ASP.NET 2.0 Internet Security Reference Implementation

From Mynoteswiki.com

Summmary

The ASP.NET 2.0 Internet Security Reference Implementation is designed to illustrate patterns & practices best practices as they apply to a specific ASP.NET development and deployment scenario. This particular implementation, and associated guidance, is focused on an application that is internet facing, uses forms authentication connected to SQL and stores roles in SQL.

Usage Scenarios

• You can browse the solution and scenario doc to see key security design and implementation decision that apply to the internet facing, forms authentication scenario.
• You can browse the reference implementation doc to learn about key security design and implementation decisions in the context of a real sample application
• You can browse the reference implementation source code to see security best practices in a full blown sample application

What's Included

• VS 2005 Solution and Code (ASPNET v2 Internet Security Reference Imp.zip) - Contains an MSI installer that includes the Visual Studio 2005 solution for the reference implementation, the application source code, the reference implementation document and the scenario and solution document.
• Reference Implemenation Document (ASPNET v2 Internet Security Reference Imp Doc.zip)- is the reference implementation walkthrough document containing implementation details and key decisions we made along the way.
• Scenarion and Solution Document (Solution - Forms Auth to SQL, Roles in SQL Doc.zip)- is the more general secenario and solution document containing key decisions that apply to all applications in this scenario.

Key Engineering Decisions Addressed\ We grouped the key problems into the following buckets:

• Authentication
• Authorization
• Input and Data Validation
• Data Access
• Exception Management
• Sensitive Data
• Auditing and Logging

These are actionable, potential high risk categories. These buckets represent some of the more important security decisions you need to make that can have substantial impact on your design. Using these buckets made it easier to both review the key security decisions and to present the decisions for fast consumption.

Key Links

• Channel9 Wiki: http://channel9.msdn.com/wiki/default.aspx/SecurityWiki.ASPNETv2RefImp
• GotDotNet Project: http://www.gotdotnet.com/codegallery/codegallery.aspx?id=48f35de8-cd92-4ac6-9144-12d5a13f22ff

Reference Implementation Document

• Reference Implementation Document - ASP.NET 2.0 Security