12 May 2014
Peter Carrasco
Move your local MVC application to the big league with Active Directory, DNS, and IIS on Windows Server 2012
8 May 2014
Peter Carrasco
Identity Management using the ASP.NET Identity database embedded in your ASP.NET MVC application
16 Dec 2013
Michael Haephrati
How Target Eye's screen capturing mechanism works
19 Nov 2013
Azeet Chebrolu
Installing, extending Identity Server and implementing session token caching
3 Jan 2013
Michael Ulmann
Custom membership provider implementation for the ADO.NET Entity Framework.
23 Dec 2011
Jovan Popovic
This article discusses various aspects of ASP.NET MVC security and shows some tips to implement these elements in your applications.
20 Dec 2011
santosh poojari
This article helps you to build and enable robust web applications with respect to various aspects of security that needs to be taken care of while designing a system.
12 Dec 2011
DestinyCoder007
Virtual keyboard - can be used for secure keying of passwords.
This article discusses some problems with the earlier approach and discusses Identity federation
This part mainly discusses WIF and demonstrates a sample step by step
This article discusses the basics of Claim based Authentication. This is the first part of the Series.
13 Sep 2011
Diptee Warudkar Dalal
This article explains the core concepts of Spring Security Namespace Configuration and explains the set up required for a simple form based authentication in a web application.
This post talks about the authentication procedure that can be done in IIS.
9 May 2011
Stuart Blackler
A quick walkthrough showing how to protect files and folders using HttpHandlers, in VB.NET and C#.
21 Apr 2011
All Time Programming
Verifying the Server Certificate on the client side using a CA file
An article on automatically switching between HTTP and HTTPS protocols without hard-coding absolute URLs
This article contains a security check script and describes how to secure Windows and Linux webservers against hackers.
This base controller will secure all your actions except those which will be marked as UnsecuredAction.
A simple forms authentication strategy in ASP.NET with example web site
How to automatically enforce and switch between secure (HTTPS/SSL) and non-secure (HTTP/non-SSL) web pages without hard-coding absolute URLs, using SEO friendly redirects.
3 Dec 2009
Al-Farooque Shubho
This article describes a correct and smarter way of implementing Role based authorization with Forms authentication in ASP.NET.
19 Oct 2009
CalvinHartwell
A short guide on how to remove SQL Injection, with reusable code
This describes some of the potential security concerns caused by common programming techniques and how to get around them.
26 Jul 2009
Heath Stewart
Provides insight and tips on using role-based (groups) Forms Authentication in ASP.NET, which has only partial support for roles.
2 Jun 2009
sagnik mukherjee
Client side text hashing using JQuery
This article takes a look at two recent attacks on web applications and how they were perpetrated. Then it dives head first into a litany of different potential security holes and more importantly, how to plug them in ASP.Net.
A practical object-level security approach.
23 Feb 2009
Mohammad Dayyan
This article demonstrates how we can create a CAPTCHA image with PHP
12 Feb 2009
Mohammad Dayyan
Shows you how using PHP Fusion 7 CAPTCHA class
12 Feb 2009
Mohammad Dayyan
Using PHPBB3 CAPTCHA
Introduces a methodology for authenticating user in cross domain/platform and transferring user data from one site to another during the authentication process.
In this article I’ll explain a solution to secure web applications using custom membership and role providers with the Enterprise Library Security Application Block and code access security.
This article explains a simple way of implementing digest protocol in C#. A sample application is provided which shows step by step digest calculation.
An ASP.NET system for having two authentication cookies, one secure and one insecure, to have multiple tiers of security by folder.
29 Jul 2008
Jahedur Rahman Chowdhury
How to use thr captcha plugin in CodeIgniter.
26 Jul 2008
Samer Abu Rabie
This article talks about the authorization security model in Web applications using .NET attributes.
14 Jul 2008
Marius Mihailescu
Security is a very important topic and a very complicated one in ASP.NET.
19 May 2008
Ralph in Boise
Edit web.config to Update the Data Provider for Shared Hosting with Role-Based Security: SQL Server, ODBC, Active Directory, ADAM, SQLite, MySQL, Access, XML
7 May 2008
Michael Ulmann
Clear text query strings are a potential security threat for your web application. Thus, query strings should always be encrypted.
20 Mar 2008
David P Henry, Graham Murray
A solution for securing access to a ClickOnce application using ASP.NET Forms authentication.
25 Oct 2007
Svante Seleborg
The Decorator pattern meets Reflection in a workaround to enable SSL for ASP.NET health monitoring e-mail event providers.
How to customize forms authentication to protect specific directories or pages.
22 May 2007
Bryan_Sullivan
In this second part of a two-part series, you will learn about application security issues related to authentication and authorization, as well as five vulnerabilities commonly found in ASP.NET web-based applications.
3 May 2007
Bryan_Sullivan
In part one of this two part article, you will learn about five of the top ten “worst offenders” of misconfigurations of application security that can cause overall problems for ASP.NET Web-based applications. Learn more about how to secure the Web.config files of an ASP.NET application.
This article describes a server-side fix for the recently discovered vulnerability in the PDF reader plugin by Adobe.
Encrypt sensitive information in web.config file
Protect sensitive data from nasty web bots using server / client obfuscation methods.
13 Oct 2006
Richard Lewis
Educate yourself on security best practices for temporary file usage in software applications.
How to protect secure assets using a .NET Reverse Proxy, an ISAPI redirection filter and .NET Forms Authentication
The current implementation of ASP.NET 2.0's security is great and I have fallen in love with it, but it's still too limited. I will show you how to extend ASP.NET 2.0's security using a custom HTTP Handler and your existing Web.sitemap.
18 May 2006
Syed Moshiur Murshed
Encrypt and Decrypt important data with C# and play
21 Apr 2006
Ahmed jamil Kattan
This article will explain how to secure websites using the ASP.NET Forms Authentication.
Discussing how to encode and tamper-proof text and cookies using the MachineKey, by using reflection.
19 Mar 2006
Mohammed Faraz (Captain)
Secure file download using Basic Authentication. The interesting part is that we maintain two separate entry points for uploading and downloading a file.
How to send authenticated e-mail from ASP.NET (login/password)
27 Jan 2006
Cohen Shwartz Oren
How to configure IIS in order to enable the use of Named Kernel Objects in Web Services.
Simple text to image generator to block spammers inserting data to your database, with ASP.NET.
18 Jul 2005
Amit Kukreti (Vervelogic)
An article on SQL injection attacks.
Protect any file type in a certain folder with login.
7 Jul 2005
Prakash Kalakoti
Using a simple example, I'll explain how to prevent a program that can register thousands of dummy users to your database and play with your database and application performance.
22 Mar 2005
Christopher G. Lasater
This article details a way to perform web security much like ASP 2.0 does it, using an ISAPI Filter.
27 Jan 2005
Salil Khedkar
If you are into development or quality assurance of enterprise solutions, you must be aware of the security aspect of your application. This article provides a checklist for the same...
A simple way to prevent automated / dictionary login attacks without the use of CAPTCHA (Completely Automated Public Turing Test to Tell Computers and Humans Apart) images.
In this article, we talk about the lack of Cookie security built-into the ASP.NET framework, and a decent workaround to provide integrated tamper proof security for cookie data.
This article addresses some missing functionality in ASP.NET 2.0's CookieParameter type, including getting a multi-valued cookie Key value and providing some HttpCookieEncryption support.
An article on rationalizing away some access cheks for protected ASP.NET resources, while maintaining client side cacheability.
A technique to use the IIS Basic Authentication mechanism to control access to trace.axd.
The Pass-Through authentication enables a user to sign-on to their intranet and access other web applications without being asked for login again.
Combines Forms Authentication with Windows or Custom Authenticator.
23 May 2004
Vincent Brossier
Learn how easy it is to create HTTP Reverse Proxy in .NET using IIS.
How to hide image URLs on a website to avoid illegal access, using a custom HttpHandler and encryption.
1 Apr 2004
Michal Altair Valášek
By default, Forms authentication does not support single sing-on accross multiple applications. But is not too complicated to tweak it the appropriate way.
1 Mar 2004
Matthew Hazlett
How to make your server settings safer
Describes the proper way to configure a server to securely run the ASP.NET worker process runs as the system account.
An article to demonstrate how HTTP Module-based filtering can prevent leeching.
25 Nov 2003
Harish Palaniappan
A classic example of implementing reusable web user control, with supporting controls and classes to keep the code manageable.
An article on writing Custom Authentication provider in ASP.NET
Implement a Roles-Based Authentication using ASP.NET Forms Authentication
26 Jan 2003
Vasudevan Deepak Kumar
Here we would discuss some simple steps, which would facilitate keeping our database connection strings safe and encrypted in Web.Config.
14 Jan 2003
Syed Adnan Ahmed
How to encrypt the database password field, registry information and query string.
22 Oct 2002
James Coleman
Allows Forms-based authentication to work on non-parsed files such as images.
They say it is not possible to use cookieless forms authentication in .NET. Well it is, and relatively easy to accomplish!
How to add extra security to your MVC web application, using two factor authentication.
9 Jul 2013
Sarvesh Kushwaha
This article describes what XSS is and how to prevent XSS attacks.
19 Jun 2013
Rahul Rajat Singh
In this article we will discuss about securing the user passwords by using hashing and salting on the user passwords.
17 Jun 2013
Rik van den Berg
From scratch
7 May 2013
Dmitry Tretyakov
Step by Step tutorial describes how to create custom Security Token Service.
How to build a SaaS application using the ASP.NET SqlMembership Provider.
5 Jan 2013
Vyacheslav Voronenko
Compact One Time Password Generator (RFC6238) written in javascript
Setting IIS security type and user, accounts permissions using installer class and custom action
18 Jul 2012
Yves Vaillancourt
How to apply security and redirection to a view when a user cannot access a controller or a controller action in MVC
2 Apr 2012
deepakaitr12345
SRE protects applications from Cross-Site Scripting (XSS) attacks by leveraging the Anti-XSS library to encode data.
7 Mar 2012
Rahul Rajat Singh
How ASP.NET lets us create sites with an authentication and authorization mechanism in place and how we can use ASP.NET server controls to quickly and efficiently implement this.
How to write a reliable shellcode on win32, how to bypass the obstacles that you will face in writing a win32 shellcode and how to implement your shellcode into Metasploit
This article will focus on Stuxnet’s windows infection methods and spreading methods. The tricks were used by stuxnet and the evidences behind the criminals of stuxnet.
This article explains SQL injection attacks, mitigation strategies, and factors to consider while testing.
An article on SQL Injection and Cross-Site Scripting with sample code in C#.
Shows how to use OpenID with ASP.NET MVC Forms Authentication.
HTML and JavaScript code injection techniques.
Vulnerability analysis tools and penetration testing are important parts of securing your web applications. Learn more about how the web application security industry has evolved and how to ensure the security of your applications.
The purpose of this case study is to explain how to implement application security for ASP.NET web applications using ‘Integrated Windows Authentication’.
Submit an article or tip
Post your Blog
CodeProject.TV