ASP.NET Web Site Security
Security is a vital aspect of your ASP.NET Web applications. The topics in this section provide background information on security issues that arise in Web applications, on mitigating common security threats, protecting resources in your application, and on authenticating and authorizing individual users.
The topics in this section provide guidance on how to improve the security of your application through user authentication, authorization, data encryption, and more.
There are numerous threats and countermeasures to apply when securing an ASP.NET application. It is strongly recommended that you review and apply the guidance and checklists provided in the articles Improving Web Application Security: Threats and Countermeasures and Building Secure ASP.NET Applications: Authentication, Authorization, and Secure Communication on the Microsoft Patterns and Practices Web site.
In This Section
- Getting Started - Security Considerations for ASP.NET Applications
Provides background information on security issues in Web applications and strategies for mitigating them.
- ASP.NET Web Application Security
Provides information on the security infrastructure in ASP.NET, and on ASP.NET features for authentication, authorization, and process impersonation.
- Managing Users by Using Membership
Provides information on ASP.NET controls and tools that you can use to build login pages and to authenticate users.
- Managing Authorization Using Roles
Provides information on how to give different users permissions to perform different tasks in your application.
- Encrypting Configuration Information Using Protected Configuration
Provides information on how to use encryption to protect information (such as connection strings) that you store in the application's configuration file.
- Code Access Security Basics
Describes code access security and its most common uses.