This document provides an overview of securing Microsoft ASP.NET web applications. It discusses authentication methods like Windows authentication, forms-based authentication, and Microsoft Passport authentication. It also covers enabling different authentication methods in ASP.NET and IIS, reading user information, and creating logon pages. Secure Sockets Layer (SSL) is introduced for encrypting data transmission. Hands-on demonstrations are provided for setting up Windows and forms-based authentication in a sample ASP.NET web application.

1. Module 16: Securing a Microsoft ASP.NET Web Application

6. Multimedia: ASP.NET Authentication Methods

17. Overview of Forms-Based Authentication Client requests page Authorized ASP.NET Forms Authentication Not Authenticated Authenticated Logon Page (Users enter their credentials) Authenticated Authentication Cookie Authorized Not Authenticated Access Denied Requested Secure Page IIS Username Password Someone *********** Submit 1 2 3 4 6 5 7  

18. Multimedia: Forms-Based Authentication

23. How Microsoft Passport Works Website.msft Client Passport.com The client requests a page from the host 1 2 3 4 5 The site redirects the client to Passport.com The client is redirected and logs on to Passport.com Passport returns a cookie with the ticket information 6 The client accesses the host, this time with ticket information The host returns a Web Form and possibly a new cookie that it can read and write

26. Lab 16: Securing a Microsoft ASP.NET Web Application Medical Medical.aspx Benefits Home Page Default.aspx Life Insurance Life.aspx Retirement Retirement.aspx Dental Dental.aspx Dentists Doctors Doctors.aspx Doctors Logon Page Login.aspx Registration Register.aspx Coho Winery Prospectus Prospectus.aspx XML Web Service dentalService1.asmx Page Header Header.ascx ASPState tempdb Lab Web Application User Control namedate.ascx Menu Component Class1.vb or Class1.cs XML Files Web. config