[...]... Sharing Tickets between 1. 1 and 2.0 Leveraging the UserData Property Passing Tickets across Applications Cookie Domain Cross-Application Sharing of Ticket Enforcing Single Logons and Logouts Enforcing a Single Logon Enforcing a Logout Summary Chapter 6: Integrating ASP.NET Security with Classic ASP 17 5 18 1 18 2 18 4 19 0 19 1 19 2 19 2 19 4 19 8 19 8 2 01 204 204 206 208 208 210 215 216 218 2 21 222 224 226 226 227... 465 468 468 4 71 474 475 477 480 4 81 482 482 484 486 487 494 503 504 510 512 515 Chapter 13 : Role Manager 517 The Roles Class The RolePrincipal Class The RoleManagerModule 517 5 21 5 31 xvi Contents PostAuthenticateRequest EndRequest Role Cache Cookie Settings and Behavior Working with Multiple Providers during GetRoles RoleProvider Basic Configuration Authorization Methods Managing Roles and Role Associations... 4: Configuration System Security Using the Element 54 57 58 65 66 69 74 75 77 78 80 83 91 96 99 10 5 11 8 14 1 14 3 14 3 The Path Attribute The AllowOverride Attribute 14 5 14 6 Using the lock Attributes 14 6 Locking Attributes Locking Elements Locking Provider Definitions 14 7 14 9 15 1 Reading and Writing Configuration Permissions Required for Reading Local Configuration Permissions Required for... Partial Trust The requirePermission Attribute Demanding Permissions from a Configuration Class FileIOPermission and the Design-Time API Protected Configuration What Can’t You Protect? Selecting a Protected Configuration Provider Defining Protected Configuration Providers DpapiProtectedConfigurationProvider xii 15 3 15 5 15 7 15 9 16 1 16 3 16 5 16 6 16 6 16 8 16 9 17 2 17 2 Contents RsaProtectedConfigurationProvider... Chapter 13 describes the new Role Manager feature that provides built-in authorization support for ASP.NET 2.0 You will learn about the core classes in Role Manager The chapter also details how the RoleManagerModule is able to automatically set up a principle for downstream authorization and how the module and Role Manager’s caching work hand in hand Chapter 13 also covers the WindowsTokenRoleProvider,... receive the mailing list, you can search our online archives Junk and spam mail is deleted, and your own e-mail address is protected by the unique Lyris system Queries about joining or leaving lists, and any other general queries about lists, should be sent to listsupport@p2p.wrox.com xxiv Professional ASP.NET 2.0 Security, Membership, and Role Management Initial Phases of a Web Request Before the first... state New session state security features introduced in ASP.NET 2.0 are covered, as well as security options for out-of-process state and the effect ASP.NET trust levels have on the session state feature ❑ Chapter 8 describes some lesser known page security features from ASP.NET 1. 1 It also describes new ASP.NET 2.0 options for securing viewstate and postback events Chapter 8 also covers how the new... providers and how you can extend them in your applications Who Is This Book For? This book is intended for developers who already have a solid understanding of ASP.NET 1. 1 security concepts in the area of forms authentication, page security, and website authorization Where the book addresses new functionality, such as Membership and Role Manager, it assumes that you have already used these features and have... known security functionality such as ASP.NET trust levels and ASP.NETto-ASP integration so that you can take advantage of these approaches in your own applications If you are looking for a deep dive on general ASP.NET 2.0 security, then you will find Chapters 1 8 very useful If your initial focus is on the new Membership and Role Manager features, then Chapters 9 15 will be immediately useful to you... is larger than 16 KB, the log entry ends with URL_Length, indicating that the allowable URL length had been exceeded An example of such a log entry is: 2005-03 -13 23:02:53 12 7.0.0 .1 1086 12 7.0.0 .1 80 HTTP/0.0 GET - 414 URL_Length For brevity, the URL that caused this is not included because a 16 KB long URL would not be particularly interesting to slog through Remember that form posts and file uploads . class="bi x0 y0 w0 h0" alt="" Professional ASP. NET 2. 0 Security, Membership, and Role Management Stefan Schackow 01 _596985 ffirs.qxp 12 / 14 /05 7:45 PM Page i Professional ASP. NET 2. 0 Security, Membership,. Security, Membership, and Role Management Stefan Schackow 01 _596985 ffirs.qxp 12 / 14 /05 7:45 PM Page i Professional ASP. NET 2. 0 Security, Membership, and Role Management Published by Wiley Publishing, Inc. 10 4 75. Cookieless Tickets 21 8 Unexpected Redirect Behavior 22 1 Sharing Tickets between 1. 1 and 2. 0 22 2 Leveraging the UserData Property 22 4 Passing Tickets across Applications 22 6 Cookie Domain 22 6 Cross-Application