Export (0) Print
Expand All

Secure Client Applications (ADO.NET)

Applications typically consist of many parts that must all be protected from vulnerabilities that could result in data loss or otherwise compromise the system. Creating secure user interfaces can prevent many problems by blocking attackers before they can access data or system resources.

When constructing an application that accesses data, you should assume that all user input is malicious until proven otherwise. Failure to do so can leave your application vulnerable to attack. The .NET Framework contains classes to help you enforce a domain of values for input controls, such as limiting the number of characters that can be entered. Event hooks allow you to write procedures to check the validity of values. User input data can be validated and strongly typed, limiting an application's exposure to script and SQL injection exploits.

Security noteSecurity Note:

You must also validate user input at the data source as well as in the client application. An attacker may choose to circumvent your application and attack the data source directly.

Security and User Input

Describes how to handle subtle and potentially dangerous bugs involving user input.

Validating User Input in ASP.NET Web Pages

Overview of validating user input using ASP.NET validation controls.

User Input in Windows Forms

Provides links and information for validating mouse and keyboard input in a Windows Forms application.

.NET Framework Regular Expressions

Describes how to use the Regex class to check the validity of user input.

In the past, Windows applications generally ran with full permissions. The .NET Framework provides the infrastructure to restrict code executing in a Windows application by using code access security (CAS). However, CAS alone is not enough to protect your application.

Windows Forms Security

Discusses how to secure Windows Forms applications and provides links to related topics.

Windows Forms and Unmanaged Applications

Describes how to interact with unmanaged applications in a Windows Forms application.

ClickOnce Deployment for Windows Forms Applications

Describes how to use ClickOnce deployment in a Windows Forms application and discusses the security implications.

ASP.NET applications generally need to restrict access to some portions of the Web site and provide other mechanisms for data protection and site security. These links provide useful information for securing your ASP.NET application.

An XML Web service provides data that can be consumed by an ASP.NET application, a Windows Forms application, or another Web service. You need to manage security for the Web service itself as well as security for the client application.

For more information, see the following resources.

Resource

Description

Securing ASP.NET Web Sites

Discusses how to secure ASP.NET applications.

Securing XML Web Services Created Using ASP.NET

Discusses how to implement security for an ASP.NET Web Service.

Script Exploits Overview

Discusses how to guard against a script exploit attack, which attempts to insert malicious characters into a Web page.

Basic Security Practices for ASP.NET Web Applications

General security information and links to further discussion,

.NET remoting enables you to build widely distributed applications easily, whether the application components are all on one computer or spread out across the entire world. You can build client applications that use objects in other processes on the same computer or on any other computer that is reachable over its network. You can also use .NET remoting to communicate with other application domains in the same process.

Resource

Description

Configuration of Remote Applications

Discusses how to configure remoting applications in order to avoid common problems.

Security in Remoting

Describes authentication and encryption as well as additional security topics relevant to remoting.

Security and Remoting Considerations

Describes security issues with protected objects and application domain crossing.

Community Additions

ADD
Show:
© 2014 Microsoft