Inside ASP.NET

Inside ASP.NET Security

Security in ASP.NET covers quite a few fronts and not all could be mentioned here. The following sections include a description of many of the key pieces needed for the different types of security available.

Web.config

The Web.config file stores much of the necessary information for security services, such as authentication, authorization, and impersonation. It can also serve as a user authority for authorized users. Listing 9.13 lists the valid settings for security in the Web.config file.

Listing 9.13. Valid Settings for Web.config

01 <configuration> 
02   <system.web> 
03     ... 
04     <authentication mode="{Windows|Forms|Passport|None}"> 
05       <forms name="CookieName" 
06              loginUrl="PathToLoginScript" 
07              timeout="minutes" 08 protection="{None| ...

Get Inside ASP.NET now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Inside ASP.NET by Scott Worley

Inside ASP.NET Security

Web.config

Listing 9.13. Valid Settings for Web.config

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly