Chapter 37. How to Deal with Unauthenticated Clients

If you're writing a server application and you wish all of your clients to be authenticated, you should read Items 35 and 36 to learn how to limit access to anonymous clients. One important approach is to avoid ever granting access to Everyone, preferring Authenticated Users when you want to grant a permission to all your clients.

If you want to provide service to unauthenticated users, and you won't be bothering to authenticate any of your clients, then you won't be performing any authorization (since you don't know the identity of any of your clients) and therefore this item doesn't apply to you.

But if you want to service both authenticated and unauthenticated requests, then, if you're going ...

Get The .NET Developer's Guide to Windows Security now with the O’Reilly learning platform.

O’Reilly members experience live online training, plus books, videos, and digital content from nearly 200 publishers.