Chapter 15. Security in Your ASP.NET 3.5 Web Site
Until now you have created pages in your web site that are accessible to all visitors to your site. You don't have a way to block certain resources like ASPX files or even whole folders for specific users. That means, for example, that currently anyone can access your Management folder and start messing with the genres and reviews in the system.
Clearly, this is not something you'd want in a production web site. So, you need to think of a good security strategy to stop unwanted users from accessing specific content. You also need to look at a mechanism that allows users to sign up for a new account and at the same time allows you to designate certain users as managers of your web site and grant them special access rights.
ASP.NET 3.5 ships with all the tools you need to create a solid and safe security mechanism. In this chapter you learn how to make use of these tools in your ASP.NET web site.
In particular, this chapter examines:
Important terminology you'll encounter when dealing with security
The ASP.NET application services that enable security
How you can let users sign up for an account for your site using built-in server controls
How users can independently reset their passwords or request new ones
How you can manage the users and roles in your database at development time
How you can present different content to different users based on their access rights in the system
Before you start looking at how security is implemented ...
Get Beginning ASP.NET 3.5: In C# and VB now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
