ASP.NET, in conjunction with Microsoft Internet Information Services (IIS), can authenticate user credentials such as names and passwords using any of the following authentication methods:
Windows: Basic, digest, or Integrated Windows Authentication (NTLM or Kerberos).
Forms authentication, in which you create a login page and manage authentication in your application.
Client Certificate authentication
ASP.NET controls access to site information by comparing authenticated credentials, or representations of them, to NTFS file system permissions or to an XML file that lists authorized users, authorized roles (groups), or authorized HTTP verbs.
This section contains topic that describe the specifics of ASP.NET security.
- How ASP.NET Security Works
- Overview of Web Application Security Threats
- Basic Security Practices for Web Applications
- Storing Sensitive Information Using ASP.NET
- Limiting Access to ASP.NET Web Sites
- Script Exploits Overview
- How to: Display Safe Error Messages
- Accessing SQL Server from a Web Application
- Web Application Security at Run Time
- ASP.NET Application Security in Hosted Environments
- System.Web.Security
Describes the classes you need for ASP.NET security features.
- Securing ASP.NET Web Sites
Describes common types of Web site security attacks and how to help prevent them.
- Security in the .NET Framework
Describes general .NET Framework security concepts, services, and best practices.