ASP.NET MVC 2 in Action

Chapter 11. Security

This chapter covers

Requiring authentication and authorization
Preventing cross-site scripting attacks
Mitigating cross-site request forgeries
Avoiding JSON hijacking

Security is often a vague and amorphous topic in web application development. We rely on the web server to keep our application secure, and we rely on our programming platform. The rest sometimes seems theoretical and rare. In this chapter, we’ll describe possible attacks and exactly what to do to prevent them by using two main approaches.

The first is traditional management of authentication and authorization. Authentication is ensuring that the user has supplied the proper credentials to access the system. When a user logs in, usually by providing a ...

Get ASP.NET MVC 2 in Action now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

ASP.NET MVC 2 in Action by Matthew Hinze, Eric Hexter, James Bogard, Jeffrey Palermo, Ben Scheirman

Chapter 11. Security

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly