ASP.NET 2.0 Security FAQs Online

Tuesday, November 29, 2005

The Channel9 guys have recently published a new Wiki on ASP.NET 2.0 Security Topics where you can read and comment on common security questions (example questions/answers: how to use forms authentication with Active Directory, how to create custom trust levels, how to implement single-sign on, etc).

Great stuff to check out and contribute with.

Thanks,

Scott

4 Comments

Scott,

The FAQ is great but how about an example showing ALL the various security settings (Server, IIS, ASP.NET 2.0 with Roles) for a typical web site with anonymous, authenticated users and even admin (role) users? Especially how to make the roles work for different site sub-directories.

Just a thought.

Jeff

Jeff Lynch - Wednesday, November 30, 2005 1:17:00 AM

Hi Eddie,

We actually didn't tighten this as part of V2. V1.1 had the same abilities (we call it code-access security). What has started to change is that hosters are getting more secure out of the box in terms of the settings they apply. This is actually good in many regards (since you need to worry less about another app causing problems with yours) -- but it does as you've find sometimes mean it is hard to-do things that would be very useful.

Thanks,

Scott

scottgu - Wednesday, November 30, 2005 8:59:00 PM

Hi Jeff,

I am working on a sample right now that I will try to post over the coming week that shows some more scenarios like this, and provides a nice starter template for building sites of your own.

Thanks,

Scott

scottgu - Friday, December 2, 2005 8:56:00 AM

Thank you Scott,

Much appreciate all the work you've put into ASP.NET and IIS.

fjbysf1 - Thursday, December 15, 2005 12:52:00 AM

Comments have been disabled for this content.