Designing Secure Mobile Web Form Pages

Building secure Web sites is always a top priority. There are additional security considerations when building a Web application that includes mobile Web pages and might communicate sensitive information over public data networks.

Authentication, authorization, and encryption are the three items you must consider for security in your Web applications. Authentication establishes the identity of a user. Authorization helps to control what the user can or cannot access. Encryption is the mechanism that helps to protect data as it passes between client and server.

ASP.NET mobile controls use the security infrastructure that is in place with Internet Information Services (IIS) and the Microsoft .NET Framework. For more in-depth discussion about encryption and authorization, see the .NET Framework documentation and IIS documentation. The ASP.NET 2.0 QuickStart Tutorial has an introduction to security that is a good place to start.

For more security recommendations, see Securing Applications and ASP.NET Web Application Security.

In This Section

• Authentication Options for Mobile Devices
  Describes the complexities of authenticating mobile devices.

• Security and WAP Gateways
  Describes the security issues associated with using WAP gateways.

• Port Usage for Mobile Applications
  Describes the ports that affect ASP.NET mobile Web pages.

See Also

Reference

MobileFormsAuthentication

Concepts

.NET Framework Cryptography Model

Inside the ASP.NET Mobile Controls

Other Resources

Secure Coding Guidelines

ASP.NET Web Application Security

ASP.NET Data Access

Developing ASP.NET Mobile Web Pages

Application Developer's Guide