ASP.NET Security Content Map

This ASP.NET Security section includes topics that show you how to improve the security of a Web site or Web project. The topics provide information and code examples that illustrate security methods for ASP.NET Web sites and Web projects.



Getting started

Common security threats and their mitigation

Security architecture

Authentication (obtaining identification credentials)

Authorization (controlling access to resources)

Accessing authentication and authorization data using a web service

  1. ASP.NET Application Services Overview

  2. Walkthrough: Using ASP.NET Application Services

ASP.NET impersonation

Encrypting connection strings and other configuration information

Guarding against scripting exploits

Securing data connections

Securing hosted Web sites

Locking down an ASP.NET Web site

Extending security features

  • Security Extensibility in ASP.NET 4 (PDF) Whitepaper that reviews features introduced in ASP.NET 4 to allow you to extend security features, including pluggable encryption; interoperability of forms authentication between ASP.NET 4 and ASP.NET 2.0; security on inbound URLs, pluggable encoding for HTML and URLs; and pluggable request validation.

Working with Code Access Security (CAS)

Best Practices How-to topics

Performing a security review

Security videos

(All videos are on external Web sites.)