O'Reilly logo

Professional ASP.NET 3.5 Security, Membership, and Role Management with C# and VB by Stefan Schackow, Bilal Haidar

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Chapter 5. Configuration System Security

Many .NET Framework features depend on initialization information stored in various configuration files. ASP.NET especially is heavily dependent on configuration sections for defining the behavior of many aspects of the ASP.NET runtime. As a result the configuration information frequently contains sensitive information (usernames, passwords, connections strings, and so on). Configuration information can also directly affect the security settings enforced by certain features. As a result, configuration security is an important aspect of ensuring that a web application works as expected.

This chapter covers the following aspects of securing configuration information:

  • Using the <location /> element.

  • Implementing granular inheritance control using the new "lock" attributes.

  • Setting access rights to read and modify configuration.

  • Managing IIS 7.0 configuration versus ASP.NET configuration.

  • IIS 7.0 Feature Delegation.

  • Implementing partial trust restrictions when using configuration.

  • Using the new protected configuration feature.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required