ASP.NET 3.5 Security, Membership, and Role Management with C# and VB -- About the Author -- About the Previous Author -- Credits -- Acknowledgments -- Contents -- Introduction -- Who This Book Is For -- What This Book Covers -- What You Need to Use This Book -- Conventions -- Source Code -- Errata -- p2p. wrox. com -- Chapter 1: Introducing IIS 7.0 -- Overview of IIS 7.0 -- Application Pools -- IIS 7.0 Components -- IIS 7.0 Modules -- Summary -- Chapter 2: IIS 7.0 and ASP.NET Integrated Mode -- Advantages of IIS 7.0 and ASP.NET Integrated Mode -- IIS 7.0 Integrated Mode Architecture -- Summary -- Chapter 3: HTTP Request Processing in IIS 7.0 Integrated Model -- Built-in IUSR Account and IIS_ IUSRS Group -- Integrated Mode Per-Request Security -- The Unified Processing Pipeline -- Summary -- Chapter 4: A Matter of Trust -- What Is an ASP.NET Trust Level? -- Summary -- Chapter 5: Configuration System Security -- Using the Element -- Using the lockAttributes -- Managing IIS 7.0 Configuration versus ASP.NET Configuration -- Extending IIS 7.0 with Managed Modules and Handlers -- Managing the Native versus Managed Configuration Systems -- IIS 7.0 Feature Delegation -- Reading and Writing Configuration -- Using Configuration in Partial Trust -- Protected Configuration -- Summary -- Chapter 6: Forms Authentication -- A Quick Recap of Forms Authentication -- Understanding Persistent Tickets -- Securing the Ticket on the Wire -- Setting Cookie-Specific Security Options -- Using Cookieless Forms Authentication -- Configuring Forms Authentication Inside IIS 7.0 -- Sharing Tickets between 1.1 and 2.0/3.5 -- Using Forms Authentication Across Different Content Types -- Leveraging the UserData Property -- Passing Tickets Across Applications -- Enforcing Single Logons and Logouts -- Summary -- Chapter 7: Integrating ASP.NET Security with Classic ASP.

IIS 5 ISAPI Extension Behavior -- IIS 7.0 Wildcard Mappings -- DefaultHttpHandler -- Using the DefaultHttpHandler -- Serving Classic ASP in IIS 7.0 Integration Mode -- Authenticating Classic ASP with ASP.NET -- Authenticating Classic ASP with IIS 7.0 Integrated Mode -- Authorizing Classic ASP with ASP.NET -- Authorizing Classic ASP with IIS 7.0 Integrated Mode -- Summary -- Chapter 8: Session State -- Does Session State Equal Logon Session? -- Session Data Partitioning -- Cookie-Based Sessions -- Cookieless Sessions -- Configuring Session State Inside IIS 7.0 -- Session State for Applications Running in IIS 7.0 Integrated Mode -- Session ID Reuse and Expired Sessions -- Session ID Denial-of-Service Attacks -- Trust Levels and Session State -- Database Security for SQL Session State -- Security Options for the OOP State Server -- Summary -- Chapter 9: Security for Pages and Compilation -- Request Validation and Viewstate Protection -- Page Compilation -- Fraudulent Postbacks -- Site Navigation Security -- Summary -- Chapter 10: The Provider Model -- Why Have Providers? -- Patterns Found in the Provider Model -- Core Provider Classes -- Building a Provider-Based Feature -- Summary -- Chapter 11: Membership -- The Membership Class -- The MembershipUser Class -- The MembershipProvider Base Class -- The "Primary Key" for Membership -- Supported Environments -- Using Custom Hash Algorithms -- Summary -- Chapter 12: SqlMembershipProvider -- Understanding the Common Database Schema -- The Membership Database Schema -- Working with SQL Server Express -- Database Security -- Database Schemas and the DBO User -- Changing Password Formats -- Custom Password Generation -- Implementing Custom Encryption -- Enforcing Custom Password Strength Rules -- Account Lockouts -- Implementing Automatic Unlocking -- Supporting Dynamic Applications.

Managing an Application's Users Through IIS 7.0 -- Summary -- Chapter 13: ActiveDirectoryMembership Provider -- Supported Directory Architectures -- Provider Configuration -- Unique Aspects of Provider Functionality -- ActiveDirectoryMembershipUser -- Working with Active Directory -- Using ADLDS -- Using the Provider in Partial Trust -- Summary -- Chapter 14: Role Manager -- The Roles Class -- The RolePrincipal Class -- The RoleManagerModule -- RoleProvider -- WindowsTokenRoleProvider -- Summary -- Chapter 15: SqlRoleProvider -- SqlRoleProvider Database Schema -- Provider Security -- Working with Windows Authentication -- Running with a Limited Set of Roles -- Authorizing with Roles in the Data Layer -- Supporting Dynamic Applications -- Managing an Application's Roles Through IIS 7.0 -- Summary -- Chapter 16: AuthorizationStoreRoleProvider -- Provider Design -- Supported Functionality -- Using a File-Based Policy Store -- Using a Directory-Based Policy Store -- Using a Microsoft SQL Server Database-Based Policy Store -- Working in Partial Trust -- Using Membership and Role Manager Together -- Summary -- Chapter 17 :Membership and Role Management in ASP.NET AJAX 3.5 -- ASP.NET Membership and Role Services Overview -- ASP.NET AJAX Application Services -- Summary -- Chapter 18: Best Practices for Securing ASP.NET Web Applications -- Web Application Security Threats Overview -- Developers Beware -- AJAX-Enabled Application Threats -- Summary -- Index.