.NET news » Security

An article about .NET internals and native compiling.

Edit web.config to Update the Data Provider for Shared Hosting with Role-Based Security: SQL Server, ODBC, Active Directory, ADAM, SQLite, MySQL, Access, XML

Import and Export RSA Keys in PKCS#8 and X.509 Format using Crypto++, C#, and Java

Do you have a cool personalized application that you want to offer to over 400 million users? Do you want to light it up with Live controls or create a mashup with Live resources?Windows Live ID now offers a simple way for third parties to get Live ID authentication in your Web or rich client applications, letting you reach millions of Live ID users, integrate with Live Controls, and access Live services.

Learn to take advantage of the inner workings of ASP.NET's security model to help eliminate security vulnerabilities from your web applications.

One of the most important security principles for software development is least privilege. Simply put, least privilege means that an application, process, or user should have the least access to resources required to accomplish a task and no more. By following this principle, even if your application is attacked or a user goes on the payroll of your nastiest competitor, you'll have limited the potential damage. Bottom line: implementing partial trust in ASP.NET is the single biggest thing you can do to make your applications secure.

This month Ted Pattison presents an overview of programming security and permissions for Windows SharePoint Services 3.0.

Active Directory Federation Services (ADFS) was introduced in Windows Server 2003 for organizations that need to participate in standards-based identity federation. With ADFS, you can more easily validate identity data from other organizations, leading to greater interoperability with your partners. In this article, I'll take you on a guided tour of ADFS in action, using the experiences of a fictitious online service provider (A. Datum Corporation) that uses ADFS to interact with a real online service provider (UnderMyControl.com) and a fictitious customer (Tailspin Toys).

This article provides a way to use RSA public key encryption in scripts running on a webserver hosted by a shared hosting company. It also demonstrates how to use RSA in .Net to solve the 'real world' problem of signing license codes so that they cannot be forged.

Hard coding passwords into your application or your web site is a bad thing. Barry looks at how we can use trusted connections to provide the authentication we need, without the need for these potential security hazards.