Chapter 18. ASP.NET Application Security

This chapter discusses the features you can use to increase the security of your ASP.NET applications. We discuss the overall issue of ASP.NET application security, and the mechanisms the .NET Framework provides to provide authentication, authorization, and impersonation services to ASP.NET applications. We then discuss the use of code-access security within ASP.NET hosted environments. We do not attempt to teach you about ASP.NET programming—a vast topic that is well beyond the scope of this book; we assume you already have experience developing with ASP.NET.

ASP.NET Security Explained

Web applications and XML web services developed using ASP.NET are the means through which many companies provide information and services to their customers and partners. The very nature of these services demands that they be accessible—usually located at the edge of the corporate network—and consequently reachable by anyone with an Internet connection. To be of value, these services must be available and reliable, meaning that authorized people can use them when they need to, without concern that the service will crash or behave unexpectedly. In addition, depending on the service and the type of data it processes, there may be a requirement (or possibly a legal obligation) for the service provider to ensure that the data produced by, or stored within, the service remains secure and secret.

Unfortunately, the reachability of ASP.NET applications, coupled with ...

Get Programming .NET Security now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.