ASP.NET 2.0 Security FAQs Online

The Channel9 guys have recently published a new Wiki on ASP.NET 2.0 Security Topics where you can read and comment on common security questions (example questions/answers: how to use forms authentication with Active Directory, how to create custom trust levels, how to implement single-sign on, etc).

Great stuff to check out and contribute with.

Thanks,

Scott

Published Monday, November 28, 2005 9:06 PM by ScottGu

Comments

# re: ASP.NET 2.0 Security FAQs Online

Tuesday, November 29, 2005 8:17 PM by Jeff Lynch
Scott,

The FAQ is great but how about an example showing ALL the various security settings (Server, IIS, ASP.NET 2.0 with Roles) for a typical web site with anonymous, authenticated users and even admin (role) users? Especially how to make the roles work for different site sub-directories.

Just a thought.

Jeff

# re: ASP.NET 2.0 Security FAQs Online

Wednesday, November 30, 2005 3:59 PM by scottgu
Hi Eddie,

We actually didn't tighten this as part of V2. V1.1 had the same abilities (we call it code-access security). What has started to change is that hosters are getting more secure out of the box in terms of the settings they apply. This is actually good in many regards (since you need to worry less about another app causing problems with yours) -- but it does as you've find sometimes mean it is hard to-do things that would be very useful.

Thanks,

Scott

# re: ASP.NET 2.0 Security FAQs Online

Friday, December 02, 2005 3:56 AM by scottgu
Hi Jeff,

I am working on a sample right now that I will try to post over the coming week that shows some more scenarios like this, and provides a nice starter template for building sites of your own.

Thanks,

Scott

# re: ASP.NET 2.0 Security FAQs Online

Wednesday, December 14, 2005 7:52 PM by fjbysf1
Thank you Scott,

Much appreciate all the work you've put into ASP.NET and IIS.