Chapter 12. Forms-Based Security

Back in the primitive days of personal computing, when each user’s computer stood alone and isolated, security was not such a big deal. Until computers became networked and viruses were let loose as a scourge on the Internet, security for most PCs meant screensaver passwords and a lock on the office door.

All of that has changed. Today’s computers are interconnected in myriad ways, on local networks and over the Internet. The pipes of data that connect your machine to the rest of the world are tremendously beneficial, but at the same time potentially harmful, opening your machine to outsiders. Some of those outsiders are malicious or just plain unwelcome. In any case, it is the job of security to let the good stuff in and keep the bad stuff out.

As part of the .NET Framework, ASP.NET 2.0 has a robust security infrastructure. ASP.NET is designed to work with Microsoft Internet Information Services (IIS), Windows 2000 to 2008, and the NTFS filesystem. Consequently, there is tight integration with the security provided inherently in those environments. If you are on an intranet and are certain that all your clients will be using Windows and Internet Explorer, there are features you can use to make your job as software developer easier. Alternatively, you can implement your security system independent of Windows and NTFS using the new forms-based security controls.

The fundamental role of security in ASP.NET is to restrict access to portions of a website. ...

Get Programming ASP.NET 3.5, 4th Edition now with the O’Reilly learning platform.

O’Reilly members experience live online training, plus books, videos, and digital content from nearly 200 publishers.