Scott on Writing

Musings on technical writing...

My First Three Website Security Tutorials Now Live

Over the past few months I've been writing a series of ASP.NET security tutorials for the www.asp.net site, much like my Working with Data tutorial series. This tutorial series focuses specifically on forms authentication, authorization, Membership, and Roles (using the SQL Server providers).

Today, the first three tutorials have been published:

  • Security Basics and ASP.NET Support [VB | C#] - discusses important security concepts and what facilities are available in ASP.NET to assist in implementing forms authentication, authorization, user accounts, and roles.
  • An Overview of Forms Authentication [VB | C#] - provides an in-depth look at the forms authentication workflow.
  • Forms Authentication Configuration and Advanced Topics [VB | C#] - examines the various forms authentication settings and see how to modify them through the element.

There will be a total of 14 tutorials. The next batch will focus on the ins and outs of the Membership framework and the SqlMembershipProvider.

Like with the Working with Data tutorials, all tutorials are available in C# and VB versions, include a complete, working source code download, and are available to download as PDF.

Enjoy!

posted on Tuesday, February 05, 2008 12:43 PM

Feedback

# re: My First Three Website Security Tutorials Now Live 2/9/2008 7:14 AM Suhair Gassan E

Scott, these tutorials help greatly. Your data tutorials were like informations packaged in time capsule. I learned "Real" data access through that tutorials. I am sure these ones too will be like that. All the best.

# re: My First Three Website Security Tutorials Now Live 2/11/2008 8:23 AM Bob Langdon

I second the previous comments, Scott, this is gonna be in invaluable series of tutorials for me. At least, I've found practical examples with explanations I can follow (even the basic theory stuff!), you're a star, thanks a lot for taking the time to produce these, Scott!

# re: My First Three Website Security Tutorials Now Live 2/11/2008 12:54 PM Arnold Smith

This looks very interesting

# re: My First Three Website Security Tutorials Now Live 2/12/2008 5:50 AM Salim Fayad

Hi Scott,

The three tutorials were good, especially the third one.

I would like to share with you a solution that I have implemented so that you can give me your feedback if it is good or not.

I had in my project a requirement that let's the administrator of my application creates as many roles as he wants and to specify the sections and whether this role has a ReadOnly access or FullAccess.

I used the SqlRoleProvider. What I did is the following:
1. All the functionalities were implemented in user controls
2. All my user controls were inherted from a BaseUserControl
3. I was checking on each user control if the user has access or not. If he didn't have access, then this user control will be not visible for him
4. If the user has access, I was checking if the user has ReadOnly access, then I was looping through the entire controls and setting them to readonly.

If you want to contact me through my email, it is salimfayad@hotmail.com

Thanks in advance.

# re: My First Three Website Security Tutorials Now Live 2/18/2008 12:55 PM Scott Mitchell

Salim, this approach would be fine. I would also encourage you to programmatically check the logged on user's role on postback before performing any action, just in case a user is able to circumvent the UI-related security you have in place (be it by accident or intent).

Thanks

# re: My First Three Website Security Tutorials Now Live 2/19/2008 9:05 AM Dmitry Lyalin

This is a very excellent topic to explore in detail. Forms Authentication and the various ASP.NET security systems seem simple at first but do have a lot of depth to them. Keep the tutorials coming!

# The Five Next Security Tutorials are Now Available Online 2/28/2008 2:06 PM Scott on Writing

# Five New Security Tutorials Now Available 2/28/2008 2:37 PM Community Blogs

As I blogged about earlier , I've been working on some tutorials for the www.asp.net site on the

# Five New Security Tutorials Now Available 2/28/2008 2:40 PM BusinessRx Reading List

As I blogged about earlier , I've been working on some tutorials for the www.asp.net site on the topics

# Three New Security Tutorials Now Available 3/25/2008 7:49 PM Scott on Writing

# Three New Security Tutorials Now Available 3/25/2008 7:58 PM BusinessRx Reading List

I've been working on some tutorials for the www.asp.net site on the topics of forms authentication, authorization,

# Three New Security Tutorials Now Available 3/25/2008 8:39 PM ASPInsiders

I've been working on some tutorials for the www.asp.net site on the topics of forms authentication, authorization,

# Final Three Security Tutorials Published 4/2/2008 10:55 PM Scott on Writing

# Final Three Security Tutorials Published 4/2/2008 11:04 PM BusinessRx Reading List

As noted in previous blog entries, I've been working on some tutorials for the www.asp.net site on the

# Final Three Security Tutorials Published 4/2/2008 11:12 PM Community Blogs

As noted in previous blog entries, I've been working on some tutorials for the www.asp.net site on

# Final Three Security Tutorials Published 4/24/2008 12:56 PM .Net World

As noted in previous blog entries, I've been working on some tutorials for the www.asp.net site on

# Three New Security Tutorials Now Available 4/24/2008 12:58 PM .Net World

I've been working on some tutorials for the www.asp.net site on the topics of forms authentication

# Five New Security Tutorials Now Available 4/24/2008 1:02 PM .Net World

As I blogged about earlier , I've been working on some tutorials for the www.asp.net site on the

Title:  
Name:  
Url:
Protected by Clearscreen.SharpHIPEnter the code you see:
Comments   

My Links

Ads Via DevMavens

Archives

Post Categories

 

I am a Microsoft MVP for ASP.NET.
I am an ASPInsider.
<February 2010>
SMTWTFS
31123456
78910111213
14151617181920
21222324252627
28123456
78910111213

Comment Stats

DayTotal% of Total
Sunday 2046.8%
Monday 42514.1%
Tuesday 51617.1%
Wednesday 55318.4%
Thursday 58019.2%
Friday 54718.2%
Saturday 1886.2%
Total 3013100.0%

Hour1Total% of Total
12:00 AM 772.6%
1:00 AM 812.7%
2:00 AM 682.3%
3:00 AM 822.7%
4:00 AM 692.3%
5:00 AM 1264.2%
6:00 AM 1183.9%
7:00 AM 1806.0%
8:00 AM 1926.4%
9:00 AM 1585.2%
10:00 AM 1876.2%
11:00 AM 1936.4%
12:00 PM 2016.7%
1:00 PM 1846.1%
2:00 PM 1695.6%
3:00 PM 1354.5%
4:00 PM 1153.8%
5:00 PM 1063.5%
6:00 PM 1013.4%
7:00 PM 1073.6%
8:00 PM 923.1%
9:00 PM 882.9%
10:00 PM 893.0%
11:00 PM 953.2%
Total 3013100.0%

Comments by Blog Entry Date/Time

Day Entry MadeAvg.Total
Sunday 4.94158
Monday 4.80384
Tuesday 4.08477
Wednesday 7.47680
Thursday 6.25675
Friday 5.02462
Saturday 4.78177
Total 5.413013

Hour1 Entry MadeAvg.Total
12:00 AM 5.2937
1:00 AM 1.002
5:00 AM 0.000
7:00 AM 3.8550
8:00 AM 3.72134
9:00 AM 6.02295
10:00 AM 5.63276
11:00 AM 4.20193
12:00 PM 6.14350
1:00 PM 3.17133
2:00 PM 5.00230
3:00 PM 7.62320
4:00 PM 4.00108
5:00 PM 6.04169
6:00 PM 4.64116
7:00 PM 8.95188
8:00 PM 8.63164
9:00 PM 5.00115
10:00 PM 6.31101
11:00 PM 4.5732
Total 5.413013

Learn More About Comment Stats
1 - All times GMT -8...


Blog Stats

Favorite Web Sites

My Books

My MSDN Articles