Making your Web Application secure by using ASP.NETApr 03, 2015
At the application level, Web security is first and foremost about securing pages so that they can't be retrieved by unauthorized users—for example, preventing non-managers from viewing pages containing salary data and performance evaluations on the company intranet or preventing other people from viewing your My eBay pages. At a slightly deeper level, you might want to know who requested the page so you can personalize it for that individual. Either form of protection requires two actions on the part of the application: identify the originator of each request and define rules that govern who can access which pages A Web server identifies callers using a mechanism called authentication. Once a caller is identified, authorization determines which pages that particular caller is allowed to view. ASP.NET supports a variety of authentication and authorization models. Understanding the options that are available to you and how they interrelate is an important first step in designing a site that restricts access to some or all of its resources or that personalizes content for individual users.