.Role-Based Authorization.
Limiting Access to Files and Folders.
Checking Users and Roles Programmatically.
A Checklist for Authentication and Authorization.
Chapter 8 Securely Accessing Databases.
Writing Bad Code: Demonstrating SQL Injection.
Fixing the Vulnerability.
More Security for SQL Server.
Connecting Without Passwords.
SQL Permissions.
Using Views.
SQL Express User Instances.
Drawbacks for the VS Built-in Web Server.
Dynamic SQL Stored Procedures.
Using SQL Encryption.
A Checklist for Securely Accessing Databases.
Chapter 9 Using the File System.
Accessing Existing Files Safely.
Making Static Files Secure.
Making a File Downloadable and Setting Its Name.
Adding Further Checks to File Access.
Accessing Files on a Remote System.
Creating Files Safely.
Handling User Uploads.
Using the File Upload Control.
A Checklist for Securely Accessing Files.
Chapter 10 Securing XML.
Validating XML.
Well-Formed XML.
Valid XML.
XML Parsers.
Querying XML.
Avoiding XPath Injection.
Securing XML Documents.
Encrypting XML Documents.
Signing XML Documents.
A Checklist for XML.
PART III ADVANCED ASP.NET SCENARIOS.
Chapter 11 Sharing Data with Windows Communication Foundation.
Creating and Consuming WCF Services.
Security and Privacy with WCF.
Adding Security to an Internet Service.
Signing Messages with WCF.
Logging and Auditing in WCF.
Validating Parameters Using Inspectors.
Using Message Inspectors.
Throwing Errors in WCF.
A Checklist for Securing WCF.
Chapter 12 Securing Rich Internet Applications.
RIAU Architecture.
Security in Ajax Applications.
The XMLHttpRequest Object.
The Ajax Same Origin Policy.
The Microsoft ASP.NET Ajax Framework.
Security in Silverlight Applications.
Understanding the CoreCLR Security Model.
Using the HTML Bridge.
Accessing the Local File System.
Using Cryptography in Sliverlight.
Accessing the Web and Web Services with Silverlight.
Using ASP.NET Authentication and Authorization in Ajax and Silverlight.
A Checklist for Securing Ajax and Silverlight.
Chapter 13 UNDERSTANDING CODE ACCESS SECURITY.
Understanding Code Access Security.
Using ASP.NET Trust Levels.
Demanding Minimum CAS Permissions.
Asking and Checking for CAS Permissions.
Testing Your Application Under a New Trust Level.
Using the Global Assembly Cache to Run Code Under Full Trust.
.NET 4 Changes for Trust and ASP.NET.
A Checklist for Code not Under Full Trust.
Chapter 14 SECURING INTERNET INFORMATION SERVER (IIS).
Installing and Configuring IIS7.
IIS Role Services.
Removing Global Features for an Individual Web Site.
Creating and Configuring Application Pools.
Configuring Trust Levels in IIS.
Locking Trust Levels.
Creating Custom Trust Levels.
Filtering Requests.
Using Log Parser to Mine IIS Log Files.
Using Certificates.
Requesting an SSL Certificate.
Configuring a Site to Use HTTPS.
Setting up a Test Certification Authority.
A Checklist for Securing Internet Information Server (IIS).
Chapter 15 Third-Party Authentication.
A Brief History of Federated Identity.
Using the Windows Identity Foundation to Accept SAML and Information Cards.
Creating a “Claims-Aware” Web Site.
Accepting Information Cards.
Working with a Claims Identity.
Using OpenID with Your Web Site.
Using Windows Live ID with Your Web Site.
A Strategy for Integrating Third-Party Authentication with Forms Authentication.
Summary.
Chapter 16 Secure Development with the ASP.NET MVC Framework.
MVC Input and Output.
Protecting Yourself Against XSS.
Protecting an MBC Application Against CSRF.
Securing Model Binding.
Providing Validation for and Error Messages from Your Model.
Authentication and Authorization with ASP.NET MVC.
Authorizing Actions and Controllers.
Protecting Public Controller Methods.
Discovering the Current User.
Customizing Authorization with an Authorization Filter.
Error Handling with ASP.NET MVC.
A Checklist for Secure Development with the ASP.NET MVC Framework.
Index.