Browse by Tags

All Tags » Tips and Tricks » Security » ASP.NET (RSS)

Tip/Trick: Enabling SSL on IIS 7.0 Using Self-Signed Certificates by ScottGu

SSL enables browsers to communicate with a web-server over a secure channel that prevents eavesdropping, tampering and message forgery. You should always use SSL for login pages where users are entering usernames/passwords, as well as for all other sensitive...

Tip/Trick: Integrating ASP.NET Security with Classic ASP and Non-ASP.NET URLs by ScottGu

One of the questions I am often asked is "How can I integrate ASP.NET security with Classic ASP other non-ASP.NET URLs?". Specifically, people want to know if they can integrate ASP.NET's Forms Authentication, Role Based Security, and URL Authorization...

Common Gotcha: Don't forget to <clear/> when adding providers by ScottGu

Recently I've helped a few people out who were having an issue with how they had added new Membership, Role, and Profile providers within their web.config file. If you are ever going to add a provider declaration within your web.config file, please read...

Tip/Trick: Source/Documentation for Simple ASP.NET 2.0 SQL Providers Published by ScottGu

One of the most popular features in ASP.NET 2.0 was the introduction of the "provider model" for the built-in ASP.NET Application Service APIs. The provider model ensures that the storage/implementation for services like Membership, Roles, Profiles, Health...

Tip/Trick: Adding Authorization Rules to Business and Data Layers using PrincipalPermissionAttributes by ScottGu

Earlier this summer I posted two tutorials on using Windows Authentication with ASP.NET: Enabling Window Authentication within an Intranet ASP.NET Web Application and Implementing Role Based Security within ASP.NET using Windows Authentication and SQL...

Tip/Trick: Guard Against SQL Injection Attacks by ScottGu

SQL Injection attacks are really nasty security vulnerabilities, and something all web developers (regardless of platform, technology or data layer) need to make sure they understand and protect themselves against. Unfortunately developers too often neglect...

Tip/Trick: Patterns and Practices Guidance Explorer for .NET and ASP.NET by ScottGu

I blogged about the cool new .NET and ASP.NET Guidance Explorer that the Microsoft Patterns and Practices Team has been working on back in June. Since then the team has been hard at work and recently moved the project to be hosted on CodePlex. You can...

Tip/Trick: Show Detailed ASP.NET Error Messages to Developers (and only to Developers) by ScottGu

Problem: You are developing/maintaining an ASP.NET web-site, and would like the ability to conditionally show/hide runtime error messages depending on who the user visiting the site is. For a normal user visiting the site you want to be able to display...

My ASP.NET 2.0 Tips, Tricks, Recipes and Gotchas "Highlights Page" by ScottGu

Several people have sent me email lately asking for a suggested short-list of my best/favorite past blog posts to read (I’ve done 200 posts over the last 12 months and apparently it takes too long to read them all <g>). I’ve put together...

Recipe: Implementing Role Based Security with ASP.NET using Windows Authentication and SQL Server by ScottGu

Problem You are building an Intranet expense report application for your organization, and want to enable role-based authentication and authorization capabilities within it. Specifically, you want to create logical roles called “approvers”...
More Posts Next page »