Bunch of questions following

[David Thielen]

This is for a portal we are creating that we will ship to customers. We are
trying to keep security as simple as possible and to have 0 or single sign
on. All we need is the UserName, UserSID, IsAuthenticated, and IsInRole.

I understand that knowing security inside-out is critical. And we are
trying. (This is also a demo/alpha release where we are trying to learn what
customers will want.) But one of the best ways to figure this out is find out
what we should and should not do and match that up with our understanding,
and then ask questions where they don’t connect.

I've split them out by subject so others who google on this in the future
can find each.

 

[Luke Zhang [MSFT]]

Hello,

I think Steven has replied tons of your questions today.

Anyway, here are some articles on ASP.NET in case your didn't read them:

INFO: ASP.NET Security Overview
http://support.microsoft.com/kb/306590

An Introductory Guide to Building and Deploying More Secure Sites with
ASP.NET and IIS
http://msdn.microsoft.com/msdnmag/issues/02/05/ASPSec2/default.aspx

Hope this help,

Luke Zhang
Microsoft Online Community Support

==================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
==================================================

(This posting is provided "AS IS", with no warranties, and confers no
rights.)

 

[David Thielen]

Yep - read those (really like Jeff's article). The problem with security is I
worry that even with reading all of the articles I get one thing wrong - and
find out when someone uses that hole to hack the system.

When it comes to security I am very paranoid.