.NET news » Search results

Effectively managing user state in web applications can be a tricky balancing act of performance, scalability, maintainability and security. The security consideration is especially evident when you’re managing user state stored on the client. Here's what you need to know about view state security.

SharePoint search may return too much information, causing data security problems. Learn how to use the custom security trimmer to ensure users see only the documents they have permission to view.

Web developers switching to Windows 8 development with JavaScript need to update their views on security. With the tools available in Windows 8, you can transform JavaScript security from a facade to a multifaceted defense system that protects both your data and your users.

Bryan Sullivan follows up on configuration security with some relatively obscure—but important—web.config settings that should be addressed, and discusses a new free tool to help you find potential problems.

One of the major benefits of writing .NET code to run in the Common Language Runtime (CLR) hosted in any environment is code access security (CAS).CAS provides a code-based-rather than user-based-authorization scheme to prevent various kinds of luring and other code attacks. But how does that security scheme coexist with SQL Server 2005's own, newly enhanced security features? By default your .NET code is reasonably secure, but it's all too easy for the two security schemes to butt heads and cause you grief. In this article I'll look briefly at the concept behind CAS and a few new security features in SQL Server 2005, then explore how to make the two systems work for you instead of against you as you take advantage of these advanced programming features in SQL Server.

We explain various security options for different workflow hosts, including a discussion of the Workflow Security Pack project and how its collection of activities can be used to bring end-to-end security to workflow solutions.

Developers often concentrate on writing secure code but leave security vulnerabilities in application configuration files. Discover the most common configuration security problems—and how to avoid them.

It’s usually the fault of the developer -- rather than the end user -- when security isn’t applied.

Learn to take advantage of the inner workings of ASP.NET's security model to help eliminate security vulnerabilities from your web applications.

This test tool helps developers of Windows Mobile applications test various security policies for Windows Mobile devices.

It is designed as a desktop application that ships with a preset list of "security configurations". A security configuration can be thought of as a template, which contains a collection of individual policies and settings. For example, a security configuration could define policies such as whether unsigned applications are allowed to execute, whether RAPI is disabled etc. Using this tool, the developer can provision a Windows Mobile device with different configurations, and then test the application's behavior under these configurations. This tool can be used either on an emulator or an unlocked Windows Mobile device.