This documentation is archived and is not being maintained.

Creating Secure User Interfaces 

Applications typically consist of many parts that all must be protected from vulnerabilities that could result in data loss or otherwise compromise the system. Creating secure user interfaces can prevent many problems by blocking attackers before they can access data or system resources.

Securing Windows Applications

In the past, Windows applications generally ran with full permissions. The .NET Framework provides the infrastructure to restrict code executing in a Windows application by using code access security (CAS). However, CAS alone is not enough to protect your application.

Windows Forms Security

Discusses how to secure Windows Forms applications and provides links to related topics.

More Secure File and Data Access in Windows Forms

Discusses how to access files and data from a Windows Forms application in a partially trusted environment.

Windows Forms and Unmanaged Applications

Describes how to interact with unmanaged applications in a Windows Forms application.

ClickOnce Deployment for Windows Forms Applications,

Describes how to use ClickOnce deployment in a Windows Forms application and discusses the security implications.

Securing ASP.NET Applications

ASP.NET applications generally need to restrict access to some portions of the Web site and provide other mechanisms for data protection and site security. These links provide useful information for securing your ASP.NET application.

ASP.NET Web Site Security

Discusses how to secure ASP.NET applications. It contains links to the following topics.

ASP.NET Web Application Security

Discusses how ASP.NET security works and covers secure design as well as security in a hosted environment.

Basic Security Practices for Web Applications

Discusses minimum-security guidelines that apply to all Web applications.

Securing XML Web Services Created Using ASP.NET

Discusses how to implement security for an ASP.NET Web Service.

Improving Web Application Security

MSDN content discussing many different aspects of Web application security.

Building Secure ASP.NET Applications

MSDN content discussing many different aspects of Web application security.

Validating User Input

When constructing an application that accesses data, you should assume that all user input is malicious until proven otherwise. Failure to do so can leave your application vulnerable to attack. The .NET Framework contains classes to help you enforce a domain of values for input controls, such as limiting the number of characters that can be entered. Event hooks allow you to write procedures to check the validity of values. User input data can be validated and strongly typed, limiting an application's exposure to script and SQL injection exploits. However, you should not assume that validating user input can secure your application. You must also secure your data source and validate all input. For more information, see SQL Server Books Online or the documentation for your data source.

Security and User Input

Describes how to handle subtle and potentially dangerous bugs involving user input.

Validating User Input in ASP.NET Web Pages

Overview of validating user input in an ASP.NET application.

Validation ASP.NET Controls

Describes how to use ASP.NET validation controls to verify user input and, if necessary, display messages to the user.

Types of Validation for ASP.NET Server Controls

Lists the available validation controls and provides links describing how to use them.

User Input in Windows Forms

Provides links and information for validating mouse and keyboard input in a Windows Forms application.

User Input Validation in Windows Forms

Describes how to validate user input in a Windows Forms application.

.NET Framework Regular Expressions

Describes how to use the Regex class to check the validity of user input.

Mapping Data Provider Data Types to .NET Framework Data Types

Describes how to map .NET data types to provider-specific data types.

Visual Studio Tools for Office

Microsoft Visual Studio 2005 Tools for the Microsoft Office System allows you to extend Microsoft Word 2003, Microsoft Excel® 2003, and Microsoft Outlook® 2003 by creating solutions using Visual Basic and Visual C#. It incorporates the security features available in the .NET Framework, with additional restricted application domain-level policy that prevents code from running until it is explicitly granted permission. For more information, see Security in Office Solutions.

See Also