| .NET Security |
| C# Corner |
| I basically wanted to programmatically check whether the user had the relevant permissions by accessing their windows account. Fortunately, .NET provides this through the System.Security.Principal namespace. I also wanted to deny access to particular drives - this is done through the namespace System.Security.Permissions. |
|
| An Introductory Guide to Building and Deploying More Secure Sites with ASP.NET and IIS |
| MSDN |
| ASP.NET and Microsoft Internet Information Services (IIS) work together to make building secure Web sites a breeze. But to do it right, you have to know how the two interrelate and what options they provide for securing access to a Web site's resources. This article, the first in a two-part series, explains the ABCs of Web security as seen through the eyes of ASP.NET and includes a hands-on tutorial demonstrating Windows authentication and ACL authorizations. A range of security measures and authentication methods are discussed, including basic authentication, digest authentication, and role-based security. |
|
| Authentication in ASP.NET: .NET Security Guidance |
| MSDN |
| This article discusses the importance of security considerations when designing a server application. Both Microsoft Internet Information Services (IIS) and ASP.NET provide security models that will allow you to authenticate your users appropriately and obtain the correct security context within your application. |
|
| Custom Security Implementation |
| C#Today |
| In the previous articles in this series, we have discussed the security architectures and schemes available to developers in the .NET framework. Code access security and role based security are the two main types of security available to developers. In this article, Kaushal Sanghavi explores .NETs support for building a custom security scheme by implementing our own identity and principal classes that rely on user information stored in a database. In the previous article on Custom Security Permissions, we focused on Code Access Security, while in this article we focus on extending .NETs support for Role Based Security. |
|
| High-Performance .NET Application Development & Architecture |
| DotNetJunkies |
| It has always been a goal of project architects to plan an effective strategy from the ground up in regards to an new application. All relevant factors are taken into consideration with respect to the application, from its design and layout to a functional website infrastructure. |
|
| How to validate Windows user rights in a Visual Basic .NET application |
| http://www.kbalertz.com/ |
| (841699) - Describes how to verify the user's Windows user account and password in a Visual Basic .NET application. Uses the LogonUser Win32 API to verify the user name and password. |
|
| How to validate Windows user rights in a Visual Basic .NET application |
| http://www.kbalertz.com/ |
| (841699) - Describes how to verify the user's Windows user account and password in a Visual Basic .NET application. Uses the LogonUser Win32 API to verify the user name and password. |
|
| Implementing .NET Role-Based Security without COM+ |
| Egg Head Cafe |
| Security is important. Most developers don't like security. It requires a lot of thought. It requires study. Most developers would rather just "write code", and leave security to "somebody else". Unfortunately, if you are a developer and your job is to produce an application, then guess who that "somebody else" usually is? It's YOU. Even behemoth Microsoft got the message loud and clear. They've made security the single most important thing, above everything else. Wanna know why .NET Server, which was supposed to be released back in March, is delayed until the third quarter? Security! They weren't satisfied, and so they went back to the drawing board, so to speak. And its for real, too. The Microsoft insiders with whom I am privileged to speak with from time to time are totally focused on security. |
|
| Implementing Role-Based Security with ASP.NET |
| 4Guys from Rolla |
| In my previous article, I demonstrated how authentication providers can be used to manage the process of authenticating users. I also showed that classes and methods exist within the .NET Framework that can be used to inspect the basic attributes of a current user. In this article, I will extend upon that base, by showing how the .NET Framework provides support for the implementation of role based security. |
|
| Securing Your .NET Web Services |
| DotNetJunkies |
| In this article, Mike explains the basics of IIS and ASP.NET security, and shows how Forms Authentication can be used to help secure Web Services. |
|
| Unify the Role-Based Security Models for Enterprise and Application Domains with .NET |
| MSDN |
| Role-based security allows administrators to assign access permissions to users based on the roles they play rather than on their individual identities. These privileges can be used to control access to objects and methods, and are easier to identify and maintain than user-based security. The .NET Framework provides two role-based security models, which are exposed as two namespaces: System.Enterprise-Services and System.Security.Permissions. Presented here is a comparison of the two options and a discussion of when each is the right choice. The author also demonstrates the process involved in setting up access security and discusses role memberships. |
|
| Using Web Services Instead of DCOM |
| MSDN |
| This document examines the advantages of using XML Web services over DCOM and demonstrates how to implement an XML Web service and consume it with a Microsoft .NET client application |
|
