Chapter 11. ASP.NET authentication and authorization

 

This chapter covers

  • Authentication and authorization in ASP.NET
  • FormsAuthentication and WindowsAuthentication
  • UrlAuthorization
  • The Membership and Roles APIs
  • Building custom providers for the Membership and Roles APIs

The previous chapter was about code security and common threats in web applications. At this point, you have a clear understanding of what security is and how to avoid problems by analyzing user input. Now it’s time to talk about two important and somewhat related topics—authentication and authorization.

11.1. Authentication and authorization basics

11.2. Handling user authentication: introducing the Membership API

11.3. Adding support to roles using the Roles API

11.4. Custom providers for the Membership and Roles APIs

11.5. Summary