This page links to help on important information about securing your Web site. To view other categories of popular tasks covered in Help, see How Do I in Visual Web Developer.
- Walkthrough: Creating a Web Site with Membership and User Login
Provides a tutorial on adding Web site security using ASP.NET features to add a login page, authentication, and authorization.
- Walkthrough: Managing Web Site Users with Roles
Provides a tutorial on assigning users to roles and securing resources based on roles.
- Walkthrough: Encrypting Configuration Information Using Protected Configuration
Provides a tutorial on encrypting a portion of the Web.config file to protect sensitive information.
- Securing Membership
Provides guidelines for improving the security of ASP.NET membership to create and manage users.
- Securing Standard Controls
Provides guidelines for improving the security of form controls such as the AdRotator, TextBox, and ListBox controls.
- Securing Roles
Provides guidelines for improving the security of using ASP.NET roles to manage authorization.
- Securing ASP.NET Site Navigation
Provides guidelines for improving the security of site maps and navigation controls.
- Securing Browser Definition Files
Provides guidelines for improving the security of the .browser files in which information about capabilities of individual browsers is stored.
- Securing Data Access
Provides guidelines for improving the security of data access in ASP.NET Web applications.
- Securing Login Controls
Provides guidelines for improving the security of any Login, CreateUserWizard, PasswordRecovery, and other login controls in your Web site.
- Securing Profile Properties
Provides guidelines for improving the security of using ASP.NET profiles to create and manage user-specific information.
- Securing Web Parts Pages
Provides guidelines for improving the security of ASP.NET Web pages that users can customize in their browser.
- Securing Session State
Provides guidelines for improving the security of storing user-specific information in server memory.
- Securing ASP.NET Configuration
Provides guidelines for improving the security of .NET Framework configuration files.
General Security Practices
- Basic Security Practices for Web Applications
Provides general information on security issues and security practices that apply to all Web sites.
- Storing Sensitive Information Using ASP.NET
Provides guidelines for helping keep passwords and other sensitive information secure.
- How to: Protect Against Script Exploits in a Web Application by Applying HTML Encoding to Strings
Provides steps for preventing malicious users from forcing unwanted code to run in your Web application.
- How to: Display Safe Error Messages
Provides steps for configuring your Web application for proper error handling and for displaying error messages that do not disclose sensitive information.
- Configuring ASP.NET Process Identity
Provides information about configuring your Web application to run as a specific Windows user identity.
- How to: Build and Run the Protected Configuration Provider Example
Provides steps for creating a custom encryption component for encrypting configuration elements.
- How to: Create an ASP.NET Login Page
Provides steps for creating an ASP.NET Web page that uses the Login control to authenticate users through ASP.NET membership.
- How to: Add a LoginStatus Button to an ASP.NET Web Page
Provides steps for adding a link to pages that helps users log in and out of your Web application.
- How to: Use Advanced Features of the ASP.NET Login Control
Provides steps for changing the default appearance of the Login control.
- How to: Use Advanced Features of the ASP.NET Login Control
Provides steps for customizing the behavior of the Login control.
- How to: Enable User Registration
Provides steps for enabling users to register on your Web site using the CreateUserWizard control and ASP.NET membership.
- How to: Display the Name of the Current User
Provides steps for using the LoginName control to display the user's logged-in name (or a login link).
- How to: Display Different Information to Anonymous and Logged In Users
Provides steps for using the LoginView control to create one display for logged-in users and a different one for users who are not yet logged in.
- How to: Enable User Password Recovery Using the ASP.NET PasswordRecovery Control
Provides steps for using the PasswordRecovery control to enable users to have a new or recovered password e-mailed to them.
- How to: Customize the PasswordRecovery Control
Provides steps for changing the default appearance of the PasswordRecovery control.
- How to: Implement Simple Forms Authentication
Provides steps for creating a custom authentication system where you create your own login page and authentication logic.
- How to: Sample Membership Provider Implementation
Provides steps for creating a custom provider to create and manage membership information.
- How to: Sample Role-Provider Implementation
Provides steps for creating a custom provider to create and manage role information.
- Securing Data Access
Provides guidelines for improving the security of data access in ASP.NET Web applications.
- How To: Secure Connection Strings when Using Data Source Controls
Provides steps for encrypting connection strings for database access.
- How to: Access SQL Server as a Local User
Provides steps for configuring your application to log into Microsoft SQL Server on the same computer as the Web server.
- How to: Access SQL Server Using a Mapped Windows Domain User
Provides steps for configuring your application to log into SQL Server using a specific Windows user account.
- How to: Access SQL Server Using Predetermined Credentials
Provides steps for configuring your application to log into SQL Server using a user name and password that you build into your application.
- How to: Access SQL Server Using Windows Integrated Security
Provides steps for configuring your application to log into SQL Server with the user's current Windows user account information.
Concepts