Chapter 16

Security in Your ASP.NET 4.5 Website

What You Will Learn in This Chapter:

• Important terminology you'll encounter when dealing with security
• The ASP.NET application services that drive the security model of ASP.NET
• How you can let users sign up for an account for your site
• How users can reset their passwords or request new ones
• How you can manage the users and roles in your database at development time
• How you can present different content to different users based on their access rights in the system

Wrox.com Code Downloads for this Chapter

You can find the wrox.com code downloads for this chapter on the Download Code tab at www.wrox.com/remtitle.cgi?isbn=1118311809. The code is in the chapter 16 download.

Until now, you have been creating pages in your website that are accessible to all visitors to your site. There is currently no way to block certain resources like ASPX files or even whole folders for specific users. That means, for example, that currently anyone can access your Management folder and start messing with the genres and reviews in the system.

Clearly, this is not something you'd want in a production website. So you need to think of a good security strategy to stop unwanted users from accessing specific content. You also need to look at a mechanism that enables users to sign up for a new account, and at the same time enables you to designate certain users as managers of your website and grant them special access rights.

ASP.NET 4.5 and VS ship with all ...