Authentication and Authorization Without IIS
When using ASP.NET, remoting, or any technology that relies on authentication, it seems common that somewhere there will be a relational database (SQL Server 2000) that contains user information for purposes of authenticating users to a site. While this practice is somewhat understandable for those who don't want to issue a network account to every user who visits their site, probably because the site and the rest of the network are on the same subnet, it raises some security issues of its own. In fact, “issues” may not quite describe it—burning red flags of despair probably comes closer. Regardless, because ASP.NET has introduced new methods of authentication, discussed in Chapter 14, they rely on ...
Get .NET Framework Security now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
