Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How secure is the ASP.NET Membership framework?

What is the ASP.NET Membership framework's reputation as far as security goes? Are there any typical default configuration settings that are problematic? What best practices are there? Are there any built-in methods to combat things like session hijacking?

like image 955
kenwarner Avatar asked Jul 27 '09 03:07

kenwarner


People also ask

Is .NET framework secure?

NET provide many useful classes and services that enable developers to write secure code, use cryptography, and implement role-based security.

Why ASP.NET is secure?

ASP.NET implements authentication through authentication providers, the code modules that contain the code necessary to authenticate the requestor's credentials. ASP.NET supports Forms Authentication, Passport Authentication, and Windows authentication providers.

How secure is asp net core identity?

NET 3.1 Secure? The short answer is “yes.” The longer answer is that — just like with any development framework — . NET Core is as safe as the development best practices and maintenance deployed to create the code and keep it updated.

How does ASP Net membership work?

The ASP.NET membership provider is a feature that enables ASP.NET developers to create Web sites that allow users to create unique user name and password combinations. With this facility, any user can establish an account with the site, and sign in for exclusive access to the site and its services.


2 Answers

In regard to best practices, there is a short WIKI called ASP.NET 2.0 Security Inspection Questions that lists security considerations when using a membership provider. It may be of some use?

like image 105
Dan Diplo Avatar answered Nov 03 '22 12:11

Dan Diplo


Omar AL Zabir blogged on some updates he made to the stored procedures that were needed for a high user site implementation. His suggestion is basically to use either

WITH (NOLOCK)

or

SET TRANSACTION ISOLATION LEVEL READ UNCOMMITTED

before the SELECT queries in the membership stored procedures.

Optimize asp net membership stored procedures for greater speed and scalability

like image 42
Paul Rowland Avatar answered Nov 03 '22 13:11

Paul Rowland