Security
In this chapter, you'll learn:
How to let users to log in to your site (and optionally be assigned to roles) using either a login form or Windows authentication.
Authentication and Authorization
This article provides an overview of ASP.NET authentication and authorization and shows how to implement both features.
Windows Authentication Provider
This article provides an overview of the Windows authentication provider, which is useful for security in company networks and other intranet scenarios.
Forms Authentication Overview
This article describes ASP.NET forms authentication, which lets you create your own login page and then use ASP.NET features to manage authentication and authorization.
ASP.NET Authorization
This article describes two ways to let users have access to resources in your application -- that is, how to handle authorization.
Implementing a Role Provider
This article and sample describes how to create a provider to handle custom role management.
Security Extensibility in ASP.NET 4
This whitepaper covers the major ways in which security features in ASP.NET 4 can be customized, including: Encryption options and functionality in the <machineKey> element, interoperability of ASP.NET 4 forms authentication tickets with ASP.NET 2.0, configuration options to relax automatic security checks on inbound URLs, pluggable request validation, and pluggable encoding for HTML elements, HTML attributes, HTTP headers, and URLs
ASP.NET Web Forms Books
Microsoft's Jon Galloway recommends these books for learning ASP.NET Web Forms:
Professional ASP.NET 4.5 in C# and VB
by Jason N. Gaylord, Christian Wenz, Pranav Rastogi, Todd Miranda, Scott Hanselman
