Chapter 12

Security

What you will learn in this chapter:

  • An overview of website security
  • Services offered by the WebSecurity Helper
  • How to retrofit security features to an existing site
  • How to manage access to parts or all of a website
  • How to let users create accounts
  • How to manage the display of content based on the user’s role

At this point, you have a site that is capable of storing items for sale, and notifying the person who posted the item by e-mail that their item is listed. You also have a way of managing categories with a series of CRUD forms in an administration area. However, the site is completely open, which means that anyone can access your CRUD forms and add or alter existing categories. This is likely to be unacceptable, because people will add duplicate items, or worse. You need some way to restrict access to the administration area to only people whom you trust. You need to be able to identify those people when they visit the site, and more importantly, you need to be able to prevent untrusted visitors from being able to access trusted areas.

Membership and Roles Management

The ASP.NET security model is built on two pillars — Membership and Roles Management. The next sections examine these concepts in more detail and explain what they incorporate.

Membership

A lot of sites these days invite visitors to register with them — to submit personal details in a form in order to take advantage of some of the features the site offers. For example, I have an account ...

Get Beginning ASP.NET Web Pages with WebMatrix® now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.