Net Security

In ASP.NET 2.0 and Visual Studio 2005, you can quickly program custom authentication pages with the provided Membership Login controls. In this article, Dina Fleet Berry examines the steps involved in using the Login control with a custom SQL Server membership database.

Code Access Security (CAS) is the .NET Framework security model that grants code permission to resources based on "evidence" pertaining to the encapsulating assembly. In this article, David Myers examines CAS and explains different configuration methods.

In many web applications it is desirable for both intranet users and external parties to be able to seamlessly log onto the system. The problem this raises is that it is not easy to allow intranet users to log in via Windows integrated authentication while also allowing external parties to log in to the same application using standard forms authentication. This article will show you one way to achieve the best of both worlds when it comes to authentication.

Peter Persitsb article shows that the path to a password-protected Web site involves using one-way hash functions. The hash-based password-protection method uses an encryption algorithm that does not require a key and produces an irreversibly encrypted cipher-text. Even if your sitebs password database is compromised, itbs still tough for an intruder to recover the original passwords because they are stored by their one-way encrypted values. Persits also demonstrates a third-party component that is necessary to compute the one-way hash function of a string in the ASP environment.

In this article, Michele Leroux Bustamante discusses authentication, authorization and role-based security in .NET. Along the way, he provides some best practices for implementing role-based security in some typical .NET application scenarios including rich clients, Web applications, and Web services.

With the introduction of ASP.NET 2.0 and Visual Studio 2005, many of the security tasks required to connect an application's authentication and authorization mechanisms to Active Directory have been dramatically simplified. This article shows how to perform both Active Directory (LDAP:\\) and local member server (WinNT:\\) tasks.

This code snippet and document show how to connect to an FTP server with SSL enabled using ASP.NET. The code is written in C#.NET.

Use SSH tunneling to secure MySQL connections.

Learn how to use cryptography to improve the security of your applications. Discover the basic building blocks for encryption and hashing using C#.

ASP.NET 2.0 enables you to encrypt portions of your configuration file. You can pick a section in your Web.config file to encrypt and then decrypt.

Using RFID hardware and incorporating RFID tag information into your applications can really be quite simple. See what can be done with less than $100 and no more than a few dozen lines of code.

Employ this function in your e-commerce application to validate the credit card numbers your users enter.

If you don't want the overhead or complexity of a government-standard encryption technique, there is a simple solution.

Learn about maintaining code groups at runtime.

Discover a way to make SQL databases easy to deploy within a MSI file along with your applications.

Learn how to add a connection string to your app.config file in Visual Studio 2005, encrypt that connection string, and introduce a tool for automatically encrypting connection strings for ASP.NET.

Learn how to encrypt offline data, .NET style. Paul Kimmel offers you the opportunity to experiment with ADO.NET, XML serialization, streams, and the DPAPI—technologies you can use to encrypt user data.

For situations when a company doesn't want the responsibility of maintaining a user password file, Tom Archer presents a mechanism that stores and uses the hash codes of passwords instead of the actual passwords to validate users.

ASP.NET 2.0 provides new classes, methods, and controls that make implementing authentication easy. Learn how to apply the authentication functionalities of the Membership class and its methods into ASP.NET applications.

Explains symmetric and asymmetric encryption, and then shows how to combine them. The .NET framework is used. All code snippets are written in VB.NET.

A common threat Web developers face is a password-guessing attack known as a brute-force attack. A brute-force attack is an attempt to discover a password by systematically trying every possible combination of letters, numbers, and symbols until you discover the one correct combination that works. If your Web site requires user authentication, you are a good target for a brute-force attack.

Learn how to use Windows authentication for Web-based intranet applications to access a SQL Server database using ASP.NET.

Learn how role-based security in .NET works. The sample code shows how to implement a database-driven security model for enterprise applications.

By applying ASP.NET programming logic, you can store user data in either XML files or a Web configuration file and then validate users by using those files. Learn how to apply both of these simple methods of authentication.