ASP.NET 2.0 Internet Security Reference Implementation

The ASP.NET 2.0 Internet Security Reference Implementation is a sample application complete with code and guidance.  Our purpose was to show patterns & practices security guidance in the context of an application scenario. We used Pet Shop 4 as the baseline application and tailored it for an internet facing scenario.  The application uses forms authentication with users and roles stored in SQL.

Home Page/Download

3 Parts
The reference implementation contains 3 parts:

  1. VS 2005 Solution and Code 
  2. Reference Implemenation Document
  3. Scenario and Solution Document 

The purpose of each part is as follows:

  1. VS 2005 Solution and Code - includes the Visual Studio 2005 solution, the reference implementation doc, and the scenario and solution doc.
  2. Reference Implemenation Document (ASP.NET 2.0 Internet Security Reference Implementation.doc) - is the reference implementation walkthrough document containing implementation details and key decisions we made along the way.  Use this document as a fast entry point into the relevant decisions and code.
  3. Scenario and Solution Document (Scenario and Solution - Forms Auth to SQL, Roles in SQL.doc) - is the more general scenario and solution document containing key decisions that apply to all applications in this scenario.

Key Engineering Decisions Addressed
We grouped the key problems into the following buckets:

  • Authentication
  • Authorization
  • Input and Data Validation
  • Data Access
  • Exception Management
  • Sensitive Data
  • Auditing and Logging

These are actionable, potential high risk categories.  These buckets represent some of the more important security decisions you need to make that can have substantial impact on your design.  Using these buckets made it easier to both review the key security decisions and to present the decisions for fast consumption.

Getting Started

  1. Download and install the ASP.NET 2.0 Internet Security Reference Implementation.
  2. Use ASP.NET 2.0 Internet Security Reference Implementation.doc to identify the code you want to explore
  3. Open the solution, Internet Security Reference Implementation.sln, and look into the details of the implementation
  4. If you're interested in testing SSL, then follow the instructions in  SSL Instructions.doc.

 

Published 20 July 06 06:19 by J.D. Meier
Filed under: ,

Comments

# alik levin's said on July 21, 2006 1:56 AM:
This one is big.
patterns&practices released ASP.NET 2.0 Internet Security Reference Implementation...
# Jason Haley said on July 25, 2006 11:34 PM:
# Rui Quintino said on August 6, 2006 5:58 PM:
# ASP.NET Chinese Blogs said on September 23, 2006 5:10 PM:
[来源:J.D. Meier's Blog] 微软刚推出了一个ASP.NET 2.0 Internet 安全之参考实现( ASP.NET 2.0 Internet Security Reference
# Adam said on August 14, 2007 10:36 PM:

This is no longer available on gotdotnet.com. Where can I find it?

# Satish Jha said on August 30, 2007 5:36 PM:

This is no longer available on gotdotnet.com. Where can I find it?

ASP.NET 2.0 Internet Security Reference Implementation

# alik levin's said on November 21, 2007 5:04 AM:

JD Meier writes in his blog : The ASP.NET 2.0 Internet Security Reference Implementation is a sample

# Noticias externas said on November 21, 2007 6:00 AM:

JD Meier writes in his blog : The ASP.NET 2.0 Internet Security Reference Implementation is a sample

New Comments to this post are disabled

Search

Go

This Blog

Syndication

Page view tracker