If you are building web applications or web services with ASP.NET and you want to keep them secure, this is the book for you.
This book will show you how to make effective use of the security framework provided by ASP.NET.We cover the key technologies for authentication (identifying users) and authorization (controlling access to recources). We also show how we can use other ASP.NET features to keep our applications secure.
ASP.NET provides a flexible and extensible authentication framework. We present the built in options for authentication, discussing when they should be used and showing how they should be applied for maximum security. For those who have needs beyond what the standard authentication methods provide, we show how to extend and enhance them to create custom security systems.
Authorization is covered in depth. We show how to use the built in authorization system to control access to the resources that a web application exposes. We then take things further by showing how to extend the system to address more advanced authorization scenarios.
Good configuration is vital if our applications are to be secure. We explain how to configure IIS and ASP.NET so that they work together to provide good security.
Even with a good authentication and authorization system, there are still many ways in which a web application can be attacked. We show how we can code ASP.NET applications to avoid the most common vulnerabilities.
Code Access Security, a good way to restrict what operations code can perform, is introduced with examples that show how it can be applied.
Most of the techniques presented in the rest of the book apply just as well to web services as to browser based web applications. We also discuss some additional techniques particular to web services.