Building Secure Microsoft® ASP.NET Applications

Microsoft Corporation

Building secure distributed Web applications can be challenging. It usually involves integrating several different technologies and products—yet your complete application will only be as secure as its weakest link. This guide presents a practical, scenario-driven approach to designing and building security-enhanced ASP.NET applications for Microsoft® Windows® 2000 and version 1.1 of the Microsoft .NET Framework. It focuses on the key elements of authentication, authorization, and secure communication within and across the tiers of distributed .NET Web applications. This guide focuses on: Authentication—to identify the clients of your application Authorization—to provide access controls for those clients Secure communication—to help ensure that messages remain private and are not altered by unauthorized parties Who should read this guide: Middleware developers and architects who build or plan to build .NET Web applications using ASP.NET, XML Web Services, Enterprise Services (COM+), .NET Remoting, or Microsoft ADO.NET About “Patterns and Practices”: Patterns & Practices contain specific recommendations illustrating how to design, build, deploy, and operate architecturally sound solutions to challenging business and technical scenarios. The technical guidance is reviewed and approved by Microsoft engineering teams, consultants, and Product Support Services, and by partners and customers. Note: Includes complete sample on the Web.

Published by Microsoft Press