Build a Secure Web Site
Implement strong Web security using Visual Studio .NET's forms-based authentication combined with SSL encryption.
by Jonny Anderson
Taking the plunge with Visual Studio .NET isn't as traumatic as you might think. The process of creating and securing your own Web site with VS.NET is relatively simple and satisfyingly coherent. You'll see that a solid understanding of VB6 coupled with a vague notion of how Web pages work is all you need to quickly create a Web site that's secure from all but the most determined hacker.
You'll learn to handle forms-based authentication to identify your users, use Secure Sockets Layer (SSL) technology to ensure sensitive data is encrypted properly, and deal with user time-outs with a few lines of VB.NET code. These techniques form the security backbone for many modern e-commerce Web sites, and you can implement them easily using VS.NET.
The sample Web site that accompanies this article, called SecureWeb, demonstrates much of the core technology required to deploy strong Web-based security successfully across your Web real estate.
Secure Web sites usually need to identify their users before allowing access to the rest of the site. Even if you have little interest in security, identifying your users is an essential step if you want to tailor your pages with user-specific data. Identification begins when a user submits security credentials, such as an e-mail address and password, through a login page. The login page communicates with a data store containing the site's registered-user credentials to see if there's a match. Users who fail to supply recognized credentials are denied access and are often redirected to an Add New Member page or the like. Once the site recognizes a user, the system can start making decisions about where the user can go and what he or she can do. Unfortunately, you face security problems with this simple login approach.
Back to top