Building Secure ASP.NET Applications: Authentication, Authorization, and Secure Communication

Retired Content

This content is outdated and is no longer being maintained. It is provided as a courtesy for individuals who are still using these technologies. This page may contain URLs that were valid when originally published, but now link to sites or pages that no longer exist.

 

patterns & practices Developer Center

Base Configuration

J.D. Meier, Alex Mackman, Michael Dunner, and Srinath Vasireddy
Microsoft Corporation

Published: November 2002

Last Revised: January 2006

Applies to:

  • Microsoft® ASP.NET

See the "patterns & practices Security Guidance for Applications Index" for links to additional security resources.

See the Landing Page for the starting point and a complete overview of Building Secure ASP.NET Applications.

Summary: This document provides a table that illustrates the base software configuration used during the development and testing of the Building Secure ASP.NET Applications Guide. (2 printed pages)

Base ConfigurationNotes
Windows 2000 SP3
.NET Framework SP2
For more information, see the following Knowledge Base article: INFO: Determining Whether Service Packs Are Installed on .NET Framework.
Download .NET Framework Service Pack 2.
ASP.NETNotes
Running ASP.NET on a domain controllerIn general, it's not advisable to run your Web server on a domain controller, because a compromise of the machine is a compromise of the domain. If you need to run ASP.NET on a domain controller, you need to give the ASP.NET process account appropriate privileges as outlined in the following Knowledge Base article:
BUG: ASP.NET Does Not Work with the Default ASPNET Account on a Domain Controller.
ASP.NET Session State Security HotfixDownload ASP.NET Session State Security Hotfix.
MDACNotes
MDAC 2.6 is required by the .NET FrameworkVisual Studio .NET installs MDAC 2.7.
SQL Server 2000Notes
SQL Server 2000 SP2 

patterns & practices Developer Center

Retired Content

This content is outdated and is no longer being maintained. It is provided as a courtesy for individuals who are still using these technologies. This page may contain URLs that were valid when originally published, but now link to sites or pages that no longer exist.

Show: