ASP.NET Security Review
The ASP.NET platform security is built around the concepts of authentication and authorization. As you may recall the concept of Authentication is ensuring the user is who they say they are—usually via a username/password challenge; and the concept of Authorization is determining the user’s privileges or Role(s) within the application, i.e. Guest, User, Administrator.
Security in the ASP.NET Framework is handled by the System.Security namespace which includes the methods one needs to secure ASP.NET web applications, including cryptography, management for the ASP.NET runtime, and authentication and authorization of users. The ASP.NET platform has out of the box support for Windows Authentication, Passport Authentication, and Forms Authentication.
Now that we’ve briefly reviewed concepts and options involved in creating user logins, let’s look at the code we’ll use to accomplish this using the built in support for Forms Authentication, the web standard, in the Asp.Net System.Security namespace.