How to use ASP.NET forms-based authentication or Windows authentication to help secure a site.

  1. Deploy a Secure ASP.NET MVC application with OAuth, Membership and SQL Database

    This tutorial shows how to create and deploy a secure ASP.NET MVC 5 app using OAuth, the membership database with SQL data.

  2. ASP.NET Identity

    The ASP.NET Identity system is designed to replace the previous ASP.NET Membership and Simple Membership systems. It includes profile support, OAuth integration, works with OWIN, and is included with the ASP.NET templates shipped with Visual Studio 2013.

  3. Create an ASP.NET MVC 5 App with Facebook and Google OAuth2 and OpenID Sign-on

  4. ASP.NET Identity Resources

    Provides links to ASP.NET Identity Resources, which is the new extensible authentication and authorization framework for all the Microsoft Web Stack (MVC, Web API, Web Forms, SignalR, Web Pages).

  5. OWIN and Katana

    Katana is a flexible set of components for building and hosting Open Web Interface for .NET (OWIN)-based web applications. The Katana/OWIN documentation includes tutorials that show how to handle authentication and authorization scenarios.

  6. Microsoft ASP.NET MVC Security with Haack and Hanselman

    This video analyzes XSS, CSRT, and JSON hijacking.

  7. XSRF/CSRF Prevention in ASP.NET MVC and Web Pages

    By Rick Anderson||Level 300 : Intermediate

    Cross-site request forgery (also known as XSRF or CSRF) is an attack against web-hosted applications whereby a malicious web site can influence the interaction between a client browser and a web si...

  8. OWASP Top 10 for .NET developers

    This series of blog posts by Troy Hunt describes the Open Web Application Security Project (OWASP) and covers the 10 most critical web application security risks.

  9. Recommended Resources for MVC

    See "Securing ASP.NET MVC applications" in the ASP.NET MVC Content Map.

  10. Building Applications with ASP.NET MVC 4 - Security

    This Pluralsight video provides an overview of security practices for an ASP.NET MVC application.

  11. Securing your ASP.NET MVC 4 App

    This blog post covers many important security considerations in ASP.NET MVC.

  12. Security Extensibility in ASP.NET 4

    This whitepaper covers the major ways in which security features in ASP.NET 4 can be customized, including: Encryption options and functionality in the machineKey element, interoperability of ASP.NET 4 forms authentication tickets with ASP.NET 2.0, configuration options to relax automatic security checks on inbound URLs, pluggable request validation, and pluggable encoding for HTML elements, HTML attributes, HTTP headers, and URLs.

Essential Videos


Microsoft has made it possible for you to enjoy this Pluralsight training free of charge. In addition, you can watch more videos free of charge from Microsoft.

1. Introduction to ASP.NET MVC 4

36 mins

2. Controllers

41 mins

3. Razor Views

52 mins

4. Working with Data (Part I)

44 mins

5. Working with Data (Part II)

48 mins


55 mins

7. Security

55 mins

8. ASP.NET MVC 4 Infrastructure

36 mins

9. Unit Testing

35 mins

10. Deployment & Configuration

37 mins

Sponsored By: Pluralsight

Get unlimited access to hundreds of Pluralsight online courses like this one.

Starting at $29/mo.

free trial subscribe now


Microsoft's Jon Galloway recommends these books for learning ASP.NET MVC:



by Adam Freeman

Professional ASP.NET MVC 4

Professional ASP.NET MVC 4

by Jon Galloway, Phil Haack, Brad Wilson, K. Scott Allen