Export (0) Print
Expand All
4 out of 4 rated this helpful - Rate this topic

How ASP.NET Security Works

Securing Web sites is a critical, complex issue for Web developers. Protecting a site requires careful planning, and Web site administrators and programmers must have a clear understanding of the options for securing their site.

ASP.NET works in concert with the Microsoft .NET Framework and Microsoft Internet Information Services (IIS) to help provide Web application security. To help protect your ASP.NET application, you should perform the two fundamental functions described in the following table.

Security function

Description

Authentication

Helps to verify that the user is, in fact, who the user claims to be. The application obtains credentials (various forms of identification, such as name and password) from a user and validates those credentials against some authority. If the credentials are valid, the entity that submitted the credentials is considered an authenticated identity.

Authorization

Limits access rights by granting or denying specific permissions to an authenticated identity.

IIS can also grant or deny access based on a user's host name or IP address. Any further access authorization is performed by NTFS file access permission's URL authorization.

It is helpful to understand how all the various security subsystems interact. Since ASP.NET is built on the Microsoft .NET Framework, the ASP.NET application developer also has access to all the built-in security features of the .NET Framework, such as code access security and role-based user-access security. For details about the security capabilities of ASP.NET, see ASP.NET Code Access Security.

Security in the .NET Framework

Provides general information about security features of the .NET Framework.

Code Access Security

Provides information on ways to help secure connections to data sources such as databases.

Code Access Security

Provides information on code access security in the .NET Framework.

ASP.NET Application Security in Hosted Environments

Provides information about how to configure ASP.NET and the ASP.NET environment to improve the security of your ASP.NET application Web server.

Did you find this helpful?
(1500 characters remaining)
Thank you for your feedback

Community Additions

ADD
Show:
© 2014 Microsoft. All rights reserved.