Securing an ASP.NET application is one of the toughest
challenges programmers face. The reason for this is simple. All applications
evolve from time to time. It would have been bliss for programmers if the websites
do not change and remain static.
Let us take a scenario where we are developing a simple shopping
cart application for company X. Here, the security is not the key and rather,
identifying the user and displaying the items in the cart related to the user
is the most important factor. Keeping in view the requirements, we developed
the application in the same sense. The application is moved to production and
doing fine. Now, this simple shopping cart application has done really well and
has brought lot of revenues to company X. Suddenly the strategy is to build a
bidding site on top of the shopping cart site. This change in the strategy has
brought security as a key component for the applications. A bidding site needs
to uniquely identify the user and also let him choose his biddings. Before, the
application never had the user profile with it. Now, it needs to maintain the
user profile with all the mandatory fields. This change can be addressed well
with the provider model. In the next few sections we will discuss this.