
	Home > Ask the Software Quality Experts > Application Security Questions & Answers > ASP.NET Forms Authentication in version 2.0

Ask The Software Quality Expert: Questions & Answers

EMAIL THIS

ASP.NET Forms Authentication in version 2.0

EXPERT RESPONSE FROM: Dan Cornell

		Pose a Question

		Other Software Quality Categories

		Meet all Software Quality Experts
		Become an Expert for this site

Digg This!

StumbleUpon

Del.icio.us

QUESTION POSED ON: 07 March 2006
How has Forms Authentication changed from ASP.NET 1.1 to ASP.NET 2.0?

ASP.NET application security has benefited from features in Forms Authentication for version 2.0. In short, ready-made UI components and data management implementations have made it a lot simpler to add mature authentication and authorization capabilities to your Web applications.

ASP.NET 2.0 adds a number of components with ready-made implementations of functionality that had to be built by hand in the ASP.NET 1.1 version. Examples of these include login forms, user creation wizards and password recovery logic. By providing these capabilities out of the box, it is faster to get secure Web applications up and running, and the use of the security-tested ASP.NET framework controls is typically going to be preferable over hand-coding new implementations for each new application.

ASP.NET application security resources

Forms Authentication -- Chapter 5, Professional ASP.NET 2.0 Security, Membership and Role Management

Login and user management controls in ASP.NET

Migrating users and passwords to ASP.NET 2.0

Previously, applications using Forms Authentication had to create and maintain their own data store for users and their roles. These were typically stored in a couple of tables in a database such as Microsoft SQL Server. In ASP.NET 2.0, implementations are provided to handle these ubiquitous tasks for both Microsoft Access as well as Microsoft SQL Server. The specifics of accessing these data stores are hidden behind interfaces employing the Provider design pattern, so while most applications will be satisfied with the SQL or Access versions, it is straightforward to create new implementations if the user and role data are stored in another data store such as an LDAP directory or XML files.

By using these new controls and ready-made data storage implementations, it is a lot faster to get Forms Authentication-based applications up and running. This is a benefit to both developer productivity as well as application security.

Digg This!

StumbleUpon

Del.icio.us

RELATED CONTENT

	Application Security
	Expert resolves issues plaguing OpenSTA users
	What is fuzz testing? What are some ways to use fuzz testing?
	How do I convince management to take application security seriously?
	How do I set up a secure login page using membership in ASP.NET?
	Security testing sales, marketing websites
	Are there application security certification standards?
	Top tools for testing Web application security
	How to prevent HTTP response splitting
	PCI DSS compliance: WAF, code review or both?
	Application security careers have bright future

Building security into the SDLC (Software development life cycle)

Problems caused by skipping analysis stage of SDLC

Inexpensive phase of SDLC to catch and fix bugs

GatherSpace beefs up cloud-based requirements management

ALM: Best of breed vs. complete systems

Software development life cycle phases, iterations, explained step by step

The role of quality assurance (QA) pros in software security

Common software security risks and oversights

Why the quality assurance department should be involved in testing

How to develop secure applications

Secure software development practices 'not rocket science'

RELATED RESOURCES

2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems

Search Bitpipe.com for the latest white papers and business webcasts

Whatis.com, the online computer dictionary

Search and Browse the Expert Answer Center
Search and browse more than 25,000 question and answer pairs from more than 250 TechTarget industry experts.

Browse our Expert Advice
Operating Systems IT Management Networking Database	Security Servers and Storage Applications and Development Career Center

Software Quality - Software Maintenance, Software Requirements, Software Standards

SEARCH

TechTarget provides technology professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective purchase decisions and managing their organizations' technology projects - with its network of technology-specific websites, events and online magazines.


TechTarget Corporate Web Site \| Media Kits \| Site Map All Rights Reserved, Copyright 2006 - 2009, TechTarget \| Read our Privacy Policy