Securing a No Touch Deployed Smart Client Application
Our app will be deployed on all of our client's web servers.
My job is to make sure that our security measures are consistent with what is considered acceptable in the industry and to put the responsibility (of sharing their data over the web) on our clients, not me.
If a client decides to make their data accessible to the Internet then they assume the responsibilities for that. I need to make sure that our application does not add to that vulnerability and I need to make sure that I give them the user authentication tools necessary to prevent unauthorized access from their current or former employees.
Now, I am a windows forms developer. I did some ASP 3-4 years ago, but to be honest I am no guru at securing a web server. The docs taught me how to set up my dlls so they can be deployed over the web.
What I need to learn now is how to secure their deployment to only authorized users. Can anyone point me to a good source on how to do this?