This guide presents a practical, scenario driven approach to designing and building secure ASP.NET applications for Windows 2000 and version 1.0 of the .NET Framework. It focuses on the key elements of authentication, authorization, and secure communication within and across the tiers of distributed .NET Web applications.
This guide focuses on:
This guide focuses on:
- Authentication (to identify the clients of your application)
- Authorization (to provide access controls for those clients)
- Secure communication (to ensure that messages remain private and are not altered by unauthorized parties)
Why authentication, authorization, and secure communication?
Security is a broad topic. Research has shown that early design of authentication and authorization eliminates a high percentage of application vulnerabilities. Secure communication is an integral part of securing your distributed application to protect sensitive data, including credentials, passed to and from your application, and between application tiers.
There are many technologies used to build .NET Web applications. To build effective application-level authentication and authorization strategies, you need to understand how to fine-tune the various security features within each product and technology area, and how to make them work together to provide an effective, defense-in-depth security strategy. This guide will help you do just that.
The guide is divided into four parts.
Part I, Security Models
Part I of the guide provides a foundation for the rest of the guide. Familiarity with the concepts, principles, and technologies introduced in Part I will allow you to extract maximum value from the remainder of the guide.
Part II, Application Scenarios
Most applications can be categorized as intranet, extranet, or Internet applications. This part of the guide presents a set of common application scenarios, each of which falls into one of those categories. The key characteristics of each scenario are described and the potential security threats analyzed.
Part III, Securing the Tiers
This part of the guide contains detailed drill-down information that relates to the individual tiers and technologies associated with secure .NET Web applications.
Part IV, Reference
This reference part of the guide contains supplementary information to help further your understanding of the techniques, strategies, and security solutions presented in earlier chapters.
Who Should Read This Guide?
If you are a middleware developer or architect, who plans to build, or is currently building .NET Web applications using one or more of the following technologies, you should read this guide.
Security is a broad topic. Research has shown that early design of authentication and authorization eliminates a high percentage of application vulnerabilities. Secure communication is an integral part of securing your distributed application to protect sensitive data, including credentials, passed to and from your application, and between application tiers.
There are many technologies used to build .NET Web applications. To build effective application-level authentication and authorization strategies, you need to understand how to fine-tune the various security features within each product and technology area, and how to make them work together to provide an effective, defense-in-depth security strategy. This guide will help you do just that.
The guide is divided into four parts.
Part I, Security Models
Part I of the guide provides a foundation for the rest of the guide. Familiarity with the concepts, principles, and technologies introduced in Part I will allow you to extract maximum value from the remainder of the guide.
Part II, Application Scenarios
Most applications can be categorized as intranet, extranet, or Internet applications. This part of the guide presents a set of common application scenarios, each of which falls into one of those categories. The key characteristics of each scenario are described and the potential security threats analyzed.
Part III, Securing the Tiers
This part of the guide contains detailed drill-down information that relates to the individual tiers and technologies associated with secure .NET Web applications.
Part IV, Reference
This reference part of the guide contains supplementary information to help further your understanding of the techniques, strategies, and security solutions presented in earlier chapters.
Who Should Read This Guide?
If you are a middleware developer or architect, who plans to build, or is currently building .NET Web applications using one or more of the following technologies, you should read this guide.
- ASP.NET
- Web services
- Enterprise Services
- Remoting
- ADO.NET
