19 May 2008
Ralph in Boise
Edit web.config to Update the Data Provider for Shared Hosting with Role-Based Security: SQL Server, ODBC, Active Directory, ADAM, SQLite, MySQL, Access, XML
25 Nov 2003
Harish Palaniappan
A classic example of implementing reusable web user control, with supporting controls and classes to keep the code manageable.
This article addresses some missing functionality in ASP.NET 2.0's CookieParameter type, including getting a multi-valued cookie Key value and providing some HttpCookieEncryption support.
This describes some of the potential security concerns caused by common programming techniques and how to get around them.
Protect any file type in a certain folder with login.
How to customize forms authentication to protect specific directories or pages.
This base controller will secure all your actions except those which will be marked as UnsecuredAction.
20 Dec 2011
santosh poojari
This article helps you to build and enable robust web applications with respect to various aspects of security that needs to be taken care of while designing a system.
A simple forms authentication strategy in ASP.NET with example web site
This post talks about the authentication procedure that can be done in IIS.
26 Jul 2008
Samer Abu Rabie
This article talks about the authorization security model in Web applications using .NET attributes.
22 Mar 2005
Christopher G. Lasater
This article details a way to perform web security much like ASP 2.0 does it, using an ISAPI Filter.
23 Feb 2009
Mohammad Dayyan
This article demonstrates how we can create a CAPTCHA image with PHP
29 Jul 2008
Jahedur Rahman Chowdhury
How to use thr captcha plugin in CodeIgniter.
This article discusses the basics of Claim based Authentication. This is the first part of the Series.
This part mainly discusses WIF and demonstrates a sample step by step
This article discusses some problems with the earlier approach and discusses Identity federation
2 Jun 2009
sagnik mukherjee
Client side text hashing using JQuery
They say it is not possible to use cookieless forms authentication in .NET. Well it is, and relatively easy to accomplish!
Introduces a methodology for authenticating user in cross domain/platform and transferring user data from one site to another during the authentication process.
An article on writing Custom Authentication provider in ASP.NET
3 Jan 2013
Michael Ulmann
Custom membership provider implementation for the ADO.NET Entity Framework.
This article explains a simple way of implementing digest protocol in C#. A sample application is provided which shows step by step digest calculation.
A practical object-level security approach.
8 May 2014
Peter Carrasco
Identity Management using the ASP.NET Identity database embedded in your ASP.NET MVC application
18 May 2006
Syed Moshiur Murshed
Encrypt and Decrypt important data with C# and play
14 Jan 2003
Syed Adnan Ahmed
How to encrypt the database password field, registry information and query string.
Encrypt sensitive information in web.config file
In this article, we talk about the lack of Cookie security built-into the ASP.NET framework, and a decent workaround to provide integrated tamper proof security for cookie data.
26 Jan 2003
Vasudevan Deepak Kumar
Here we would discuss some simple steps, which would facilitate keeping our database connection strings safe and encrypted in Web.Config.
The current implementation of ASP.NET 2.0's security is great and I have fallen in love with it, but it's still too limited. I will show you how to extend ASP.NET 2.0's security using a custom HTTP Handler and your existing Web.sitemap.
Combines Forms Authentication with Windows or Custom Authenticator.
21 Apr 2006
Ahmed jamil Kattan
This article will explain how to secure websites using the ASP.NET Forms Authentication.
3 Dec 2009
Al-Farooque Shubho
This article describes a correct and smarter way of implementing Role based authorization with Forms authentication in ASP.NET.
13 Sep 2011
Diptee Warudkar Dalal
This article explains the core concepts of Spring Security Namespace Configuration and explains the set up required for a simple form based authentication in a web application.
12 Feb 2009
Mohammad Dayyan
Shows you how using PHP Fusion 7 CAPTCHA class
12 Feb 2009
Mohammad Dayyan
Using PHPBB3 CAPTCHA
27 Jan 2005
Salil Khedkar
If you are into development or quality assurance of enterprise solutions, you must be aware of the security aspect of your application. This article provides a checklist for the same...
Discussing how to encode and tamper-proof text and cookies using the MachineKey, by using reflection.
23 Dec 2011
Jovan Popovic
This article discusses various aspects of ASP.NET MVC security and shows some tips to implement these elements in your applications.
20 Mar 2008
David P Henry, Graham Murray
A solution for securing access to a ClickOnce application using ASP.NET Forms authentication.
12 May 2014
Peter Carrasco
Move your local MVC application to the big league with Active Directory, DNS, and IIS on Windows Server 2012
The Pass-Through authentication enables a user to sign-on to their intranet and access other web applications without being asked for login again.
7 Jul 2005
Prakash Kalakoti
Using a simple example, I'll explain how to prevent a program that can register thousands of dummy users to your database and play with your database and application performance.
A simple way to prevent automated / dictionary login attacks without the use of CAPTCHA (Completely Automated Public Turing Test to Tell Computers and Humans Apart) images.
14 Jul 2008
Marius Mihailescu
Security is a very important topic and a very complicated one in ASP.NET.
9 May 2011
Stuart Blackler
A quick walkthrough showing how to protect files and folders using HttpHandlers, in VB.NET and C#.
How to protect secure assets using a .NET Reverse Proxy, an ISAPI redirection filter and .NET Forms Authentication
7 May 2008
Michael Ulmann
Clear text query strings are a potential security threat for your web application. Thus, query strings should always be encrypted.
An article on rationalizing away some access cheks for protected ASP.NET resources, while maintaining client side cacheability.
19 Oct 2009
CalvinHartwell
A short guide on how to remove SQL Injection, with reusable code
A technique to use the IIS Basic Authentication mechanism to control access to trace.axd.
26 Jul 2009
Heath Stewart
Provides insight and tips on using role-based (groups) Forms Authentication in ASP.NET, which has only partial support for roles.
Implement a Roles-Based Authentication using ASP.NET Forms Authentication
In this article I’ll explain a solution to secure web applications using custom membership and role providers with the Enterprise Library Security Application Block and code access security.
19 Mar 2006
Mohammed Faraz (Captain)
Secure file download using Basic Authentication. The interesting part is that we maintain two separate entry points for uploading and downloading a file.
An ASP.NET system for having two authentication cookies, one secure and one insecure, to have multiple tiers of security by folder.
Describes the proper way to configure a server to securely run the ASP.NET worker process runs as the system account.
This article takes a look at two recent attacks on web applications and how they were perpetrated. Then it dives head first into a litany of different potential security holes and more importantly, how to plug them in ASP.Net.
How to hide image URLs on a website to avoid illegal access, using a custom HttpHandler and encryption.
22 Oct 2002
James Coleman
Allows Forms-based authentication to work on non-parsed files such as images.
13 Oct 2006
Richard Lewis
Educate yourself on security best practices for temporary file usage in software applications.
How to send authenticated e-mail from ASP.NET (login/password)
This article describes a server-side fix for the recently discovered vulnerability in the PDF reader plugin by Adobe.
Simple text to image generator to block spammers inserting data to your database, with ASP.NET.
23 May 2004
Vincent Brossier
Learn how easy it is to create HTTP Reverse Proxy in .NET using IIS.
Protect sensitive data from nasty web bots using server / client obfuscation methods.
1 Apr 2004
Michal Altair Valášek
By default, Forms authentication does not support single sing-on accross multiple applications. But is not too complicated to tweak it the appropriate way.
18 Jul 2005
Amit Kukreti (Vervelogic)
An article on SQL injection attacks.
21 Apr 2011
All Time Programming
Verifying the Server Certificate on the client side using a CA file
An article on automatically switching between HTTP and HTTPS protocols without hard-coding absolute URLs
How to automatically enforce and switch between secure (HTTPS/SSL) and non-secure (HTTP/non-SSL) web pages without hard-coding absolute URLs, using SEO friendly redirects.
12 Jun 2014
Michael N. Haephrati
How Target Eye's screen capturing mechanism works
19 Nov 2013
Azeet Chebrolu
Installing, extending Identity Server and implementing session token caching
3 May 2007
Bryan_Sullivan
In part one of this two part article, you will learn about five of the top ten “worst offenders” of misconfigurations of application security that can cause overall problems for ASP.NET Web-based applications. Learn more about how to secure the Web.config files of an ASP.NET application.
22 May 2007
Bryan_Sullivan
In this second part of a two-part series, you will learn about application security issues related to authentication and authorization, as well as five vulnerabilities commonly found in ASP.NET web-based applications.
1 Mar 2004
Matthew Hazlett
How to make your server settings safer
An article to demonstrate how HTTP Module-based filtering can prevent leeching.
25 Oct 2007
Svante Seleborg
The Decorator pattern meets Reflection in a workaround to enable SSL for ASP.NET health monitoring e-mail event providers.
12 Dec 2011
DestinyCoder007
Virtual keyboard - can be used for secure keying of passwords.
27 Jan 2006
Cohen Shwartz Oren
How to configure IIS in order to enable the use of Named Kernel Objects in Web Services.
This article contains a security check script and describes how to secure Windows and Linux webservers against hackers.
19 Jun 2013
Rahul Rajat Singh
In this article we will discuss about securing the user passwords by using hashing and salting on the user passwords.
Vulnerability analysis tools and penetration testing are important parts of securing your web applications. Learn more about how the web application security industry has evolved and how to ensure the security of your applications.
The purpose of this case study is to explain how to implement application security for ASP.NET web applications using ‘Integrated Windows Authentication’.
How to build a SaaS application using the ASP.NET SqlMembership Provider.
7 May 2013
Dmitry Tretyakov
Step by Step tutorial describes how to create custom Security Token Service.
9 Jul 2013
Sarvesh Kushwaha
This article describes what XSS is and how to prevent XSS attacks.
HTML and JavaScript code injection techniques.
Setting IIS security type and user, accounts permissions using installer class and custom action
How to add extra security to your MVC web application, using two factor authentication.
18 Jul 2012
Yves Vaillancourt
How to apply security and redirection to a view when a user cannot access a controller or a controller action in MVC
Shows how to use OpenID with ASP.NET MVC Forms Authentication.
Securing Spike Engine HTTP & Websockets with TLS/SSL layer.
17 Jun 2013
Rik van den Berg
From scratch
An article on SQL Injection and Cross-Site Scripting with sample code in C#.
This article explains SQL injection attacks, mitigation strategies, and factors to consider while testing.
2 Apr 2012
deepakaitr12345
SRE protects applications from Cross-Site Scripting (XSS) attacks by leveraging the Anti-XSS library to encode data.
This article will focus on Stuxnet’s windows infection methods and spreading methods. The tricks were used by stuxnet and the evidences behind the criminals of stuxnet.
How to write a reliable shellcode on win32, how to bypass the obstacles that you will face in writing a win32 shellcode and how to implement your shellcode into Metasploit
5 Jan 2013
Vyacheslav Voronenko
Compact One Time Password Generator (RFC6238) written in javascript
7 Mar 2012
Rahul Rajat Singh
How ASP.NET lets us create sites with an authentication and authorization mechanism in place and how we can use ASP.NET server controls to quickly and efficiently implement this.
Submit an article or tip