This book is intended for developers who are already familiar
with and have a solid understanding of ASP.NET 1.1 and ASP.NET 2.0
security concepts, especially in the areas of forms authentication,
page security, and website authorization. It assumes that you have
a good understanding of the general functionality of Membership and
Role Manager. It is also assumes that you have some familiarity
working with ASP.NET AJAX 3.5. The book aims to "peel back the
covers" of various ASP.NET security features so you can gain a
deeper understanding of the security options available to you.
Explaining the new IIS 7.0 and its Integrated mode of execution is
also included in the book.
This book was written using the .NET 3.5 Framework along with
the .NET Framework SPI on both Windows Sever 2008 and Windows
Vista. The sample code in the book has been verified to work with
.NET 3.5 Framework and .NET 3.5 Framework SPI on Windows Vista. To
run all of the samples in the book you will need the following:
Windows Server 2008 or Windows VistaInternet Information Services
7.0 (IIS 7.0)Visual Studio 2008 RTMEither SQL Server 2000 or SQL
Server 2005A Window's Sever 2008 domain running at Windows Server
2008 functional level
This book covers many topics and areas in ASP.NET 2.0 and
ASP.NET 3.5. It first introduces Internet Information Services 7.0
(IIS 7.0). It goes on to explain in detail the new IIS 7.0
Integrated mode of execution. Next, detailed coverage of how
security is applied when the ASP.NET application starts up and when
a request is processed in the newly introduced integrated
request-processing pipeline is discussed. After this, the book
branches out and begins to cover security information for features
such as trust levels, forms authentication, page security, and
session state. This will show you how you can benefit from the IIS
7.0 Integrated mode to make better use of ASP.NET features. You
will also gain an understanding of the lesser known security
features in ASP.NET 2.0 and ASP.NET 3.5.
In chapter 10 the book changes direction and addresses two
security services in ASP.NET 2.0 and ASP.NET 3.5: Membership and
Role Manager. You will learn about the provider model that
underlies each of these features. The internals of the feature are
also discussed, as well as the SQL- and Active Directory-based
providers included with them. The discussion of ASP.NET features is
continued in chapter 17, which is dedicated to the ASP.NET AJAX 3.5
security integration with ASP.NET 3.5; it will also show how to
The book closes with a chapter about the best practices ASP.Net
developers should follow to protect their applications from
Chapter 1 starts by refreshing ideas on application pools and
worker processes. It later gets into the major components that make
up IIS 7.0. Chapter 2 begins by introducing the advantages of the
IIS 7.0 and ASP.NET integrated mode. Chapter 3 gives you a
walkthrough of the security processing that both IIS 7.0 and
ASP.NET perform in the integrated/unified request-processing
pipeline. Chapter 4 defines what an ASP.NET trust level is and how
ASP.NET trust levels work to provide secure environments for
running web applications. Chapter 5 covers the security features in
the 2.0 and 3.5 Frameworks' configuration systems. Chapter 6
explains ASP.NET 2.0 and ASP.NET 3.5 features for forms
authentication. Chapter 7 demonstrates using IIS 7.0 wildcard
mappings and ASP.NET 2.0 and ASP.NET 3.5 support for wildcard
mappings to share authentication and authorization information with
Classic ASP applications. Chapter 8 covers security features and
guidance for session state. Chapter 9 describes some lesser known
page security features from ASP.NET 1.1 and describes how ASP.NET
2.0 and ASP.NET 3.5 options for securing viewstate and postback
events. Chapter 10 gives you an architectural overview of the
provider model in both ASP.NET 2.0 and ASP.NET 3.5. Chapter 11
talks about the Membership feature in ASP.NET 2.0 and ASP.NET 3.5
Chapter 12 delves into both the SqlMembershipProvider as well as
general database design assumptions that are included in all of
ASP.NET 2.0's and ASP.NET 3.5's SQL-based features. Chapter 13
covers other membership provider that ships in ASP.NET 2.0 and
ASP.NET 3.5-ActiveDirectoryMembershipProvider. Chapter 14 describes
the Role Manager feature that provides built-in authorization
support for ASP.NET 2.0 and ASP.NET 3.5. Chapter 15 discusses the
SqlRoleProvider and its underlying SQL schema. Chapter 16 covers
the AuthorizationStoreRoleProvider, which is a provider that maps
Role Manager functionality to the Authorization Manager. Chapter 17
discusses how ASP.NET AJAX 3.5 integrates with ASP.NET 3.5
Membership and Role management features through newly introduced
web services. Chapter 18 covers the best practices that can be
followed to secure ASP.NET applications.
Bilal Haidar has authored several online articles for
www.aspalliance.com, www.code-magazine.com, and www.aspnetpro.com.
He is one of the top posters at the ASP.NET forums. He has been a
Microsoft MVP in ASP.NET since 2004 and is also a Microsoft
certified trainer. Currently, Bilal works as a senior developer for
Consolidated Contractors Company (CCC), whose headquarters are
based in Athens, Greece.
Stefan Schackow, the previous author of this book, is a Program
Manager on the Web Platform and Tools Team at Microsoft. He worked
on the new application services stack in Visual Studio 2005 and
owned the Membership, Role Manager, Profile, Personalization, and
Site Navigation features in ASP.NET 2.0. Currently he is working on
Silverlight for Microsoft. Stefan is a frequent speaker at
Microsoft developer conferences.
Is the information for this product incomplete, wrong or inappropriate?
Let us know about it.
Does this product have an incorrect or missing image?
Send us a new image.
Is this product missing categories?
Add more categories.
Review This Product
No reviews yet - be the first to create one!