[...]... session state, page security, and configuration system security You will also see how you can integrate ASP. NET security with legacy ASP applications Over the course of these topics, you will gain a solid understanding of many of the less publicized security features in ASP. NET 2.0 The book switches gears in Chapter 9 and addresses two new security services in ASP. NET 2.0: Membership and Role Manager You... covers” of various ASP. NET security features so that you can gain a much deeper understanding of the security options available to you The book also addresses lesser known security functionality such as ASP. NET trust levels and ASP. NETto -ASP integration so that you can take advantage of these approaches in your own applications If you are looking for a deep dive on general ASP. NET 2.0 security, then you... That File Exists Setting 261 268 DefaultHttpHandler Using the DefaultHttpHandler Authenticating Classic ASP with ASP. NET 268 270 272 xiii Contents Will Cookieless Forms Authentication Work? Passing Data to ASP from ASP NET Passing Username to ASP Authorizing Classic ASP with ASP. NET Passing User Roles to Classic ASP Safely Passing Sensitive Data to Classic ASP Full Code Listing of the Hash Helper Summary... guidance for session state New session state security features introduced in ASP. NET 2.0 are covered, as well as security options for out-of-process state and the effect ASP. NET trust levels have on the session state feature ❑ Chapter 8 describes some lesser known page security features from ASP. NET 1.1 It also describes new ASP. NET 2.0 options for securing viewstate and postback events Chapter 8 also covers... authentication and Membership ❑ Chapter 6 demonstrates using IIS6 wildcard mappings and ASP. NET 2.0 s support for wildcard mappings to share authentication and authorization information with classic ASP applications The sample code in the chapter also shows you how you can use these features to integrate Membership and Role Manager with classic ASP ❑ Chapter 7 covers security features and guidance for... Chapter 13: Role Manager 517 The Roles Class The RolePrincipal Class The RoleManagerModule 517 521 531 xvi Contents PostAuthenticateRequest EndRequest Role Cache Cookie Settings and Behavior Working with Multiple Providers during GetRoles RoleProvider Basic Configuration Authorization Methods Managing Roles and Role Associations WindowsTokenRoleProvider Summary Chapter 14: SqlRoleProvider SqlRoleProvider... new Membership and Role Manager features, then Chapters 9–15 will be immediately useful to you After you have read through these topics, you will definitely have a thorough understanding of why ASP. NET security works the way it does, and you will have insights into just how far you can “stretch” ASP. NET 2.0 to match your application’s security requirements What Does This Book Cover? The subject of ASP. NET. .. security processing ASP. NET performs in its pipeline for each HTTP request You will see how the default authentication and authorization modules work, as well as how ASP. NET blocks access to content with special handlers This chapter also describes subtleties in how request identity works with ASP. NET 2.0 s asynchronous pipeline events and asynchronous page model ❑ Chapter 3 describes what an ASP. NET. .. executes, both Internet Information Services (IIS) and ASP. NET have performed a fair amount of logic to establish the execution context for a HyperText Transfer Protocol (HTTP) request IIS may have negotiated security credentials with your browser IIS will have determined that ASP. NET should process the request and will perform a handoff of the request to ASP. NET At that point, ASP. NET performs various... 13 describes the new Role Manager feature that provides built-in authorization support for ASP. NET 2.0 You will learn about the core classes in Role Manager The chapter also details how the RoleManagerModule is able to automatically set up a principle for downstream authorization and how the module and Role Manager’s caching work hand in hand Chapter 13 also covers the WindowsTokenRoleProvider, which . class="bi x0 y0 w0 h0" alt="" Professional ASP. NET 2. 0 Security, Membership, and Role Management Stefan Schackow 01 _596985 ffirs.qxp 12/ 14 /05 7:45 PM Page i Professional ASP. NET 2. 0 Security, Membership, . Options in ASP. NET 2. 0 20 1 Setting Cookie-Specific Security Options 20 4 requireSSL 20 4 HttpOnly Cookies 20 6 slidingExpiration 20 8 Using Cookieless Forms Authentication 20 8 Cookieless Options 21 0 Replay. Security, Membership, and Role Management Stefan Schackow 01 _596985 ffirs.qxp 12/ 14 /05 7:45 PM Page i Professional ASP. NET 2. 0 Security, Membership, and Role Management Published by Wiley Publishing, Inc. 104 75