Designing Secure Mobile Web Applications

Building secure Web sites is always a top priority. There are additional security considerations when building a mobile Web application that might communicate sensitive information over public data networks.

Authentication, authorization, and encryption are the three items you must consider for security in your Web applications. Authentication establishes the identity of a user. Authorization helps to control what the user can or cannot access. Encryption is the mechanism that helps to protect data as it passes between client and server.

ASP.NET mobile controls use the security infrastructure that is in place with Internet Information Services (IIS) and the Microsoft .NET Framework. For more in-depth discussion about encryption and authorization, consult the .NET Framework documentation and IIS documentation. The ASP.NET QuickStart, https://localhost/QuickStart, has an excellent introduction to security. It is a good place to start.

Additional security recommendations can be found in the Securing Applications and the ASP.NET Web Application Security sections of the .NET Framework SDK documentation.

In This Section

• Authentication Options for Mobile Devices
  Describes the additional complexities of authenticating mobile devices.
• Security and WAP Gateways
  Describes the security issues associated with using WAP gateways.
• Port Usage for Mobile Applications
  Describes the ports that effect ASP.NET model applications.

See Also

Secure Coding Guidelines | Securing ASP.NET Web Applications | RedirectFromLoginPage Method, MobileFormsAuthentication Class, SignOut Method | .NET Framework Cryptography Model | ObjectList Control | Accessing Data with ASP.NET | Accessing Data with ADO.NET | Inserting Data Into a SQL Database | Developing Mobile Web Applications | Application Developer's Guide | Inside the ASP.NET Mobile Controls | Passport Authentication Provider | RedirectFromLoginPage Methods