Inside ASP.NET Security

Security in ASP.NET covers quite a few fronts and not all could be mentioned here. The following sections include a description of many of the key pieces needed for the different types of security available.


The Web.config file stores much of the necessary information for security services, such as authentication, authorization, and impersonation. It can also serve as a user authority for authorized users. Listing 9.13 lists the valid settings for security in the Web.config file.

Listing 9.13. Valid Settings for Web.config
01 <configuration> 
02   <system.web> 
03     ... 
04     <authentication mode="{Windows|Forms|Passport|None}"> 
05       <forms name="CookieName" 
06              loginUrl="PathToLoginScript" 
07              timeout="minutes" 08 protection="{None| ...

Get Inside ASP.NET now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.