Authors: Srinivasa Sivakumar, Doug Seven, Russ Basiura, Brady Gaster, Richard Conway, Sitaraman Lakshminarayanan, Enrico Sabbadin

Summary (from cover)

"Professional ASP.NET Security" will guide you through the details of ASP.NET security, from an investigation of general security issues, to detailed implementations of the more sophisticated ASP.NET security features.

Reviewer Comments

This book was very well written and covers ASP.NET security very thoroughly from basic to advanced topics. There are many things to be considered in securing a web application and this book puts them all in one place making it an asset to developers constructing web applications with the .NET framework.

Chapter 1: Building Secure Web Applications

This chapter begins with a discussion of security basics including how different types of attacks that are made on Web applications. It also contains some solid security advice for ASP.NET Web developers.

Chapter 2: Treating the Client with Caution

Discusses attacks made with client side input including script injection, cross-site scripting, SQL injection and how these attacks might be prevented using validation, encoding, and filtering.

Chapter 3: Storing Secrets

Where and how to store important information in your application is the topic of this chapter. It shows the different methods that are used to protect your connection string, passwords, and other application data.

Chapter 4: Securing Database Access

This chapter explains the key techniques used in restricting database access including the use of components, trusted connections, and store procedures.

Chapter 5: Implementing Password Policies

This chapter covers how to develop good password strategies, allowing users to update their passwords, and how to protect applications against a brute force attack.

Chapter 6: The ASP.NET Security Framework

An overview of ASP.NET security including the different methods of authentication and authorization, which are discussed in detail in the following chapters.

Chapter 7: Windows Authentication

This chapter explains the reasons for using windows authentication and the methods used to configure it for use with your application.

Chapter 8: .NET Passport

An in depth look at using .NET passport authentication with your application.

Chapter 9: Forms Authentication

This chapter is a complete discussion of the widely used forms authentication method of security including hashing passwords, persisting authentication cookies, and storing credentials in an XML file or database.

Chapter 10: Extending Forms Authentication

Builds on the previous chapter by covering advanced forms authentication topics including web farms, forms authentication without cookies, protecting cookies, protecting files other than web pages, and configuring role-based security.

Chapter 11: Custom Authentication

This chapter contains a detailed view of developing your own custom security solution to handle a specialized application.

Chapter 12: Implementing Authorization

Describes how to use ASP.NET built in methods like file and URL authorization to control access to different parts of your application.

Chapter 13: Code Access Security

This chapter contains a thorough description of all aspects of Code Access Security(CAS) including a detailed look at how CAS works. It also explains how to administer and customize CAS.

Chapter 14: Web Service Security

This chapter describes the basic ways to secure a web service. At the end of the chapter a quick look at emerging technologies that will allow more secure web applications to be developed in the future.

Chapter 15: Impersonation

The last chapter discusses how we can use impersonation to change the security context of an application to restrict priviledges given to the ASP.NET account.