ASP.NET Web Application Security

This page is specific to

Microsoft Visual Studio 2008/.NET Framework 3.5

Other versions are also available for the following:

ASP.NET

ASP.NET Web Application Security

Updated: November 2007

ASP.NET, in conjunction with Microsoft Internet Information Services (IIS), can authenticate user credentials such as names and passwords using any of the following authentication methods:

Windows: Basic, digest, or Integrated Windows Authentication (NTLM or Kerberos).
Forms authentication, in which you create a login page and manage authentication in your application.
Client Certificate authentication

ASP.NET controls access to site information by comparing authenticated credentials, or representations of them, to NTFS file system permissions or to an XML file that lists authorized users, authorized roles (groups), or authorized HTTP verbs.

This section contains topic that describe the specifics of ASP.NET security.

In This Section

How ASP.NET Security Works
Overview of Web Application Security Threats
Basic Security Practices for Web Applications
Storing Sensitive Information Using ASP.NET
Limiting Access to ASP.NET Web Sites
Script Exploits Overview
How to: Display Safe Error Messages
Accessing SQL Server from a Web Application
Web Application Security at Run Time
ASP.NET Application Security in Hosted Environments

Reference

System.Web.Security: Describes the classes you need for ASP.NET security features.

Related Sections

Securing ASP.NET Web Sites: Describes common types of Web site security attacks and how to help prevent them.
Security in the .NET Framework: Describes general .NET Framework security concepts, services, and best practices.

Product Families

Resources

About Microsoft

Popular Places

Popular Searches

Popular Downloads