A good deal of writing a secure page depends on often-discussed topics such as input validation, handling malicious input, preventing SQL injection attacks, and so on. However, ASP.NET provides some lesser known configurable security features that add a degree of extra security to your pages. This chapter will review some security features for pages and compilation that have been around since ASP.NET 1.1, as well as security features in ASP.NET 2.0 and ASP.NET 3.5.
The topics that will be covered include:
Request validation and viewstate protection.
Options for securing page compilation.
Protecting against fraudulent postbacks.
Site navigation security.