ASP.NET 2.0 Moves User Authentication One Step Forward
ASP.NET 2.0 provides new classes, methods, and controls that make implementing authentication easy. Learn how to apply the authentication functionalities of the Membership class and its methods into ASP.NET applications.
ASP.NET 2.0 Security
I've been using "Whidbey" Alpha for months now and have been champing at the bit to write an article that explores some of the biggest changes included in ASP.NET 2.0. With last week's release of the beta, I figure now's the time to get started!
Encrypting Connection Strings in Web.config
One of the best practices in ASP.NET is to save your database connection strings in the Web.config file instead of hard-coding it in your code. It's not such a good idea to save your connection strings as plain text in Web.config you should ideally encrypt the connection strings so it leaves no chance for a potential hacker to easily get more information about your database server. In ASP.NET 2.0, Microsoft has taken this further by allowing you to encrypt the connection strings in Web.config, all without much plumbing on your part. In this new article by Wei-Meng Lee, he shows you how it works!
Extending ASP.NET 2.0 security
The current implementation of ASP.NET 2.0's security is great and I have fallen in love with it, but it's still too limited. I will show you how to extend ASP.NET 2.0's security using a custom HTTP Handler and your existing Web.sitemap.
How to Protect Your Application Against Parameter Injection
Securing your web application against the hackers of the world is a difficult task. Authentication mechanisms, sessionIds, and user accounts are a few of the options that are available to you for your efforts. However, the most common technique of remotely manipulating an application is parameter injection.
Manage Custom Security Credentials the Smart (Client) Way
By default, you can only manage the security credentials of the SQL Server database that ships with ASP.NET 2.0 using a local instance of Visual Studio 2005. This article shows how to extend the management capabilities by wrapping the ASP.NET 2.0 providers with a Web service and using a Windows Forms application to manage the credentials store.
Using the New Security Controls in ASP.NET 2.0
ASP.NET 2.0 adds many security enhancements to make building Web sites that handle passwords (for example) much easier by providing encryption features in the controls right out of the box.
