What is the ASP.NET Membership framework's reputation as far as security goes? Are there any typical default configuration settings that are problematic? What best practices are there? Are there any built-in methods to combat things like session hijacking?
NET provide many useful classes and services that enable developers to write secure code, use cryptography, and implement role-based security.
ASP.NET implements authentication through authentication providers, the code modules that contain the code necessary to authenticate the requestor's credentials. ASP.NET supports Forms Authentication, Passport Authentication, and Windows authentication providers.
NET 3.1 Secure? The short answer is “yes.” The longer answer is that — just like with any development framework — . NET Core is as safe as the development best practices and maintenance deployed to create the code and keep it updated.
The ASP.NET membership provider is a feature that enables ASP.NET developers to create Web sites that allow users to create unique user name and password combinations. With this facility, any user can establish an account with the site, and sign in for exclusive access to the site and its services.
In regard to best practices, there is a short WIKI called ASP.NET 2.0 Security Inspection Questions that lists security considerations when using a membership provider. It may be of some use?
Omar AL Zabir blogged on some updates he made to the stored procedures that were needed for a high user site implementation. His suggestion is basically to use either
WITH (NOLOCK)
or
SET TRANSACTION ISOLATION LEVEL READ UNCOMMITTED
before the SELECT queries in the membership stored procedures.
Optimize asp net membership stored procedures for greater speed and scalability
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With