ASP.NET Security Roadmap

This ASP.NET Security section includes topics that show you how to improve the security of a Web site or Web project. The topics in this section provide information and code examples that illustrate security methods for ASP.NET Web sites and Web projects. The topics include information about how to mitigate common security threats, how to protect resources in a Web application, and about how to authenticate and authorize individual users.

Note

There are many threats and countermeasures to apply when you secure an ASP.NET application. We strongly recommend that you review and apply the guidance and checklists provided in the articles Improving Web Application Security: Threats and Countermeasures and Building Secure ASP.NET Applications: Authentication, Authorization, and Secure Communication on the Microsoft Patterns and Practices Web site.

Getting started	Basic Security Practices for Web Applications
Common security threats and their mitigation	Overview of Web Application Security Threats
Security architecture	ASP.NET Security Architecture
Authentication (obtaining identification credentials)	Managing Users by Using Membership Walkthrough: Creating a Web Site with Membership and User Login Windows Communication Foundation Authentication Service Overview ASP.NET Forms Authentication Overview How to: Implement Simple Forms Authentication How To Implement Forms-Based Authentication in Your ASP.NET Application by Using C# .NET (on the Microsoft Help and Support Web site) Windows Authentication Provider Forms Authentication Provider
Authorization (controlling access to resources)	Managing Authorization Using Roles Understanding Role Management Windows Communication Foundation Role Service Overview Walkthrough: Managing Web Site Users with Roles Role Management Providers
ASP.NET impersonation	ASP.NET Impersonation
Encrypting connection strings and other configuration information	Encrypting and Decrypting Configuration Sections Walkthrough: Encrypting Configuration Information Using Protected Configuration
Guarding against scripting exploits	Script Exploits Overview How to: Protect Against Script Exploits in a Web Application by Applying HTML Encoding to Strings How Do I: Prevent a Cross Site Request Forgery Security Flaw in an ASP.NET Application? (on the MSDN Web site)
Securing data connections	Securing Data Access Accessing SQL Server from a Web Application
Securing hosted Web sites	ASP.NET Application Security in Hosted Environments How To: Secure an ASP.NET Application on a Shared Server
Locking down an ASP.NET Web site	Limiting Access to ASP.NET Web Sites HOW TO: Lock Down an ASP.NET Web Application or Web Service (on the Microsoft Help and Support Web site).
Best Practices How-to topics	Patterns and Practices: Security How to topics index (on the MSDN Web site)
Performing a security review	How To: Perform a Security Deployment Review for ASP.NET 2.0
Security videos (All videos are on external Web sites.)	Web Application Security with Keith Brown ASP.NET: Security Tips & Tricks for ASP.NET Developers Best Practices: A Look at Developer ASP.NET AJAX Security Mistakes How Do I: Secure my Site using Membership and Roles? Securing your Web Site with Membership and Login Controls

See Also

Concepts

Code Access Security Basics

Other Resources

Learning ASP.NET 3.5, Second Edition: Build Web Applications with ASP.NET 3.5, AJAX, LINQ, and More

C# 3.0 Cookbook, Third Edition: More than 250 solutions for C# 3.0 programmers

Change History

Date	History	Reason
July 2008	Added topic.	SP1 feature change.