ASP.NET Security Content Map

2014-12-04

This ASP.NET Security section includes topics that show you how to improve the security of a Web site or Web project. The topics provide information and code examples that illustrate security methods for ASP.NET Web sites and Web projects.

Scenario	Topics
Getting started	Basic Security Practices for Web Applications
Common security threats and their mitigation	Overview of Web Application Security Threats
Security architecture	ASP.NET Security Architecture
Authentication (obtaining identification credentials)	Managing Users by Using Membership Walkthrough: Creating a Web Site with Membership and User Login Windows Communication Foundation Authentication Service Overview ASP.NET Forms Authentication Overview How to: Implement Simple Forms Authentication How To Implement Forms-Based Authentication in Your ASP.NET Application by Using C# .NET (on the Microsoft Help and Support Web site) Windows Authentication Provider Forms Authentication Provider
Authorization (controlling access to resources)	Managing Authorization Using Roles Understanding Role Management Windows Communication Foundation Role Service Overview Walkthrough: Managing Web Site Users with Roles Role Management Providers
Accessing authentication and authorization data using a web service	ASP.NET Application Services Overview Walkthrough: Using ASP.NET Application Services
ASP.NET impersonation	ASP.NET Impersonation
Encrypting connection strings and other configuration information	Encrypting and Decrypting Configuration Sections Walkthrough: Encrypting Configuration Information Using Protected Configuration
Guarding against scripting exploits	Script Exploits Overview How to: Protect Against Script Exploits in a Web Application by Applying HTML Encoding to Strings How Do I: Prevent a Cross Site Request Forgery Security Flaw in an ASP.NET Application? (on the MSDN Web site)
Securing data connections	Securing Data Access in ASP.NET Accessing SQL Server from a Web Application
Securing hosted Web sites	ASP.NET Application Security in Hosted Environments How To: Secure an ASP.NET Application on a Shared Server
Locking down an ASP.NET Web site	Limiting Access to ASP.NET Web Sites HOW TO: Lock Down an ASP.NET Web Application or Web Service (on the Microsoft Help and Support Web site).
Extending security features	Security Extensibility in ASP.NET 4 (PDF) Whitepaper that reviews features introduced in ASP.NET 4 to allow you to extend security features, including pluggable encryption; interoperability of forms authentication between ASP.NET 4 and ASP.NET 2.0; security on inbound URLs, pluggable encoding for HTML and URLs; and pluggable request validation.
Working with Code Access Security (CAS)	Code Access Security Basics What is New in ASP.NET 4.0 Code Access Security (entry in the ASP.NET QA team blog)
Best Practices How-to topics	Patterns and Practices: Security How to topics index (on the MSDN Web site)
Performing a security review	How To: Perform a Security Deployment Review for ASP.NET 2.0
Security videos (All videos are on external Web sites.)	Web Application Security with Keith Brown ASP.NET: Security Tips & Tricks for ASP.NET Developers Best Practices: A Look at Developer ASP.NET AJAX Security Mistakes How Do I: Secure my Site using Membership and Roles? Securing your Web Site with Membership and Login Controls