Partilhar via


ASP.NET 2.0 Internet Security Reference Implementation

The ASP.NET 2.0 Internet Security Reference Implementation is a sample application complete with code and guidance.  Our purpose was to show patterns & practices security guidance in the context of an application scenario. We used Pet Shop 4 as the baseline application and tailored it for an internet facing scenario.  The application uses forms authentication with users and roles stored in SQL.

Home Page/Download

3 Parts
The reference implementation contains 3 parts:

  1. VS 2005 Solution and Code 
  2. Reference Implemenation Document
  3. Scenario and Solution Document 

The purpose of each part is as follows:

  1. VS 2005 Solution and Code - includes the Visual Studio 2005 solution, the reference implementation doc, and the scenario and solution doc.
  2. Reference Implemenation Document (ASP.NET 2.0 Internet Security Reference Implementation.doc) - is the reference implementation walkthrough document containing implementation details and key decisions we made along the way.  Use this document as a fast entry point into the relevant decisions and code.
  3. Scenario and Solution Document (Scenario and Solution - Forms Auth to SQL, Roles in SQL.doc) - is the more general scenario and solution document containing key decisions that apply to all applications in this scenario.

Key Engineering Decisions Addressed
We grouped the key problems into the following buckets:

  • Authentication
  • Authorization
  • Input and Data Validation
  • Data Access
  • Exception Management
  • Sensitive Data
  • Auditing and Logging

These are actionable, potential high risk categories.  These buckets represent some of the more important security decisions you need to make that can have substantial impact on your design.  Using these buckets made it easier to both review the key security decisions and to present the decisions for fast consumption.

Getting Started

  1. Download and install the ASP.NET 2.0 Internet Security Reference Implementation.
  2. Use ASP.NET 2.0 Internet Security Reference Implementation.doc to identify the code you want to explore
  3. Open the solution, Internet Security Reference Implementation.sln, and look into the details of the implementation
  4. If you're interested in testing SSL, then follow the instructions in  SSL Instructions.doc.

Comments

  • Anonymous
    July 20, 2006
    This one is big.
    patterns&practices released ASP.NET 2.0 Internet Security Reference Implementation...

  • Anonymous
    September 23, 2006
    [来源:J.D. Meier's Blog] 微软刚推出了一个ASP.NET 2.0 Internet 安全之参考实现( ASP.NET 2.0 Internet Security Reference

  • Anonymous
    August 14, 2007
    This is no longer available on gotdotnet.com. Where can I find it?

  • Anonymous
    August 30, 2007
    This is no longer available on gotdotnet.com. Where can I find it? ASP.NET 2.0 Internet Security Reference Implementation

  • Anonymous
    November 20, 2007
    JD Meier writes in his blog : The ASP.NET 2.0 Internet Security Reference Implementation is a sample

  • Anonymous
    November 20, 2007
    JD Meier writes in his blog : The ASP.NET 2.0 Internet Security Reference Implementation is a sample