aspnet2securityfaqs

Cancel Edit [WikiEntry.PreviewButtonText] Save
Return to PatternsAndPracticesSecurityWiki

ASP.NET 2.0 Security FAQ s

Welcome to the ASP.NET 2.0 Security FAQ page. This page provides an index to common questions and answers. The questions act as another index into the security guidance.

Auditing and Logging

* How do I use the Health monitoring feature of ASP.NET 2.0?
* How do I audit authentication failures?
* When writing to the Application Event log from an ASP.NET application running under the Network Service Security context, I get a registry permission exception. How do I correct this?

Authentication

* What's new in ASP.NET 2.0 in terms of Authentication?
* How do I use Forms Authentication with Active Directory?
* How do I set up a SQL Server or SQL Express database for Membership, Profiles and Role Management?

Authorization

* What's new in ASP.NET 2.0 in terms of Authorization?
* What is the difference between URL authorization, File authorization and Role authorization??
* "How do I implement a custom role provider for my custom role store?" :ASPNET2SecurityFAQ0009
* How do I use in my application?

Code Access Security

* What's new in 2.0?
* How do I use code access security with ASP.NET?
* How do I create a custom trust level with ASP.NET?

Configuration

* How do I run an ASP.NET application under different / custom identity?
* How can I secure sensitive data in configuration files?
* Do I need to create a unique user account for each application pool?

Data Access

* When using Windows authentication, how can I give default ASP.NET process identity (Network Service) access to remote database server?
* How can I secure (encrypt) my database connection string?
* How do I create a SQL Server login and set database permissions for the Network Service account?

Exception Handling

* "How should I log exceptions?" :ASPNET2SecurityFAQ0019
* How do I enable my ASP.NET Application to write to the event log?
* "How should I monitor for exceptions?" :ASPNET2SecurityFAQ0020
* How do I set up a global exception handler in my application?

Impersonation / Delegation

* How do I flow the original user identity to different layers?
* Can impersonation be used with Forms authentication?
* What are the requirements for using Kerberos delegation?

Input Validation

* How do I make data safe before writing it back to the client?
* What is Sql Injection? How can I prevent it?
* What is cross-site scripting? How can I prevent it?

Network Access

* How can I access secured remote resources from ASP.NET?
*
*

Sensitive Data

* How should I protect ViewState?
* How do I secure Session State information?
* What care should I take with View State in Web Farm Scenario?


Return to PatternsAndPracticesSecurityWiki
Cancel Edit [WikiEntry.PreviewButtonText] Save
Microsoft Communities