Partager via


Building Secure ASP.NET Applications: Authentication, Authorization, and Secure Communication

Retired Content

This content is outdated and is no longer being maintained. It is provided as a courtesy for individuals who are still using these technologies. This page may contain URLs that were valid when originally published, but now link to sites or pages that no longer exist.

 

patterns & practices Developer Center

.NET Web Application Security

J.D. Meier, Alex Mackman, Michael Dunner, and Srinath Vasireddy
Microsoft Corporation

Published: November 2002

Last Revised: January 2006

Applies to:

  • Microsoft® ASP.NET

See the "patterns & practices Security Guidance for Applications Index" for links to additional security resources.

See the Landing Page for the starting point and a complete overview of Building Secure ASP.NET Applications.

Summary: This section provides a visual representation of authentication, authorization, and secure communication across the tiers of a typical ASP.NET application. (3 printed pages)

The technologies that fall under the umbrella of the .NET security framework include:

  • IIS
  • ASP.NET
  • Enterprise Services
  • Web services
  • .NET Remoting
  • SQL Server™

These are illustrated in Figure 1.

Ff649291.fa2sn01(en-us,PandP.10).gif

Figure 1. The .NET Web application security framework

patterns & practices Developer Center

Retired Content

This content is outdated and is no longer being maintained. It is provided as a courtesy for individuals who are still using these technologies. This page may contain URLs that were valid when originally published, but now link to sites or pages that no longer exist.

© Microsoft Corporation. All rights reserved.