15 Seconds is looking for technical professionals working in the Active Server field to write articles. If you are interested, take a look at our writer's guide and submit your ideas.
Security Section Covers security related issue for the Internet Information Server, Active Server Pages, and ISAPI applications, including authentication, NTLM, and SSL.
Built around the Microsoft CryptoAPI, AspEncrypt helps you harness all major encryption and hashing algorithms such as DES, Triple-DES, RC2, RC4, RSA, MD5 and SHA1 in just a few lines of code. The component can be used in tandem with AspEmail to send encrypted and signed mail in the industry-standard S/MIME format, or with AspUpload to encrypt files as they are being uploaded. AspEncrypt can also be used to issue and manage X.509 digital certificates.
AspPDF is an ASP/ASP.NET component which enables generation and management of documents in PDF format. Features include advanced text formatting, font embedding, form fill-in, images, tables, content and page extraction, document stitching, encryption, digital signatures, and more.
In many web applications it is desirable for both intranet users and external parties to be able to seamlessly log onto the system. The problem this raises is that it is not easy to allow intranet users to log in via Windows integrated authentication while also allowing external parties to log in to the same application using standard forms authentication. This article will show you one way to achieve the best of both worlds when it comes to authentication. [Read This Article][Top]
In this article, Michele Leroux Bustamante discusses authentication, authorization and role-based security in .NET. Along the way, he provides some best practices for implementing role-based security in some typical .NET application scenarios including rich clients, Web applications, and Web services. [Read This Article][Top]
When implementing custom components that require access to restricted resources, implicit impersonation must be used. Jay Nathan shows how to create a class that makes using .NET Impersonation a snap. [Read This Article][Top]
Learn about the execution process of CLR-based programs and how to protect your applications from being easily disassembled back into source code. [Read This Article][Top]
Businesses that utilize encrypted e-mail may find Secure Multipurpose Internet Mail Extensions (S/MIME) to be somewhat restrictive. This article shows how to use security features in PDF as an alternative to S/MIME. [Read This Article][Top]
Bill Gates, in a recent interview, predicted the end of spam by 2006. One of the methods he mentioned involved a challenge only a real live person could handle. Adnan Masood shows how to use AI and .NET to create a user verification scheme that incorporates similar concepts Gates alluded to. [Read This Article][Top]
Code Access Security (CAS) is the .NET Framework security model that grants
code permission to resources based on "evidence" pertaining to the
encapsulating assembly. In this article, David Myers examines CAS
and explains different configuration methods. [Read This Article][Top]
Zhenlei Cai combines an open source C++ encryption library with SQL Server
extended stored procedures to create a platform neutral, transparent
encryption solution that resides at the database layer. [Read This Article][Top]
Christopher Spann offers a .NET configuration tip that should help ease system administrators' fears of security compromise and thus assuage growing developer demand for a .NET environment. [Read This Article][Top]
You don't have to be a cryptography expert or spend lots of money on third-party components to secure sensitive data in .NET. In this article, Wayne Plourde shows just how easy it is to encrypt cookie data using encryption classes in the .NET System.Security.Cryptography namespace. [Read This Article][Top]
One of the most important aspects of an application is how well it responds to the user, and this includes response to errors. In this article, Adam Tuliper shares techniques for catching ASP errors and shows how to create a notification system that is sure to keep customers at bay. [Read This Article][Top]
If your SQL Server is exposed to the Internet, then hackers are probing it. This article shows how to secure a SQL Server database that's being used with a Web application [Read This Article][Top]
The application is done. It's been tested, documented and is ready for deployment or sale. Finally, you can relax and start working on version 2. Well, not so fast ... [Read This Article][Top]
The proliferation of Web Services on the market and their universal acceptance on the Internet makes them more vulnerable to security threats. Therefore, we need to tighten security for our Web Services and pay attention to it. With ASP.NET, Microsoft has provided the necessary features for securing our Web Services and other Web resources. In this article, Mansoor Ahmed Siddiqui explains how to unleash the power of ASP.NET security. [Read This Article][Top]
Creating custom authentication schemes just became easier. Jeff Gonzalez continues to explain Forms Authentication, this time using a custom XML file. [Read This Article][Top]
Internet viruses such as Code Red and Nimbda have brought down numerous IIS Web servers recently. Fortify and defend your system with this comprehensive strategy authored by 30-year industry veteran, Andrew Novick. [Read This Article][Top]
Members of the 15Seconds discussion list provide some general ideas on how to secure credit-card numbers stored in SQL Server. [Read This Article][Top]
Read what advice members of the 15Seconds Discussion list had to offer on using Microsoft's Certificate Server instead of a third-party SSL solution. [Read This Article][Top]
Creator of the SC Profanity Check ASP component explains how Webmasters can take a proactive approach to eliminating some online credit-card fraud. [Read This Article][Top]
This article by Itay Weinberger describes how to use an ISAPI filter to prevent unauthorized access to your JavaScript or VBScript files. [Read This Article][Top]
Want to Create a random password and mail it to the person who tried to register at your site? Here is a quick and easy example of how to do this task. It is fairly straight forward. [Read This Article][Top]
The file system object (FSO) is a wonderful tool that few web developers know about. You can do nearly anything with the FSO, from making databases, to message boards, to content management. The FSO is an essential block in an ASP developer's foundation. We'll discuss the basic operations of the FSO here, along with some examples on creating a guestbook, and some more complex features. [Read This Article][Top]
Servers-side validations on the client side...isn't that an oxymoron? Maybe, but Pandurang Nayak shows us how to accomplish a type of remote scripting using a mix of Javascript and ASP. [Read This Article][Top]
Edward Mason examines how to secure access to your Web pages, specifically pages that are intended to be displayed in a set order. He offers sample code from one of his custom Web applications that includes a folder structure and an ASP file structure. The article also addresses bookmarking, special cases, adding or changing page links, and adding more process screens. [Read This Article][Top]
Peter Persits’ article shows that the path to a password-protected Web site involves using one-way hash functions. The hash-based password-protection method uses an encryption algorithm that does not require a key and produces an irreversibly encrypted cipher-text. Even if your site’s password database is compromised, it’s still tough for an intruder to recover the original passwords because they are stored by their one-way encrypted values. Persits also demonstrates a third-party component that is necessary to compute the one-way hash function of a string in the ASP environment. [Read This Article][Top]
Peter Persits' article explains how Secure Multipurpose Internet Mail Extensions, or S/MIME, has come to rescue of e-commerce Web sites that need some order information to be contained in encrypted E-mail. Customers don't want to use automatic on-line credit card authorization, so order information instead is sent over an SSL-protected HTML form and credit card numbers are sent via encrypted E-mail for manual processing. [Read This Article][Top]
Peter Persits' article "Crash Course in Cryptography" explains encryption so that you can grasp secure multipurpose Internet mail extensions, or S/MIME. [Read This Article][Top]
The application we will develop in this article is a browser-based Windows NT domain account password-changing utility that runs as a component in an MTS package on IIS and is accessible via the Internet. While IIS 4.0 provides native account password-changing functionality through the use of .htr files and an Internet Server API (ISAPI) extension, it does not provide for easy modification and does not run as an MTS component by default. The application we will develop demonstrates an extensible framework that could be easily enhanced to provide additional account-maintenance functionality specific to your individual requirements. [Read This Article][Top]
This article by Alain Trottier explains how to control web application access by validating the user’s login and password against a database using Active Server Pages. Once validated the IP Address of the user is ensure that the user has access to the database. [Read This Article][Top]
This article is a reprint of chapter 19, by Nelson Howell , in a new book called 'Using Microsoft Internet Information Server 4' from Que Education & Training (ISBN 0789712636) due for publication in early March 1998. This chapter covers advanced security concepts. Including: how to secure content Enforce security permissions for sensitive and private content and configuring user authentication understand and use authentication methods for securing content. [Read This Article][Top]
ActiveNews(NOTE: ASPToday articles require a paid subscription)
A security flaw was discovered in the way passwords for Windows shares are
handled. The vulnerability makes it possible for an attacker to gain access
to a password-protected shared folder. [Read The Article]
Article contains information about the latest security hole that, under some
circumstances, permits a Web visitor to view the source of your ASP pages. This
hole can only effect those sites that run on Windows 2000 (IIS 5) and don't haveService Pack 1 installed. [Read The Article]
With ADSI, NT Groups and IIS Authentication we can provide integrated Business and Web Applications that are simple to use and maintain. Christopher Schmidt presents a solution to solving the problem many users and administrative staff face managing numerous usernames and passwords. This article explains how to set up ADSI, NT and IIS security, enabling you to begin fully integrating your solutions with NTFS, SQL Sever 7.0, MS Exchange, and so on, while providing simple interfaces to administer these sites. [Read The Article]
As a gesture of my gratitude for the many times I found examples out on the
Internet which solved a problem I had, I am writing my first
article as a way to give back. [Read The Article]
This article, by Corin Martens, demonstrates how to create a database-driven login page. With Corin's application, you can restrict
particular users to particular sections of your Web site. The list of users and their security-level is maintained
in a database. An good explanation of how to create a user-authentication system. [Read The Article]
This article, by Derrick, demonstrates how to encrypt the information passed through the QueryString! Using the encryption technique discussed in an earlier article, Encryption with ASP, you can encrypt the variable names and values that are being passed through the QueryString! A very worthwhile read, and a very useful technique, especially if you ever need to pass sensitive information through the QueryString! [Read The Article]
Mark Kordelski provides a brief explanation of authentication schemes, their advantages and disadvantages, and provides a proposed approach to a "digital signature" scheme, to drive these applications. [Read The Article]
In this second of a two part series, Byron Hynes considers how to require a user to use SSL, and how to automatically take them to a secure channel. [Read The Article]
Steve Schofield shows an example of what he uses to secure pages. This example uses 2 asp pages and a database that stores the userid and password. Once you've logged successfully, the log in page will always come up. [Read this Article]
Steve Schofield shows an example of what he uses to secure pages. This example uses 2 asp pages and a database that stores the userid and password. Once you've logged successfully, the log in page will always come up. [Read this Article]
ROT13 is a useful method of encoding text so that it cannot easily be read. The method originated on USENET, where it was commonly used to hide answers to jokes and spoilers for forthcoming TV show episodes. [Read the Article]
Password protection isn't always about enormous databases, heavy-handed security and reams of code. Ken Baumbach adds a neat little trick to the database discourse. [Read This Article]
You can choose to keep track of visitor access to your site either through cookies or through ASP Sessions. Alex Homer gives us the pros, the cons, and the code for the both. [Read This Article]
It's not always obvious which of the IIS security settings allow or deny web applications access to resources on a network. The security context under which it runs is all important. Ulrich Schwanitz investigates. [Read This Article]
This article contains detailed explanations of some of the misunderstood security features in Microsoft® Internet Information Server (IIS) 4.0, including client certificate mapping, IP address restrictions, Secure Sockets Layer (SSL) server bindings, and Web permissions. You'll not only find out how these features work, but also how to optimize their configuration. [Read This Article]
In his monthly SBN Magazine column on server issues, Tom Moran explains the basics of firewalls, and how they smoke out the differences between friends and foes. [Read This Article]
Security is a wide-reaching topic -- and can get extremely complex. Don't let that stop you, because most of what you really need to know can be absorbed in bite-sized chunks and implemented in stages. When thinking about security for your site, you need to be concerned with several discrete areas , as well as a few basic concepts. [Read This Article]
This article provides an overview of Microsoft® Windows NT® Server security in areas relevant to Microsoft® Internet Information Server and Microsoft® SQL Server. After gaining a basic understanding of these three products' relationships, you will learn how their mutual features are utilized to implement security with Active Server Pages. These topics will not be explored in any more depth than is necessary for understanding the implementation of security with Active Server Pages. [Read This Article]
This article explains Windows NT security as it relates to IIS, so you can effectively troubleshoot security-related problems. We will cover the three forms of authentication, how they differ, several ways of controlling access to key areas on your Web server, and the important but almost universally misunderstood concept of "delegation." Understanding delegation is mandatory for anyone building a data-driven Web site using IIS. Understanding how Windows NT handles different users will potentially save you days, or even weeks, of troubleshooting. [Read This Article]
Visual InterDev uses the Microsoft® FrontPage® extensions on a Web server to manage Web security, in the same way that FrontPage does. In fact, although the Visual InterDev user interface in general differs from that of FrontPage, Visual InterDev exposes the same user interface as FrontPage does for managing security. The FrontPage extensions, in turn, simply use the existing security features of Microsoft® Windows NT® and the Internet Information Server (IIS) to manage Web security. Thus users of Visual InterDev need to be familiar with the security features of FrontPage, Internet Information Server (IIS), and Windows NT. This paper provides concise coverage of these topics and pointers to more in-depth reading. [Read This Article]
After bandwidth, security is the next-biggest concern when it comes to creating active content on the Internet. This article examines Web security as it relates to the Microsoft® Internet Information Server (IIS). After an overview of the IIS security model, this article discuss the scripting engine (codenamed Denali) of the ActiveX Server Framework as a means of extending the functionality offered by IIS. Finally, this article will build a sample Web site to demonstrate how a Web administrator might actually implement the security features described by the IIS model, and how to extend the model using Denali. [Read This Article]