like ASPX files or even whole folders for specific users. That means, for example, that currently anyone can access your
Management folder and start messing with the genres and reviews in the system.
Clearly this is not something you'd want in a production web site. So, you need to think of a good security strategy to stop unwanted users from accessing specific content. You also need to look at a mechanism that enables users to sign up for a new account and at the same time enables you to designate certain users as managers of your web site and grant them special access rights.
ASP.NET 4 ships with all the tools you need to create a solid and safe security mechanism. In this chapter you learn how to make use of these tools in your ASP.NET web site.
Before you start looking at how security is implemented in the ASP.NET Framework, you ...