locked
Custom Membership and Profile RRS feed

  • Question

  • User-1404697470 posted

    Hello,

    I am currently creating a website which will have membership, profiles, roles, etc capabilities. However, I do not want to use the asp.net default providers for these and want to create my own database. But, the problem is, I don't know how secure my database will be because I am only an intermediate developer. Could you please tell me how I can create an efficient database system and provider and be sure that it is secure. Is there any tutorial for this? Please help me and thank you.

    Saturday, August 14, 2010 6:16 PM

Answers

  • User-1340885213 posted

    But, the problem is, I don't know how secure my database will be because I am only an intermediate developer. Could you please tell me how I can create an efficient database system and provider and be sure that it is secure. Is there any tutorial for this? Please help me and thank you.
     

    Your database will be as long secure as you follow the proper security method. That is enable SSL, keep Authentication and Authorization in correct place.

    The ASP.NET security framework includes classes for authenticating and authorizing users as well as for dealing with authenticated users in your applications. Furthermore, the .NET Framework on its own provides you with a set of base classes for implementing confidentiality and integrity through encryption and digital signatures. 

    Creating a secure architecture and design requires that you have an in-depth understanding of your application’s environment. You can’t create secure software if you don’t know who has access to your application and where possible points of attack might be. Therefore, the most important factor for creating a secure application architecture and design lies in a good understanding of environmental factors such as users, entry points, and potential possible threats with points of attack. That’s why threat modeling has become more important in today’s software development processes. Threat modeling is a structured way of analyzing your application’s environment for possible threats, ranking those threats, and then deciding about mitigation techniques based on those threats. With this approach, a decision for using a security technology (such as authentication or SSL encryption) is always based on an actual reason: the threat itself. 

    Besides keep watching the tutorials you have been given previoulsy, I think, you correctly understand the threat modelling.

    There are few more good links where you'd get broader view:

    MSDN 

    MSDN

    MSDN 

    And few coding guidelines one should always follow:

    1) Never trust user input

    2) Never use string concatenation for creating SQL statements

    3) Never output data entered by a user directly on your web page before validating and encoding it

    4) Never store sensitive data, business-critical data, or data that affects internal business rule decisions made by your application in hidden fields on your web page

    5) Never store sensitive data or business-critical data in view state

    6) Enable SSL when using Basic authentication or ASP.NET forms authentication

    7) Enable SSL when using Basic authentication or ASP.NET forms authentication

    8) Protect your cookies

    9) Use SSL

    For more reading please refer to :

     How to build Custom Membership and Profile, step 1

     How to build Custom Membership and Profile, step 2

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Saturday, August 14, 2010 10:13 PM

All replies

  • User-1340885213 posted

    But, the problem is, I don't know how secure my database will be because I am only an intermediate developer. Could you please tell me how I can create an efficient database system and provider and be sure that it is secure. Is there any tutorial for this? Please help me and thank you.
     

    Your database will be as long secure as you follow the proper security method. That is enable SSL, keep Authentication and Authorization in correct place.

    The ASP.NET security framework includes classes for authenticating and authorizing users as well as for dealing with authenticated users in your applications. Furthermore, the .NET Framework on its own provides you with a set of base classes for implementing confidentiality and integrity through encryption and digital signatures. 

    Creating a secure architecture and design requires that you have an in-depth understanding of your application’s environment. You can’t create secure software if you don’t know who has access to your application and where possible points of attack might be. Therefore, the most important factor for creating a secure application architecture and design lies in a good understanding of environmental factors such as users, entry points, and potential possible threats with points of attack. That’s why threat modeling has become more important in today’s software development processes. Threat modeling is a structured way of analyzing your application’s environment for possible threats, ranking those threats, and then deciding about mitigation techniques based on those threats. With this approach, a decision for using a security technology (such as authentication or SSL encryption) is always based on an actual reason: the threat itself. 

    Besides keep watching the tutorials you have been given previoulsy, I think, you correctly understand the threat modelling.

    There are few more good links where you'd get broader view:

    MSDN 

    MSDN

    MSDN 

    And few coding guidelines one should always follow:

    1) Never trust user input

    2) Never use string concatenation for creating SQL statements

    3) Never output data entered by a user directly on your web page before validating and encoding it

    4) Never store sensitive data, business-critical data, or data that affects internal business rule decisions made by your application in hidden fields on your web page

    5) Never store sensitive data or business-critical data in view state

    6) Enable SSL when using Basic authentication or ASP.NET forms authentication

    7) Enable SSL when using Basic authentication or ASP.NET forms authentication

    8) Protect your cookies

    9) Use SSL

    For more reading please refer to :

     How to build Custom Membership and Profile, step 1

     How to build Custom Membership and Profile, step 2

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Saturday, August 14, 2010 10:13 PM