Return to HomePage

---

Canonicalization Lab Modules

The canonicalization lab modules show you how to avoid input and data validation security issues related to path validation.

Contents

* Objectives
* Video
* Lab
* Recommended Guidance
* Feedback

Objectives

* Use Access Control Lists (ACLs) and impersonation to control access to resources, instead of pathname comparisons
* Use HttpRequest.MapPath to restrict physical file paths to the current virtual directory.

Video

The video is a small wmv file download:
* Video Demonstration: Paths, URL s, and Canonicalization

Lab

The lab is small zip that you need to extract to see the example code:
* Lab Project Files: CanonicalizationLab.zip

Recommended Guidance

* Design Guidelines for Secure Web Applications (See "Input Validation" section)
* Architecture and Design Review for Security (See "Input Validation" section)

Feedback

* Send mail to labmods at microsoft.com

---

Return to HomePage