November 2008
Intermediate to advanced
935 pages
30h 36m
English
book
Professional ASP.NET 3.5 Security, Membership, and Role Management with C# and VB
by Bilal Haidar, Stefan Schackow
Content preview from Professional ASP.NET 3.5 Security, Membership, and Role Management with C# and VB
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.
18.2. Developers Beware
This section discusses a list of recommendations that you should follow to secure your ASP.NET web application against malicious attacks. Several books could be written on this topic, however, this section will cover as many recommendations as possible to give you an overview of some of the practices you can follow to protect your application.
18.2.1. Know Your Users
Knowing your users takes the form of both authenticating and authorizing users accessing the web application. Authenticating the user means making sure the user is a member of your user safe-list that can access the application. On the other hand, authorizing a user means knowing what rights and privileges the user has that allows them to access resources in the application.
18.2.1.1. Authenticate Users
ASP.NET 3.5 offers several options for authenticating users. As you have seen throughout the previous chapters in the book, you can make use of Forms Authentication and Windows Authentication as out-of-the-box authentication types offered by ASP.NET, or you can develop your own custom authentication mode. Forms authentication is mainly configured when the application is accessed online by users that do not necessarily correspond to users present in the Active Directory (AD) of a domain controller. It is best suited for web applications that store the users' credentials in databases or any other suitable and secure data store. On the other hand, Windows authentication best suits local intranets ...
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access
More than 5,000 organizations count on O’Reilly
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.Julian F.
I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.Addison B.
I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.Amir M.
I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.