As the only book to address ASP.NET 3.5, AJAX, and IIS 7 security from the developer’s point of view, this book begins with a look at the new features of IIS 7.0 and then goes on to focus on IIS 7.0 and ASP.NET 3.5 integration. You’ll walk through a detailed explanation of the request life cycle for an ASP.NET application running on IIS 7.0 under the classic mode, from the moment it enters IIS 7.0 until ASP.NET generates a corresponding response.


ASP.NET security covers concepts such as Web security, developing in partial trust, forms authentication, and securing configuration—just to name a few—all integral components to helping developers ensure reliable security. Addressing the ASP.NET developer's security view, this book offers detailed information on every major area of ASP.NET security that you'll encounter when developing Web applications. The book covers security in ASP.NET in general and includes the new additions and changes in ASP.NET 3.5.

Microsoft MVP Bilal Haidar covers the security highlights and new features of Internet Information Services (IIS) 7.0, and offers a detailed look at the request lifecycle, as well as clear explanations of AJAX authentication and authorization. You'll explore ASP.NET Session State, Membership, and Role Management so you will have a solid ability to develop secure and robust Web sites with ASP.NET 3.5 in VB or C# code.

What you will learn from this book

*

Best practices for developing secure ASP.NET Web applications, including protecting against AJAX threats
*

How to securely access ASP.NET configuration files for reading and editing purposes
*

Techniques for integrating security between ASP.NET and classic ASP
*

Various ASP.NET trust levels in both development and hosting stages
*

The security context associated with the processing of the request by the different modules of ASP.NET
*

The security features for forms authentication and session state
*

How to use Active Directory with the Membership and Role Manager features

Who this book is for

This book is for ASP.NET developers who have experience with developing ASP.NET Web applications in either VB or C#.

Wrox Professional guides are planned and written by working programmers to meet the real-world needs of programmers, developers, and IT professionals. Focused and relevant, they address the issues technology professionals face every day. They provide examples, practical solutions, and expert education in new technologies, all designed to help programmers do a better job.