Chapter 15Security in Your ASP.NET Website

What you will learn in this chapter:

  • The difference between authentication and authorization
  • Implementing security in ASP.NET applications
  • Security and the database
  • How to secure your web application
  • Adding roles into your security
  • Using the user information

Code Downloads for this Chapter:

The wrox.com code downloads for this chapter are found at www.wrox.com/go/beginningaspnetforvisualstudio on the Download Code tab. The code is in the chapter 15 download and individually named according to the names throughout the chapter.

It seems like every week there is a news article about data breaches in online applications. While your application does not have the same security needs as a major online company that stores credit card numbers or banking information you do still have to enforce a certain level of security to keep your users' information private. Also, because you care about your users as individuals rather than simply as visitors, you need to have a way for them to uniquely identify themselves. This is the responsibility of ASP.NET security.

Sometimes, not only do you care about who a user is, you also care about what that user can do within your application. You can see this in your sample application—you created a place where a special kind of user can add items and manage other information. Determining what certain users can do, once you know who they are, is another area that is managed by ASP.NET security.

Up until now ...

Get Beginning ASP.NET for Visual Studio 2015 now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.