|
|
|
|
|
| | Total Hits: 136 | Today: 0 | Author: J.D. Meier, Alex Mackman, Michael Dunner, and Srin | Rating:  |
| | 
Enterprise Services (COM+) provides roles for authorization purposes. This How To shows you how to create and configure a serviced component for method-level role-based security.... |
| | Total Hits: 210 | Today: 0 | Author: J.D. Meier, Alex Mackman, Michael Dunner, and Srin | Rating: |
| |
This How To shows you how to create a managed class library to provide encryption functionality for applications. It allows an application to choose the encryption algorithm. Supported algorithms include DES, Triple DES, RC2, and Rijndael.... |
| | Total Hits: 113 | Today: 0 | Author: Microsoft | Rating:  |
| |
This article discusses information about deploying a Microsoft .NET Framework enterprise security policy before you install the .NET Framework. This article also describes issues that you may experience when you install the .NET Framework with a restrictive enterprise security policy.... |
| | Total Hits: 224 | Today: 0 | Author: Rudolph Araujo | Rating: |
| |
ASP.NET does an excellent job of providing out of the box support for multiple forms of authentication using the classes in System.Web.Security namespace. In v1.1 of the framework, there exists support for forms-based, Microsoft Passport based and Integrated Windows (or NTLM) based authentication. These are intended to provide developers with easy access to an intuitive API which they can use to add authentications features to their own applications without having to reinvent it from scratch. As... |
| | Total Hits: 270 | Today: 0 | | Rating: |
| |
It is often vital for applications to be able to secure the data passed to and from a SQL Server database server. With SQL Server 2000, you can use SSL to create an encrypted channel. This How To shows you how to install a certificate on the database server, configure SQL Server for SSL and to verify that the channel is secure. You can use the Secure Sockets Layer (SSL) protocol to secure the communication link between clients (direct callers) and Microsoft® SQL Server™ 2000. When you configure ... |
| | Total Hits: 155 | Today: 0 | Author: J.D. Meier, Alex Mackman, Michael Dunner, and Srin | Rating: |
| |
IPSec is a technology provided by Windows 2000 that allows you to create encrypted channels between two servers. IPSec can be used to filter IP traffic and to authenticate servers. This How To shows you how to configure IPSec to provide a secure (encrypted) channel. Internet Protocol Security (IPSec) can be used to secure the data sent between two computers, such as an application server and a database server. IPSec is completely transparent to applications because encryption, integrity and auth... |
| | Total Hits: 402 | Today: 0 | Author: J.D. Meier, Alex Mackman, Michael Dunner, and Srin | Rating: |
| |
Applications may choose to store encrypted data such as connection strings and account credentials in the Windows registry. This How To shows you how to store and retrieve encrypted strings in the registry. The registry represents one possible location for an application to store database connection strings. Although individual registry keys can be secured with Windows access control lists (ACLs), for added security you should store encrypted connection strings. This How To describes how to stor... |
| | Total Hits: 136 | Today: 0 | Author: J.D. Meier, Alex Mackman, Michael Dunner, and Srin | Rating: |
| |
This How To shows you how to use DPAPI from an ASP.NET Web application or Web service to encrypt sensitive data. Web applications often need to store security-sensitive data, such as database connection strings and service account credentials in application configuration files. For security reasons, this type of information should never is stored in plain text and should always be encrypted prior to storage. This How To describes how to use DPAPI from ASP.NET. This includes ASP.NET Web applicati... |
| | Total Hits: 156 | Today: 0 | Author: Microsoft Corporation | Rating: |
| |
This How To shows how you can validate input to protect your application from injection attacks. Performing input validation is essential because almost all application-level attacks contain malicious input. You should validate all input, including form fields, query string parameters, and cookies to protect your application against malicious command injection. Assume all input to your Web application is malicious, and make sure that you use server validation for all sources of input. Use client... |
| | Total Hits: 360 | Today: 0 | Author: MSDN | Rating: |
| |
ASP.NET can be used together with Microsoft Internet Information Services (IIS) to authenticate Web users based on their Microsoft Windows 2000 user account credentials. The ASP.NET execution engine can also be configured to impersonate Web users, or to use its own Windows identity when it accesses resources such as databases or Files.... |
| | Total Hits: 1155 | Today: 0 | | Rating: |
| |
This article describes how to implement role-based security in an ASP.NET application that implements forms-based authentication using Visual Basic .NET.... |
| | Total Hits: 175 | Today: 0 | Author: Microsoft | Rating:  |
| |
Welcome to the ASP.NET Support Voice column! My name is Jerry Orman. I have been with Microsoft for over five years, and have spent most of my time focused on Web-related technologies such as Microsoft FrontPage and Microsoft SharePoint Products and Technologies. I've spent the last year working with Microsoft ASP.NET as a support engineer. This month, I'm going to talk about SSL Termination and ASP.NET. In particular, I want to focus on issues that result from a configuration of the server. We'... |
| | Total Hits: 630 | Today: 0 | Author: J.D. Meier, Alex Mackman, Michael Dunner, and Srin | Rating: |
| |
This How To shows you how to create a custom principal object that provides extended role-based functionality that can be used for .NET authorization. The .NET Framework provides the WindowsPrincipal and GenericPrincipal classes, which provide basic role-checking functionality for Windows and non-Windows authentication mechanisms respectively. Both classes implement the IPrincipal interface. To be used for authorization, ASP.NET requires that these objects are stored in HttpContext.User. For Win... |
| | Total Hits: 204 | Today: 0 | Author: J.D. Meier, Alex Mackman, Michael Dunner, and Srin | Rating: |
| |
This How To shows you how to create and handle GenericPrincipal and FormsIdentity objects when using Forms authentication. Applications that use Forms authentication will often want to use the GenericPrincipal class (in conjunction with the FormsIdentity class), to create a non-Windows specific authorization scheme, independent of a Windows domain.... |
| | Total Hits: 246 | Today: 0 | | Rating: |
| |
This How To shows you how to implement Forms authentication against a SQL Server credential store. It also shows you how to store password digests in the database. This How To shows you how to implement Forms authentication against a SQL Server credential store. It also shows you how to store password digests in the database.... |
| | Total Hits: 428 | Today: 1 | Author: MSDN | Rating: |
| |
This article demonstrates how to use the classes in the System.Security.Principal namespace to check the user's Microsoft Windows user name and group memberships from a client application.... |
| | Total Hits: 271 | Today: 0 | Author: MSDN | Rating: |
| |
ASP.NET gives you more control to implement security for your application. ASP.NET security works in conjunction with Microsoft Internet Information Server (IIS) security and includes authentication and authorization services to implement the ASP.NET security model. ASP.NET also includes a role-based security feature that you can implement for both Microsoft Windows and non-Windows user accounts.... |
| | Total Hits: 391 | Today: 1 | Author: MSDN | Rating: |
| |
This article describes different ways to implement impersonation in an ASP.NET application.... |
| | Total Hits: 132 | Today: 0 | Author: J.D. Meier, Alex Mackman, Michael Dunner, and Srin | Rating:  |
| |
This How To shows you how to use DPAPI from an ASP.NET Web application or service to encrypt sensitive data. This How To uses DPAPI with the user store, which requires the use of an out of process Enterprise Services component. Web applications often need to store security-sensitive data, such as database connection strings and service account credentials in application configuration files. For security reasons, this type of information should never is stored in plain text and should always be e... |
| | Total Hits: 137 | Today: 0 | Author: J.D. Meier, Alex Mackman, Michael Dunner, and Srin | Rating: |
| |
This How To shows you how to create a managed class library that exposes DPAPI functionality to applications that want to encrypt data, for example, database connection strings and account credentials. Web applications often need to store security sensitive data, such as database connection strings and service account credentials in application configuration files. For security reasons, this type of information should never be stored in plain text and should always be encrypted prior to storage.... |
|
|
|
|
|
|
|
|
|
|
|
|
|