Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
This page links to help on important information about securing your Web site. To view other categories of popular tasks covered in Help, see How Do I in Visual Web Developer.
Walkthroughs
- Walkthrough: Creating a Web Site with Membership and User Login 
 Provides a tutorial on adding Web site security using ASP.NET features to add a login page, authentication, and authorization.
- Walkthrough: Managing Web Site Users with Roles 
 Provides a tutorial on assigning users to roles and securing resources based on roles.
- Walkthrough: Encrypting Configuration Information Using Protected Configuration 
 Provides a tutorial on encrypting a portion of the Web.config file to protect sensitive information.
Security Guidelines
- Securing Membership 
 Provides guidelines for improving the security of ASP.NET membership to create and manage users.
- Securing Standard Controls 
 Provides guidelines for improving the security of form controls such as the AdRotator, TextBox, and ListBox controls.
- Securing Roles 
 Provides guidelines for improving the security of using ASP.NET roles to manage authorization.
- Securing ASP.NET Site Navigation 
 Provides guidelines for improving the security of site maps and navigation controls.
- Securing Browser Definition Files 
 Provides guidelines for improving the security of the .browser files in which information about capabilities of individual browsers is stored.
- Securing Data Access 
 Provides guidelines for improving the security of data access in ASP.NET Web applications.
- Securing Login Controls 
 Provides guidelines for improving the security of any Login, CreateUserWizard, PasswordRecovery, and other login controls in your Web site.
- Securing Profile Properties 
 Provides guidelines for improving the security of using ASP.NET profiles to create and manage user-specific information.
- Securing Web Parts Pages 
 Provides guidelines for improving the security of ASP.NET Web pages that users can customize in their browser.
- Securing Session State 
 Provides guidelines for improving the security of storing user-specific information in server memory.
- Securing ASP.NET Configuration 
 Provides guidelines for improving the security of .NET Framework configuration files.
General Security Practices
- Basic Security Practices for Web Applications 
 Provides general information on security issues and security practices that apply to all Web sites.
- Storing Sensitive Information Using ASP.NET 
 Provides guidelines for helping keep passwords and other sensitive information secure.
- How to: Protect Against Script Exploits in a Web Application by Applying HTML Encoding to Strings 
 Provides steps for preventing malicious users from forcing unwanted code to run in your Web application.
- How to: Display Safe Error Messages 
 Provides steps for configuring your Web application for proper error handling and for displaying error messages that do not disclose sensitive information.
- Configuring ASP.NET Process Identity 
 Provides information about configuring your Web application to run as a specific Windows user identity.
- How to: Build and Run the Protected Configuration Provider Example 
 Provides steps for creating a custom encryption component for encrypting configuration elements.
Identifying Users
- How to: Create an ASP.NET Login Page 
 Provides steps for creating an ASP.NET Web page that uses the Login control to authenticate users through ASP.NET membership.
- How to: Add a LoginStatus Button to an ASP.NET Web Page 
 Provides steps for adding a link to pages that helps users log in and out of your Web application.
- How to: Use Advanced Features of the ASP.NET Login Control 
 Provides steps for changing the default appearance of the Login control.
- How to: Use Advanced Features of the ASP.NET Login Control 
 Provides steps for customizing the behavior of the Login control.
- How to: Enable User Registration 
 Provides steps for enabling users to register on your Web site using the CreateUserWizard control and ASP.NET membership.
- How to: Display the Name of the Current User 
 Provides steps for using the LoginName control to display the user's logged-in name (or a login link).
- How to: Display Different Information to Anonymous and Logged In Users 
 Provides steps for using the LoginView control to create one display for logged-in users and a different one for users who are not yet logged in.
- How to: Enable User Password Recovery Using the ASP.NET PasswordRecovery Control 
 Provides steps for using the PasswordRecovery control to enable users to have a new or recovered password e-mailed to them.
- How to: Customize the PasswordRecovery Control 
 Provides steps for changing the default appearance of the PasswordRecovery control.
- How to: Implement Simple Forms Authentication 
 Provides steps for creating a custom authentication system where you create your own login page and authentication logic.
- How to: Sample Membership Provider Implementation 
 Provides steps for creating a custom provider to create and manage membership information.
- How to: Sample Role-Provider Implementation 
 Provides steps for creating a custom provider to create and manage role information.
Data Security
- Securing Data Access 
 Provides guidelines for improving the security of data access in ASP.NET Web applications.
- How To: Secure Connection Strings when Using Data Source Controls 
 Provides steps for encrypting connection strings for database access.
- How to: Access SQL Server as a Local User 
 Provides steps for configuring your application to log into Microsoft SQL Server on the same computer as the Web server.
- How to: Access SQL Server Using a Mapped Windows Domain User 
 Provides steps for configuring your application to log into SQL Server using a specific Windows user account.
- How to: Access SQL Server Using Predetermined Credentials 
 Provides steps for configuring your application to log into SQL Server using a user name and password that you build into your application.
- How to: Access SQL Server Using Windows Integrated Security 
 Provides steps for configuring your application to log into SQL Server with the user's current Windows user account information.