Building Secure ASP.NET Applications: Authentication, Authorization, and Secure Communication

Retired Content
This content is outdated and is no longer being maintained. It is provided as a courtesy for individuals who are still using these technologies. This page may contain URLs that were valid when originally published, but now link to sites or pages that no longer exist.

 

Reference Hub

J.D. Meier, Alex Mackman, Michael Dunner, and Srinath Vasireddy
Microsoft Corporation

Published: November 2002

Last Revised: January 2006

Applies to:

• Microsoft® ASP.NET

See the "patterns & practices Security Guidance for Applications Index" for links to additional security resources.

See the Landing Page for the starting point and a complete overview of Building Secure ASP.NET Applications.

Summary: This section provides a series of reference links to articles, support roadmaps, and technology hubs that relate to the core areas covered by the Building Secure ASP.NET Applications guide. Use this section to help locate additional background reading and useful articles. (9 printed pages)

Contents

Searching the Knowledge Base
.NET Security
Active Directory
ADO.NET
ASP.NET
Enterprise Services
IIS (Internet Information Server)
Remoting
SQL Server
Visual Studio .NET
Web ServicesWindows 2000
Windows 2003

This section has a consolidated set of pointers for the following:

• MSDN articles and hubs from MSDN
• Knowledge Base articles and roadmaps for support from Microsoft Help and Support
• Articles and hubs from Microsoft.com
• Seminars from Microsoft Events and Webcasts
• Microsoft Support WebCasts
• How To articles on MSDN
• Articles and resources on GotDotNet

Searching the Knowledge Base

You can search the Microsoft Knowledge Base from two locations:

• Directly from Microsoft Help and Support
• Indirectly from the MSDN Home page

When you search the Knowledge Base, you can supplement your search with keywords to help refine the articles that appear as a result of your search.

The following example uses the support search site, but similar concepts apply when searching from the MSDN Home page.

To search the Knowledge Base from https://support.microsoft.com

1. In the Search the Knowledge Base box, select All Microsoft Search Topics (the default selection).
2. In the For solutions containing (optional) box, type your search criteria. You can use a combination of Knowledge Base keywords and search criteria.

The following list shows some example Knowledge Base keywords:

• kbAspNet returns ASP.NET articles.
• kbAspNet kbSecurity returns ASP.NET articles that discuss security issues.
• kbAspNet impersonation returns ASP.NET articles that discuss impersonation. Note that impersonation is not a keyword; it is simply an additional search criterion, which helps to refine the search.

Tips

• To access additional search options, click Advanced Search.
• To make sure the search includes all of the words you enter, click All of the words entered in the Using field.
• To limit the age of articles returned from the search, select a value from the Modified: field.
• To show search results from more categories than the default, select categories from the Categories: field.

You may find the following Knowledge Base keywords helpful:

• Security: kbSecurity
• Roadmaps: kbArtTypeRoadmap
• How Tos: kbHowToMaster

You can use the preceding keywords in conjunction with the following technology and product keywords:

• ADO.NET: kbAdoNet
• ASP.NET: kbAspNet
• Web Services: kbWebServices
• Remoting: kbRemoting

.NET Security

Hubs

• MSDN: .NET Security
• GotDotNet: About .NET Security
• MSDN: patterns & practices Security Guidance for Applications Index
• MSDN: .Net Security Hub

Active Directory

Hubs

• Microsoft.com: Active Directory
• MSDN: Directory and Identity Services

Key Notes

• Transitive trust is always available between domains in the same forest. Only "external trusts," which are not transitive, are available in separate forests in Windows 2000.
• Active Directory installations in perimeter networks (also known as DMZ, demilitarized zones, and screened subnets) should always be in a separate forest, not just a separate domain. The forest is the security boundary. This concept is illustrated in Chapter 6: Extranet Security.
• If you need more than 5,000 members in a group then you need either .NET Server (which supports direct group membership of arbitrary sizes) or nested groups. The Commerce Server 2000 Software Development Kit (SDK) uses nested groups. However, the SDK is not required.

Articles

• Active Directory Extranet Adoption Fueled by Internet Scalability and Rapid Return on Investment
• Netegrity SiteMinder 4.61 with Microsoft Active Directory AuthMark Performance

ADO.NET

Roadmaps and Overviews

• INFO: Roadmap for Using ADO in .NET (Q 308044)
• INFO: Roadmap for ADO.NET DataSet Objects and XML Web Services (Q313648)

Seminars and WebCasts

• Microsoft Events and Webcasts

ASP.NET

Hubs

• MSDN: Microsoft ASP.NET Developer Center
• [Content link no longer available, original URL:"https://support.microsoft.com/default.aspx?scid=fh;EN-US;aspnet"] Support: ASP.NET Support Center

Roadmaps and Overviews

• INFO: ASP.NET Roadmap (Q305140)
• INFO: ASP.NET Security Overview (Q306590)
• INFO: ASP.NET HTTP Modules and HTTP Handlers Overview (Q307985)
• INFO: ASP.NET Configuration Overview (Q307626)

Knowledge Base

The following keywords help retrieve ASP.NET articles:

• Show ASP.NET articles: kbAspNet
• Show ASP.NET articles related to security: kbAspNet kbSecurity

Articles

• Managed Security Context in ASP.NET

How Tos

• HOW TO: Secure ASP.NET Application Using Client-Side Certificates (Q315588)
• HOW TO: Secure an ASP.NET Application by Using Windows Security (Q315736)
• HOW TO: Implement Role-Based Security in ASP.NET App by Using C# (Q311495)
• HOW TO: Create Keys with Visual Basic .NET for Use in Forms Authentication (Q313091)
• HOW TO: Create Keys by using C# .NET for Use in Forms Authentication (Q312906)
• HOW TO: Control Authorization Permissions in ASP.NET Application (Q316871)
• HOW TO: Implement Role-Based Security with Forms-Based Authentication in Your ASP.NET Application by Using Visual Basic .NET (Q306238)
• patterns & practices Security How Tos Index

For more ASP.NET related How Tos, you can search using the following KB keywords:

• kbAspNet
• kbHowToMaster

Enterprise Services

Roadmaps and Overviews

• INFO: Roadmap for .NET Enterprise Services (Q308672)
• Serviced Component Overview
• COM+ Integration: How .NET Enterprise Services Can Help You Build Distributed Applications
• Understanding Enterprise Services (COM+) in .NET

How Tos

• HOW TO: Create a Serviced Component in Visual C# .NET (Q305683)

FAQs

• GotDotNet.com: Enterprise Services FAQ

Seminars and WebCasts

• Support WebCast: Microsoft COM+ and the Microsoft .NET Framework
• Support WebCast: COM Threading and Application Architecture in COM+ Applications

IIS (Internet Information Server)

Hubs

• Microsoft.com: IIS
• Support: IIS 5 Support Center
• Support: Microsoft Internet Information Services 6.0 Solutions Center

Remoting

Roadmaps and Overviews

• An Introduction to Microsoft .NET Remoting Framework
• Microsoft .NET Remoting: A Technical Overview

How Tos

• Remoting Basic and Advanced samples

Seminars and WebCasts

• Develop Distributed Applications using Microsoft .NET Remoting
• Support WebCast: Microsoft .NET Framework: .NET Remoting Essentials

SQL Server

Hubs

• MSDN: SQL Server
• Support: SQL Server Support Center

Seminars and WebCasts

• Microsoft SQL Server 2000: How to Configure SSL Encryption

Visual Studio .NET

Hubs

• Help and Support: Visual Studio .NET Support Center
• Support: Microsoft Visual Studio 2005 Solutions Center

Roadmaps and Overviews:

• HOW TO: Use the Key Productivity Features in Visual Studio .NET (Q318205
• Microsoft Visual Studio 2005 How To Articles

Web Services

Hubs

• MSDN.Microsoft.com: Web Services

Roadmaps and Overviews

• INFO: Roadmap for ADO.NET DataSet Objects and XML Web Services (Q313648)

• INFO: Roadmap for XML Serialization in the .NET Framework (Q314150)

• INFO: Roadmap for XML in the .NET Framework (Q313651)

• XML Web Services Developer Center

• House of Web Services:

  Moving to .NET and Web Services

  The Continuing Challenges of XML Web Services

How Tos

• HOW TO: Secure XML Web Services with SSL in Windows 2000 (Q307267)

WebCasts and Seminars

• Support WebCast: Microsoft ASP.NET: Advanced XML Web Services Using ASP.NET
• Support WebCast: Microsoft .NET: Introduction to Web Services

Search Online Microsoft Events and Webcasts for:

• How to Migrate Windows DNA Applications to .NET and XML Web Services
• XML Web Services—Authoring, Consuming, Testing and Deploying
• Best Practices for Building Web Services with Microsoft Visual Studio .NET
• Advanced Web Services

Windows 2000

Hubs

• Microsoft.com: Windows 2000
• [Content link no longer available, original URL:"https://support.microsoft.com/default.aspx?scid=fh;EN-US;win2000"] Microsoft Help and Support: Windows 2000 Support Center
• MSDN: Windows 2000
• Microsoft TechNet: Windows 2000 Server

Windows 2003

• Microsoft.com: Windows 2003
• Microsoft Help and Support: Windows 2003 Support Center
• MSDN: Windows 2003
• Microsoft TechNet: Windows 2003 Server

Retired Content
This content is outdated and is no longer being maintained. It is provided as a courtesy for individuals who are still using these technologies. This page may contain URLs that were valid when originally published, but now link to sites or pages that no longer exist.

© Microsoft Corporation. All rights reserved.