Security (How Do I in Visual Web Developer)
This page links to help on important information about securing your Web site. To view other categories of popular tasks covered in Help, see How Do I in Visual Web Developer.
Walkthroughs
Walkthrough: Creating a Web Site with Membership and User Login
Provides a tutorial on adding Web site security using ASP.NET features to add a login page, authentication, and authorization.Walkthrough: Managing Web Site Users with Roles
Provides a tutorial on assigning users to roles and securing resources based on roles.Walkthrough: Encrypting Configuration Information Using Protected Configuration
Provides a tutorial on encrypting a portion of the Web.config file to protect sensitive information.
Security Guidelines
Securing Membership
Provides guidelines for improving the security of ASP.NET membership to create and manage users.Securing Standard Controls
Provides guidelines for improving the security of form controls such as the AdRotator, TextBox, and ListBox controls.Securing Roles
Provides guidelines for improving the security of using ASP.NET roles to manage authorization.Securing ASP.NET Site Navigation
Provides guidelines for improving the security of site maps and navigation controls.Securing Browser Definition Files
Provides guidelines for improving the security of the .browser files in which information about capabilities of individual browsers is stored.Securing Data Access
Provides guidelines for improving the security of data access in ASP.NET Web applications.Securing Login Controls
Provides guidelines for improving the security of any Login, CreateUserWizard, PasswordRecovery, and other login controls in your Web site.Securing Profile Properties
Provides guidelines for improving the security of using ASP.NET profiles to create and manage user-specific information.Securing Web Parts Pages
Provides guidelines for improving the security of ASP.NET Web pages that users can customize in their browser.Securing Session State
Provides guidelines for improving the security of storing user-specific information in server memory.Securing ASP.NET Configuration
Provides guidelines for improving the security of .NET Framework configuration files.
General Security Practices
Basic Security Practices for Web Applications
Provides general information on security issues and security practices that apply to all Web sites.Storing Sensitive Information Using ASP.NET
Provides guidelines for helping keep passwords and other sensitive information secure.How to: Protect Against Script Exploits in a Web Application by Applying HTML Encoding to Strings
Provides steps for preventing malicious users from forcing unwanted code to run in your Web application.How to: Display Safe Error Messages
Provides steps for configuring your Web application for proper error handling and for displaying error messages that do not disclose sensitive information.Configuring ASP.NET Process Identity
Provides information about configuring your Web application to run as a specific Windows user identity.How to: Build and Run the Protected Configuration Provider Example
Provides steps for creating a custom encryption component for encrypting configuration elements.
Identifying Users
How to: Create an ASP.NET Login Page
Provides steps for creating an ASP.NET Web page that uses the Login control to authenticate users through ASP.NET membership.How to: Add a LoginStatus Button to an ASP.NET Web Page
Provides steps for adding a link to pages that helps users log in and out of your Web application.How to: Use Advanced Features of the ASP.NET Login Control
Provides steps for changing the default appearance of the Login control.How to: Use Advanced Features of the ASP.NET Login Control
Provides steps for customizing the behavior of the Login control.How to: Enable User Registration
Provides steps for enabling users to register on your Web site using the CreateUserWizard control and ASP.NET membership.How to: Display the Name of the Current User
Provides steps for using the LoginName control to display the user's logged-in name (or a login link).How to: Display Different Information to Anonymous and Logged In Users
Provides steps for using the LoginView control to create one display for logged-in users and a different one for users who are not yet logged in.How to: Enable User Password Recovery Using the ASP.NET PasswordRecovery Control
Provides steps for using the PasswordRecovery control to enable users to have a new or recovered password e-mailed to them.How to: Customize the PasswordRecovery Control
Provides steps for changing the default appearance of the PasswordRecovery control.How to: Implement Simple Forms Authentication
Provides steps for creating a custom authentication system where you create your own login page and authentication logic.How to: Sample Membership Provider Implementation
Provides steps for creating a custom provider to create and manage membership information.How to: Sample Role-Provider Implementation
Provides steps for creating a custom provider to create and manage role information.
Data Security
Securing Data Access
Provides guidelines for improving the security of data access in ASP.NET Web applications.How To: Secure Connection Strings when Using Data Source Controls
Provides steps for encrypting connection strings for database access.How to: Access SQL Server as a Local User
Provides steps for configuring your application to log into Microsoft SQL Server on the same computer as the Web server.How to: Access SQL Server Using a Mapped Windows Domain User
Provides steps for configuring your application to log into SQL Server using a specific Windows user account.How to: Access SQL Server Using Predetermined Credentials
Provides steps for configuring your application to log into SQL Server using a user name and password that you build into your application.How to: Access SQL Server Using Windows Integrated Security
Provides steps for configuring your application to log into SQL Server with the user's current Windows user account information.