ASP.NET Authentication, Authorization, and Security

Summary

Security in web applications is very important, because of the exposure to the entire Web (of hackers!). In this Chapter, we looked at some general security concepts, as well as modern role-based security.

We examined the various authentication options available in ASP.NET, and provided some guidance that should allow you to choose among them. We discussed application configuration files in the context of security settings, and we used authentication and authorization to secure an application. We also used custom authentication to meet application requirements, showing the level of extensibility available in the general security infrastructure.

In order to describe the close relationship between IIS and ASP.NET, we provided an overview of the modular and extensible architecture that exists to process web requests, and how the various authentication options are implemented internally, as well as their interaction with the main web application.

Now our Friends Reunion application has become much more secure, through the use of the concepts you’ve learned in this Chapter. However, we certainly haven’t covered every possible security-related feature available in .NET, as that is a subject for a whole book. As noted earlier, one such book is Building Secure Microsoft ASP.NET Applications, which can also be downloaded as a PDF from www.microsoft.com/practices.