Hi all,
I am building a project in Web based online learning tool. It is basically based on the secure web service. I am using ASP.NET as a front end. Please guide me as a create secure web sites by ASP.NET. Thanks in advance.
Printable View
Hi all,
I am building a project in Web based online learning tool. It is basically based on the secure web service. I am using ASP.NET as a front end. Please guide me as a create secure web sites by ASP.NET. Thanks in advance.
Before using when write website code, site security is always a headache, although we have prepared a user login, registration, verification page, but the results are always unsatisfactory. Sometimes we had to use a lot of session variables to store information, Vigilance. In the. NET environment, this issue is handled them very easy. The key is to fully understand the web.config file. So you can edit on that and check. Best of luck.
You need to edit on web.config file. its look like this.
<? xml version = "1.0" encoding = "utf-8"?>
<configuration>
<system.web>
You need to set compilation debug = "true" to insert debugging symbols
Inserted into the compiled page. Because this will create the implementation of them Slow-moving large files, so they should only set this value when debugging true, while all other times are set to false. Best of luck.
You need to debugging ASP.NET files documents as below:
-->
<compilation defaultLanguage="vb" debug="true" />
"! - Custom error message
Set customErrors mode = "On" or "RemoteOnly" to enable custom error messages, or set to "Off" to disable the custom error message.
To deal with the error for each add <error> tags.
-->
<customErrors mode="RemoteOnly" />
"! - Authentication
This section set up the application's authentication policy. Possible model is the \ "Windows \",
\ "Forms \", \ "Passport \" and \ "None \"
-->
<authentication mode="Windows" />
Edit the code and reply.
Below section set up the application's authorization policy. You can allow or deny access to users or roles :
<authorization>
<allow users="*" /> <! - Allow all users - "
<! - <Allow users = "[comma separated list of users]"
roles = "[comma separated list of roles]" / "
<deny users = "[comma separated list of users]"
roles = "[comma separated list of roles]" / "
-->
</ authorization>
In order to prevent the user to access the site has not been verified, our approach is that when a user did not pass validation when click on any page will jump directly to Login.aspx page, specifically the code is as follows:
<authentication mode="Forms">
<forms name = "yourAuthrasiationCookie" loginUrl = "loginpage.aspx"
protection = "All" path = "/" />
</ authentication>
<authorization>
<deny users="?" />
</ authorization>