Securing ASP.NET Web Sites

Security is a very important aspect of ASP.NET Web applications. The topics in this section provide background information about security issues that occur in Web applications. The topics include information about how to mitigate common security threats, how to protect resources in a Web application, and about how to authenticate and authorize individual users.

The topics in this section provide guidance on how to improve the security of your application through user authentication, authorization, data encryption, and more.


There are many threats and countermeasures to apply when you secure an ASP.NET application. We strongly recommend that you review and apply the guidance and checklists provided in the articles Improving Web Application Security: Threats and Countermeasures and Building Secure ASP.NET Applications: Authentication, Authorization, and Secure Communication on the Microsoft Patterns and Practices Web site.

ASP.NET Web Application Security

Provides information about the security infrastructure in ASP.NET, and on ASP.NET features for authentication, authorization, and process impersonation.

Managing Users by Using Membership

Provides information about ASP.NET controls and tools that you can use to build login pages and to authenticate users.

Managing Authorization Using Roles

Provides information about how to give different users permissions to perform different tasks in your application.

Encrypting Configuration Information Using Protected Configuration

Provides information about how to use encryption to protect information (such as connection strings) that you store in the application's configuration file.

Walkthrough: Managing Web Site Users with Roles

Describes how to create a Web application that assigns users to roles that restrict their Web-site usage.

Walkthrough: Creating a Web Site with Membership and User Login

Describes how to create a Web site that requires users to log in.

Windows Communication Foundation Authentication Service Overview

Describes how to use Windows Communication Foundation (WCF) to authenticate users of a Web site.

Windows Communication Foundation Role Service Overview

Describes how to use WCF to provide a role service for a Web site.

Code Access Security Basics

Describes code access security and its most common uses.