
	Home > Ask the Software Quality Experts > Application Security Questions & Answers > ASP.NET Forms Authentication in version 2.0

Ask The Software Quality Expert: Questions & Answers

EMAIL THIS

ASP.NET Forms Authentication in version 2.0

EXPERT RESPONSE FROM: Dan Cornell

		Pose a Question

		Other Software Quality Categories

		Meet all Software Quality Experts
		Become an Expert for this site

Digg This!

StumbleUpon

Del.icio.us

QUESTION POSED ON: 07 March 2006
How has Forms Authentication changed from ASP.NET 1.1 to ASP.NET 2.0?

EXPERT RESPONSE
ASP.NET application security has benefited from features in Forms Authentication for version 2.0. In short, ready-made UI components and data management implementations have made it a lot simpler to add mature authentication and authorization capabilities to your Web applications.

ASP.NET 2.0 adds a number of components with ready-made implementations of functionality that had to be built by hand in the ASP.NET 1.1 version. Examples of these include login forms, user creation wizards and password recovery logic. By providing these capabilities out of the box, it is faster to get secure Web applications up and running, and the use of the security-tested ASP.NET framework controls is typically going to be preferable over hand-coding new implementations for each new application.

ASP.NET application security resources

Forms Authentication -- Chapter 5, Professional ASP.NET 2.0 Security, Membership and Role Management

Login and user management controls in ASP.NET

Migrating users and passwords to ASP.NET 2.0

Previously, applications using Forms Authentication had to create and maintain their own data store for users and their roles. These were typically stored in a couple of tables in a database such as Microsoft SQL Server. In ASP.NET 2.0, implementations are provided to handle these ubiquitous tasks for both Microsoft Access as well as Microsoft SQL Server. The specifics of accessing these data stores are hidden behind interfaces employing the Provider design pattern, so while most applications will be satisfied with the SQL or Access versions, it is straightforward to create new implementations if the user and role data are stored in another data store such as an LDAP directory or XML files.

By using these new controls and ready-made data storage implementations, it is a lot faster to get Forms Authentication-based applications up and running. This is a benefit to both developer productivity as well as application security.

Sound Off! -

Be the first to post a message to Sound Off!

Digg This!

StumbleUpon

Del.icio.us

RELATED CONTENT

	Application Security
	Application security careers have bright future
	How to prevent anti-DNS pinning attacks
	Open source application security testing tools
	Java application security features and measures
	Web application security testing basics
	Password recovery with .NET 2.O using C#
	Free load and performance testing tools
	The most effective time to do security testing
	Finding backdoor threats within applications
	SPML and SAML enhance application security in different ways

Building security into the SDLC (Software development life cycle)

Application security careers have bright future

Writing software requirements that address security issues

Software Security Engineering: A Guide for Project Managers -- Chapter 3, Requirements Engineering for Secure Software

PCI DSS compliance: Web application firewall or code review?

Application security enters uncharted regions

How to prevent XPath injection

Developers get bigger role in software quality, security

InfoSecurity 2008 Threat Analysis, Chapter 4: XSS Theory

How to prevent anti-DNS pinning attacks

Java application security features and measures

RELATED RESOURCES

2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems

Search Bitpipe.com for the latest white papers and business webcasts

Whatis.com, the online computer dictionary

Search and Browse the Expert Answer Center
Search and browse more than 25,000 question and answer pairs from more than 250 TechTarget industry experts.

Browse our Expert Advice
Operating Systems IT Management Networking Database	Security Servers and Storage Applications and Development Career Center

SEARCH

TechTarget provides enterprise IT professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective IT purchase decisions and managing their organizations' IT projects - with its network of technology-specific Web sites, events and magazines.


TechTarget Corporate Web Site \| Media Kits \| Reprints \| Site Map All Rights Reserved, Copyright 2006 - 2008, TechTarget \| Read our Privacy Policy