ASP.NET 2.0 Internet Security Reference Implementation
The ASP.NET 2.0 Internet Security Reference Implementation is a sample application complete with code and guidance. Our purpose was to show patterns & practices security guidance in the context of an application scenario. We used Pet Shop 4 as the baseline application and tailored it for an internet facing scenario. The application uses forms authentication with users and roles stored in SQL.
Home Page/Download
- ASP.NET 2.0 Security Reference Implementation Home Page
- short URL: https://codegallery.gotdotnet.com/ASPNETv2RefImp
3 Parts
The reference implementation contains 3 parts:
- VS 2005 Solution and Code
- Reference Implemenation Document
- Scenario and Solution Document
The purpose of each part is as follows:
- VS 2005 Solution and Code - includes the Visual Studio 2005 solution, the reference implementation doc, and the scenario and solution doc.
- Reference Implemenation Document (ASP.NET 2.0 Internet Security Reference Implementation.doc) - is the reference implementation walkthrough document containing implementation details and key decisions we made along the way. Use this document as a fast entry point into the relevant decisions and code.
- Scenario and Solution Document (Scenario and Solution - Forms Auth to SQL, Roles in SQL.doc) - is the more general scenario and solution document containing key decisions that apply to all applications in this scenario.
Key Engineering Decisions Addressed
We grouped the key problems into the following buckets:
- Authentication
- Authorization
- Input and Data Validation
- Data Access
- Exception Management
- Sensitive Data
- Auditing and Logging
These are actionable, potential high risk categories. These buckets represent some of the more important security decisions you need to make that can have substantial impact on your design. Using these buckets made it easier to both review the key security decisions and to present the decisions for fast consumption.
Getting Started
- Download and install the ASP.NET 2.0 Internet Security Reference Implementation.
- Use ASP.NET 2.0 Internet Security Reference Implementation.doc to identify the code you want to explore
- Open the solution, Internet Security Reference Implementation.sln, and look into the details of the implementation
- If you're interested in testing SSL, then follow the instructions in SSL Instructions.doc.
Comments
Anonymous
July 20, 2006
This one is big.
patterns&practices released ASP.NET 2.0 Internet Security Reference Implementation...Anonymous
September 23, 2006
[来源:J.D. Meier's Blog] 微软刚推出了一个ASP.NET 2.0 Internet 安全之参考实现( ASP.NET 2.0 Internet Security ReferenceAnonymous
August 14, 2007
This is no longer available on gotdotnet.com. Where can I find it?Anonymous
August 30, 2007
This is no longer available on gotdotnet.com. Where can I find it? ASP.NET 2.0 Internet Security Reference ImplementationAnonymous
November 20, 2007
JD Meier writes in his blog : The ASP.NET 2.0 Internet Security Reference Implementation is a sampleAnonymous
November 20, 2007
JD Meier writes in his blog : The ASP.NET 2.0 Internet Security Reference Implementation is a sample