Web Security

Submit your article

Contents Quick search by title:

ASP.NET - Security			top
Title / Updated	Author	Score
Role-based Security with Forms Authentication Updated: 17 Jun 2003   Provides insight and tips on using role-based (groups) Forms Authentication in ASP.NET, which has only partial support for roles. .NET 1.0, C#, ASP.NET, Windows, Visual Studio, Dev, Intermediate	Heath Stewart	4.67
Switching Between HTTP and HTTPS Automatically: Version 2 Updated: 16 Oct 2008   An article on automatically switching between HTTP and HTTPS protocols without hard-coding absolute URLs .NET 1.1, .NET 2.0, Win2K, WinXP, Win2003, VS.NET2003, VS2005, C#, VB, ASP.NET, Dev, Intermediate	Matt Sollars	4.60
HttpSecureCookie, A Way to Encrypt Cookies with ASP.NET 2.0 Updated: 3 Apr 2006   Discussing how to encode and tamper-proof text and cookies using the MachineKey, by using reflection. .NET 2.0, VS2005, C#, ASP.NET, Windows, Dev, Intermediate	Adam Tibi	4.57
Server-side fix for the Universal PDF XSS Vulnerability Updated: 24 Apr 2007   This article describes a server-side fix for the recently discovered vulnerability in the PDF reader plugin by Adobe. .NET 2.0, Win2K, WinXP, Win2003, Vista, VS.NET2003, VS2005, C# 2.0, ASP.NET, IIS, Architect, Dev, WebForms, Intermediate	Sidney Chong	4.47
Protect non-.NET Assets Using a .NET Reverse Proxy with Forms Authentication and ISAPI Updated: 27 Aug 2006   How to protect secure assets using a .NET Reverse Proxy, an ISAPI redirection filter and .NET Forms Authentication VC6, .NET 2.0, Win2K, WinXP, Win2003, Vista, IIS 5.1, IIS 6, VS2005, VS6, VB, ASP.NET, XML, MFC, Architect, Dev, Intermediate	Toby Emden	4.43
Restricting Access to trace.axd using IIS Basic Authentication Updated: 15 Sep 2004   A technique to use the IIS Basic Authentication mechanism to control access to trace.axd. IIS 5.1, IIS 6, ASP.NET, Windows, .NET, Visual Studio, Dev, Intermediate	ChrisAdams	4.33
Web Service and IIS Security hurdles Updated: 27 Jan 2006   How to configure IIS in order to enable the use of Named Kernel Objects in Web Services. WinXP, Win2003, IIS 6, C#, ASP.NET, .NET, Visual Studio, Dev, Intermediate	Cohen Shwartz Oren	4.31
Encrypting Cookies to prevent tampering Updated: 23 Dec 2004   In this article, we talk about the lack of Cookie security built-into the ASP.NET framework, and a decent workaround to provide integrated tamper proof security for cookie data. .NET 1.0, .NET 1.1, C#, ASP.NET, Windows, Visual Studio, Dev, Intermediate	Eric Newton	4.16
A Windows logon, web user control implementation - in ASP.NET Updated: 24 Nov 2003   A classic example of implementing reusable web user control, with supporting controls and classes to keep the code manageable. .NET 1.0, .NET 1.1, Win2K, WinXP, Win2003, ASP.NET, Visual Studio, Dev, Intermediate	Harish Palaniappan	4.12
TripleDES Encrypted Configuration File Updated: 29 Feb 2004   How to make your server settings safer Win2K, WinXP, Win2003, ASP.NET, .NET, Visual Studio, Dev, Intermediate	Matthew Hazlett	4.10
Single sign-on across multiple applications in ASP.NET Updated: 31 Mar 2004   By default, Forms authentication does not support single sing-on accross multiple applications. But is not too complicated to tweak it the appropriate way. .NET 1.0, .NET 1.1, VB, ASP.NET, Windows, Visual Studio, Dev, Intermediate	Michal Altair Valasek	4.05
Securing Images under Forms-Based Authentication in ASP.NET Applications Updated: 21 Oct 2002   Allows Forms-based authentication to work on non-parsed files such as images. .NET 1.0, VB, ASP.NET, Windows, Visual Studio, Dev, Intermediate	James Coleman	4.00
Secure Persistent ASP.NET Forms Authentication Updated: 27 Aug 2008   An ASP.NET system for having two authentication cookies, one secure and one insecure, to have multiple tiers of security by folder. .NET 2.0, VS2005, .NET 3.0, VB 8.0, VB 9.0, .NET 3.5, VS2008, VB, ASP.NET, .NET, Dev, Intermediate, Advanced	BrantBurnett	4.00
Authorization Security Model in Web Applications Using .NET Attributes Updated: 26 Jul 2008   This article talks about the authorization security model in Web applications using .NET attributes. .NET 2.0, C# 2.0, .NET 3.0, C# 3.0, C#, ASP.NET, .NET, Architect, Dev, Intermediate	Samer Abu Rabie	4.00
Security Tips for Temporary File Usage in Applications Updated: 12 Oct 2006   Educate yourself on security best practices for temporary file usage in software applications. ASP.NET, Windows, .NET, Visual Studio, Architect, Dev, Intermediate	Richard Lewis	3.94
Simple HTTP Reverse Proxy with ASP.NET and IIS Updated: 22 May 2004   Learn how easy it is to create HTTP Reverse Proxy in .NET using IIS. .NET 1.1, Win2K, WinXP, Win2003, C#, ASP.NET, Visual Studio, Dev, Advanced	Vincent Brossier	3.88
Custom Authentication provider by implementing IHttpModule, IPrincipal and IIdentity Updated: 2 Nov 2003   An article on writing Custom Authentication provider in ASP.NET .NET 1.0, VS.NET2002, C#, ASP.NET, Windows, Dev, Intermediate	I Piscean	3.85
Securing image URLs in a website Updated: 21 Apr 2004   How to hide image URLs on a website to avoid illegal access, using a custom HttpHandler and encryption. ASP.NET, Windows, .NET, Visual Studio, Dev, Intermediate	yvdh	3.84
Secure File Download Using Basic Authentication Updated: 19 Mar 2006   Secure file download using Basic Authentication. The interesting part is that we maintain two separate entry points for uploading and downloading a file. Win2K, WinXP, Win2003, IE 6.0, C#, ASP.NET, .NET, IIS, Visual Studio, HTML, Dev, Intermediate	Mohd Faraz (Lucky)	3.81
Cookieless ASP.NET forms authentication Updated: 25 Aug 2002   They say it is not possible to use cookieless forms authentication in .NET. Well it is, and relatively easy to accomplish! .NET 1.0, C#, ASP.NET, Windows, Visual Studio, Dev, Intermediate	brutal	3.73
Custom membership provider for the ADO.NET Entity Framework Updated: 29 Oct 2008   Custom membership provider implementation for the ADO.NET Entity Framework. C#, ASP, ASP.NET, Javascript, XML, CSS, HTML, Dev, XHTML, WebForms, Ajax, Intermediate	Michael Ulmann	3.72
SQL injection attacks Updated: 18 Jul 2005   An article on SQL injection attacks. SQL 2000, C#, ASP.NET, SQL, Windows, .NET, Visual Studio, DBA, Dev, Intermediate	Invincible Poison	3.71
Make ClickOnce Work With ASP.NET Forms Authentication Updated: 20 Mar 2008   A solution for securing access to a ClickOnce application using ASP.NET Forms authentication. .NET 2.0, IIS 6, .NET 3.0, VB 8.0, VB 9.0, IIS 7, .NET 3.5, VB, ASP.NET, .NET, IIS, Architect, Dev, WPF, Intermediate, Advanced	David P Henry, Graham Murray	3.67
Encrypt Password Field in SQL Server, Registry Information & Query String Updated: 13 Jan 2003   How to encrypt the database password field, registry information and query string. .NET 1.0, Win2K, WinXP, VB, ASP.NET, Visual Studio, Dev, Intermediate	Syed Adnan Ahmed	3.65
Extending Forms Authentication - Windows or Custom Authentication Updated: 28 May 2004   Combines Forms Authentication with Windows or Custom Authenticator. .NET 1.1, C#, ASP.NET, Windows, Visual Studio, Dev, Advanced	McGiv	3.57
Encrypt and Decrypt Data with C# Updated: 17 May 2006   Encrypt and Decrypt important data with C# and play C#, Windows, .NET, Visual Studio, Dev, Intermediate	Syed Moshiur Murshed	3.46
.NET Role-Based Security in a Production Environment - Unedited Updated: 19 May 2008   Edit web.config to Update the Data Provider for Shared Hosting with Role-Based Security: SQL Server, ODBC, Active Directory, ADAM, SQLite, MySQL, Access, XML .NET 2.0, .NET 3.0, .NET 3.5, ASP.NET, .NET, Architect, Dev, WebForms, Beginner, Intermediate	Ralph in Boise	3.44
Using HTTP Modules To Combat Leeching Updated: 3 Dec 2003   An article to demonstrate how HTTP Module-based filtering can prevent leeching. Win2K, WinXP, Win2003, VB, ASP.NET, .NET, Visual Studio, Dev, Intermediate	KingLeon	3.33
Additional functionality for ASP.NET 2.0's CookieParameter Updated: 6 Nov 2004   This article addresses some missing functionality in ASP.NET 2.0's CookieParameter type, including getting a multi-valued cookie Key value and providing some HttpCookieEncryption support. .NET 2.0, C#, ASP.NET, Windows, Visual Studio, Dev, Intermediate	Eric Newton	3.33
Form authentication and authorization in ASP.NET Updated: 21 Apr 2006   This article will explain how to secure websites using the ASP.NET Forms Authentication. Win2K, WinXP, C#, ASP.NET, XML, .NET, Visual Studio, Dev, Intermediate	Ahmed jamil Kattan	3.33
Query string encryption for ASP.NET Updated: 7 May 2008   Clear text query strings are a potential security threat for your web application. Thus, query strings should always be encrypted. C#, ASP, ASP.NET, Javascript, CSS, HTML, Dev, WebForms, Ajax, Intermediate	Michael Ulmann	3.23
Pass-Through Security Authentication (Single Sign-on) using ASP.NET Updated: 9 Sep 2004   The Pass-Through authentication enables a user to sign-on to their intranet and access other web applications without being asked for login again. VC7, VC7.1, VC8.0, .NET 1.0, .NET 1.1, NT4, Win2K, WinXP, Win2003, VS.NET2002, VS.NET2003, C#, ASP.NET, XML, .NET CF, Mobile, Dev, Intermediate	Jayakanthan	3.00
Digest Calculator - Unedited Updated: 24 Oct 2008   This article explains simple way of implementing digest protocol in C#. A sample application is provided which shows step by step digest calculation. .NET 3.0, .NET 3.5, C#, .NET, Architect, Dev, Intermediate	sri.krish	3.00
Preventing Automated / Dictionary Login Attacks without the use of CAPTCHA Updated: 9 Jan 2005   A simple way to prevent automated / dictionary login attacks without the use of CAPTCHA (Completely Automated Public Turing Test to Tell Computers and Humans Apart) images. C#, ASP.NET, Windows, .NET, Visual Studio, Dev, WebForms, Intermediate	JohnnyUSA	2.98
Securely Run the ASP.NET Worker Process as the System Account Updated: 27 Jan 2004   Describes the proper way to configure a server to securely run the ASP.NET worker process runs as the system account. VC7, VC7.1, VC8.0, .NET 1.0, .NET 1.1, ASP.NET, Windows, Visual Studio, MFC, ATL, WTL, STL, Dev, Advanced	David Coe	2.93
Prevent attacks on your website Updated: 6 Jul 2005   Using a simple example, I'll explain how to prevent a program that can register thousands of dummy users to your database and play with your database and application performance. .NET 1.1, VS.NET2003, C#, ASP.NET, SQL, Windows, DBA, Dev, QA, COM, ADO.NET, WinForms, WebForms, Intermediate	Prakash Kalakoti	2.86
Application Extension Mapping in a Shared Server Hosting Enviornment Updated: 11 Jul 2005   Protect any file type in a certain folder with login. .NET 1.1, VS.NET2003, C#, ASP.NET, XML, Windows, IIS, Dev, Intermediate	FredParcells	2.83
Roles-Based Authentication Updated: 22 May 2003   Implement a Roles-Based Authentication using ASP.NET Forms Authentication .NET 1.0, Win2K, WinXP, VS.NET2002, C#, ASP.NET, Dev, Beginner	Zek3vil	2.80
Rule Based Security using Microsoft Enterprise Library and CAS Updated: 7 Nov 2008   In this article I’ll explain a solution to secure web applications using custom membership and role providers with the Enterprise Library Security Application Block and code access security. C#, ASP.NET, Dev, Intermediate	Ahmed Shokr	2.80
Extending ASP.NET 2.0 security Updated: 23 May 2006   The current implementation of ASP.NET 2.0's security is great and I have fallen in love with it, but it's still too limited. I will show you how to extend ASP.NET 2.0's security using a custom HTTP Handler and your existing Web.sitemap. .NET 2.0, VS2005, C#, ASP.NET, XML, Windows, Dev, WebForms, Intermediate	Joel Thoms	2.77
Enhanced and Secure Connection Strings in Web.Config Updated: 25 Jan 2003   Here we would discuss some simple steps, which would facilitate keeping our database connection strings safe and encrypted in Web.Config. .NET 1.0, Win2K, WinXP, C#, VB, ASP.NET, Visual Studio, Dev, Intermediate	Vasudevan Deepak Kumar	2.51
Encrypt sensitive information in web.config file Updated: 14 Apr 2007   Encrypt sensitive information in web.config file ASP.NET, XML, Windows, .NET, Visual Studio, Dev, WebForms, Intermediate	pgindia	2.50
How to make your app secure Updated: 27 Jan 2005   If you are into development or quality assurance of enterprise solutions, you must be aware of the security aspect of your application. This article provides a checklist for the same... SQL 2000, C#, ASP.NET, SQL, Windows, .NET, Visual Studio, Architect, DBA, Dev, QA, Intermediate	Salil Khedkar	2.35
BaseWeb ISAPI Security Module Updated: 22 Mar 2005   This article details a way to perform web security much like ASP 2.0 does it, using an ISAPI Filter. IIS 6, VS.NET2002, VS.NET2003, C#, ASP.NET, Windows, .NET, Dev, Intermediate	Christopher G. Lasater	2.25
Rationalizing access checks with HMAC:ed URLs Updated: 16 Oct 2004   An article on rationalizing away some access cheks for protected ASP.NET resources, while maintaining client side cacheability. VC7, VC7.1, VC8.0, .NET 1.0, .NET 1.1, .NET 2.0, C#, ASP.NET, Windows, Visual Studio, Architect, Dev, Intermediate	Hugo Hallman	2.00
Simple Captcha with ASP.NET Updated: 5 Aug 2005   Simple text to image generator to block spammers inserting data to your database, with ASP.NET. C#, ASP.NET, Windows, .NET, Visual Studio, Dev, Intermediate	Oguz Altuncu	1.96
Sending Authenticated e-mail in ASP.NET 2.0 Updated: 6 Feb 2006   How to send authenticated e-mail from ASP.NET (login/password) ASP.NET, Windows, .NET, Visual Studio, Dev, WebForms, Beginner	Catalin Radoi	1.69