Chapter 8. Security
This chapter covers
In the previous chapters, we covered Ajax and client validation. In this chapter, we’ll continue discussing client concerns as we harden our applications from malicious input. Security is a major issue for online services. We frequently see news reports of high-profile security breaches where hackers have been able to steal personal information or where sensitive data has been accidentally exposed online. The sad reality is that many of these incidents could have been easily prevented. As developers, we need to design our applications with security in mind to prevent these sorts of issues.
Although security is a large enough topic for a book in its own right, in this chapter we’ll explore some of the features that ASP.NET MVC provides in order to lock down our applications. We’ll take a look at how ASP.NET MVC provides simple mechanisms for implementing authentication and authorization as well as looking at several common attack vectors and how they can be mitigated, including cross-site scripting (XSS), cross-site request forgery (XSRF), and a special type of XSRF called JSON hijacking.