How to use ASP.NET forms-based authentication or Windows authentication to help secure a site.
The ASP.NET Identity system is designed to replace the previous ASP.NET Membership and Simple Membership systems. It includes profile support, OAuth integration, works with OWIN, and is included with the ASP.NET templates shipped with Visual Studio 2013.
This Pluralsight video provides an overview of security practices for an ASP.NET MVC application.
This blog post covers many important security considerations in ASP.NET MVC.
By Rick Anderson||Level 300 : Intermediate
Cross-site request forgery (also known as XSRF or CSRF) is an attack against web-hosted applications whereby a malicious web site can influence the interaction between a client browser and a web si...
This tutorial shows how to create and deploy a secure ASP.NET MVC 5 app using OAuth, the membership database with SQL data.
This series of blog posts by Troy Hunt describes the Open Web Application Security Project (OWASP) and covers the 10 most critical web application security risks.
This video analyzes XSS, CSRT, and JSON hijacking.
See "Securing ASP.NET MVC applications" in the ASP.NET MVC Content Map.
This whitepaper covers the major ways in which security features in ASP.NET 4 can be customized, including: Encryption options and functionality in the machineKey element, interoperability of ASP.NET 4 forms authentication tickets with ASP.NET 2.0, configuration options to relax automatic security checks on inbound URLs, pluggable request validation, and pluggable encoding for HTML elements, HTML attributes, HTTP headers, and URLs.
Provides links to ASP.NET Identity Resources, which is the new extensible authentication and authorization framework for all the Microsoft Web Stack (MVC, Web API, Web Forms, SignalR, Web Pages).