Ask a Question related to ASP.NET Security, Design and Development.
-
John Lee #1
Security design question
Hi,
Here is the environment related context:
================================================== =======================
Website are hosted in DMZ - subdomain created dmz.companydomain.com
We have our web farm (3-5 web servers) running under one NT Domain account
with least privileges.
Website all 3 level of access: anonymous, registered and verified
We will use form authentication to authenticate registered and verified user
SQL server will be used to host user authentication information and Session
state
All Line of business web services are hosted internally with Windows
authentication only
AzMan is used to perform access check on all public web methods
================================================== =======================
My question are:
Is this a good practice? Any obvious flaw?
What is the best way to encrypt session state because it might contain
sensitive data?
If the internal web service trust the NT domain account that hosts the web
site, it means that if someone gain access/control to the site then he could
possibly call any of the web service methods, is this correct? how to
prevent it from happening?
What is the best way to secure public access website that will
retrieve/update internal business data?
Thanks very much!
John
John Lee Guest
-
Flex Design Question
Hello all, I am new to Flex but would like to try it for its cool view. I am currently designing a data centric web application, which allows... -
Need a hand with design a question
Here's the story. I have a large database which has a lot of columns. I am creating a web service for clients to use to insert information into... -
Nav Bar button design question
I have seen buttons on a nav bar with a rollover effect that looks like the button was folded back on the corner on the mouse roll over. What is the... -
Database Design Question !!
I currently have an member registration application written in asp which currently consists of : 1) tblMemberOrders 2) tblMembers. I am... -
Design Question
here's a design question or two: 1) let say i have a a hierarcy of user controls for a nav bar. The first one is a general bar (reports,... -
[MSFT] #2 RE: Security design question
Hi John,
From the design, you may consider add some firewall between outside and
your web site, either, between your web server and Web serivce
server/database. This can help block the attcks. Here are some good
articles on ASP.NET security, you may take a look first to see they will
help:
Securing Your ASP.NET Application and Web Services
[url]http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnnetsec/ht[/url]
ml/THCMCh19.asp
Securing .NET Web Applications in an Intranet Environment
[url]http://msdn.microsoft.com/library/default.asp?url=/library/en-us/secmod/html[/url]
/secmod05.asp
An Introductory Guide to Building and Deploying More Secure Sites with
ASP.NET and IIS
[url]http://msdn.microsoft.com/msdnmag/issues/02/04/aspsec/default.aspx[/url]
Luke
[MSFT] Guest
Reply With QuoteSimilar Questions and Discussions
Posting Permissions
- You may not post new threads
- You may post replies
- You may not post attachments
- You may not edit your posts
