In developing ASP.NET applications, we make heavy use of Web.Config to store and retrieve database connection strings. But we need to be aware of the fact that Web.Config is a simple XML text file and its contents are readable by any user having access to the the webserver’s file system. Albeit the fact that accesses like [...]
This article demonstrates how to use Form Authentication in ASP.NET. I have written a set of classes and a small web application that uses these classes as an example. The small application features 4 forms (pages) that allow you to do the following functions: Add new user, assign roles to [...]
For a real-world Enterprise application, security plays an important role. Forms-based authentication is a popular technique used by many Web sites. With ASP.NET, writing forms authentication is like a breeze. Forms Authentication provider in ASP.NET exposes cookies-based authentication services to [...]
This article attempts to work out an example of the impersonation namespace in .NET, to logon a user through a webpage, with his Windows logon credentials. The traditional way of logging in users using their Windows authentication is by enabling the Basic Authentication property of the web application in IIS.
But, using the [...]
The article explains how an HTTP module can be used to combat leech requests to resources on your domain through GET or POST HTTP request methods. The code snippet provided defines a class that implements the IHttpModule interface. An instance of this class will hook into the ASP.NET runtime and intercept the BeginRequest event of the HttpApplication [...]