S

sa account, Connection String Types, Connecting with Least Privilege, The Database Trusts Different Roles, Additional Best Practices

salt values, generating, Storing Secrets, Store One-way Password Hashes (with Salt), Configure the Web Application for Forms Authentication

scalability, The Foundations, Disadvantages of the Impersonation / Delegation Model, Hosting Multiple Web Applications, Accessing Network Resources

scenarios, configuration., Base Configuration (see )

screened subnets, Physical Deployment Models, Key Notes

script injection attacks, Design Principles

secrets, Accessing Non-Windows Network Resources, Why Use a Serviced Component?

secure communication, Authorization, Implementation Technologies, Security Architecture, Authentication, Secure Communication, Secure Communication, Secure Communication, Know What to Secure, SSL/TLS, IPSec, Using IPSec, Using RPC Encryption, Using RPC Encryption, Web Server to Remote Application Server, Web Server to Remote Application Server, Application Server to Database Server, Choosing Between IPSec and SSL, Choosing Between IPSec and SSL, Intranet Security, Configuring ASP.NET, Configuring Secure Communication, Configure SQL Server, Configure SQL Server, Configuring SQL Server, Configuring SQL Server, Configuring SQL Server, Configure the Application Server, Configuring Security, Preventing Files from Being Downloaded, Accessing Non-Windows Network Resources, Securing the Database Connection String, Enterprise Services Security, Platform/Transport Level (Point-to-Point) Security, Platform/Transport Security Architecture, Disable HTTP-GET, HTTP-POST, Solution Implementation, ASP.NET and the HTTP Channel, Using a Windows Service Host, Hosting in a Windows Service, Hosting in a Windows Service, Using Multiple Database Roles, SSL, How To: Set Up Client Certificates, How To: Use IPSec to Provide Secure Communication Between Two Servers, Configuration Stores and Tools, .NET Web Application Security, .NET Web Application Security

.NET Framework security, .NET Web Application Security

.NET remoting security, ASP.NET and the HTTP Channel, Using a Windows Service Host, Hosting in a Windows Service

application server to database server, Web Server to Remote Application Server

ASP.NET security, Accessing Non-Windows Network Resources

Basic authentication and, Authentication

browser to Web server, Using RPC Encryption

configuration stores and tools, Configuration Stores and Tools

configuring, Configuring Security, Preventing Files from Being Downloaded

data access security, Using Multiple Database Roles

Enterprise Services security, Enterprise Services Security

extranet security, Configuring SQL Server, Configuring SQL Server

Internet security, Configuring SQL Server, Configure the Application Server

intranet security, Intranet Security, Configuring ASP.NET, Configuring Secure Communication, Configure SQL Server, Configure SQL Server

IPSec, IPSec, How To: Use IPSec to Provide Secure Communication Between Two Servers

(see also )

IPSec vs. SSL, Secure Communication, Choosing Between IPSec and SSL

RPC encryption, Using IPSec

scenarios, Using RPC Encryption

setting up client certificates, How To: Set Up Client Certificates

SQL Server session state and, Securing the Database Connection String

SSL, SSL/TLS, Application Server to Database Server

(see also )

technologies, Authorization, Implementation Technologies, Security Architecture, Secure Communication, .NET Web Application Security

troubleshooting, SSL

Web application deployment models, Know What to Secure

Web farming and load balancing, Choosing Between IPSec and SSL

Web server to application server, Web Server to Remote Application Server

Web services, Platform/Transport Level (Point-to-Point) Security, Platform/Transport Security Architecture, Disable HTTP-GET, HTTP-POST, Solution Implementation

Windows service features, Hosting in a Windows Service

Secure Hash Algorithm (SHA1), Securing Session and View State, The decryptionKey Attribute

secure resources., Resource Based Authorization (see )

Secure Sockets Layer., Accessing Non-Windows Network Resources (see )

SecureMethod attribute, Adding Roles to an Application

security blanket settings, Configuring Interface Proxies

security contexts., ASP.NET and HttpContext.User (see )

security logs., Choose the Identities Used for Resource Access (see )

security policies, CAS, Gatekeepers and Gates

Security Service Provider Interface (SSPI), More Information, Advantages

security., Security Architecture (see )

SecurityRole attribute, Configure Authorization (Component-Level Access Checks)

semicolon (;), Anatomy of a SQL Script Injection Attack

seminars., Reference Hub (see )

sensitive data., Secure Communication (see )

server applications, Enterprise Services, More Information, Gatekeepers and Gates, Configuring Security, Development Time vs. Deployment Time Configuration, Development Time vs. Deployment Time Configuration, Development Time vs. Deployment Time Configuration, Configure Authorization (Component-Level Access Checks), Register Serviced Components, Register Serviced Components, Use Windows Groups, Security Concepts, Impersonation

authentication, Development Time vs. Deployment Time Configuration

authorization, Development Time vs. Deployment Time Configuration

cloaking, Impersonation

configuring, Configuring Security

creating and assigning roles, Configure Authorization (Component-Level Access Checks)

development time vs. deployment time, Development Time vs. Deployment Time Configuration

identity, Use Windows Groups

library applications vs., More Information, Gatekeepers and Gates, Security Concepts

populating roles, Register Serviced Components

registering serviced components, Register Serviced Components

server certificates., SSL/TLS, Web Server to Remote Application Server, Configure IIS Settings, Authenticating Web Browser Clients with Certificates, How To: Set Up SSL on a Web Server, How To: Set Up SSL on a Web Server, Generate a Certificate Request, Submit a Certificate Request, Submit a Certificate Request, Install the Certificate on the Web Server, Requirements, Install a Server Authentication Certificate, Verify that the Certificate Has Been Installed

(see also , )

configuring resources to require, Install the Certificate on the Web Server

generating requests, How To: Set Up SSL on a Web Server

IIS settings, Configure IIS Settings

installing, Submit a Certificate Request, Requirements, Verify that the Certificate Has Been Installed

issuing, Submit a Certificate Request

SSL and, SSL/TLS, Web Server to Remote Application Server, How To: Set Up SSL on a Web Server

submitting requests, Generate a Certificate Request

verifying installation of, Install a Server Authentication Certificate

server compromise, Disadvantages of the Trusted Subsystem Model

server process account, delegation and, Requirements

servers., Configuring the Web Server (see , , , )

service accounts, Choose the Identities Used for Resource Access, The Trusted Subsystem Model, Using the Current Process Identity

Service Control Manager (SCM), Security Architecture

Service Principal Names (SPNs), Using Forms Authentication

serviced components., More Information, Security Configuration Steps, Using the ASP.NET Process Identity, Options for Storing Secrets in ASP.NET, Enterprise Services Security, Register Serviced Components, RPC Encryption, RPC Encryption, Versioning, More Information, Calling Serviced Components from ASP.NET, Calling Serviced Components from ASP.NET, Calling Serviced Components from ASP.NET, Calling Serviced Components from ASP.NET, Using Fixed Identities within ASP.NET, Requirements, Create a Windows Account to Run the Enterprise Services Application and Windows Service, Configure, Strong Name, and Register the Serviced Component, How To: Use Role-based Security with Enterprise Services, Create the Serviced Component, Develop the Serviced Component Used to Call the Web Service, How To: Set Up Client Certificates

(see also )

accessing network resources using, Using the ASP.NET Process Identity

authentication, More Information

building, RPC Encryption

caller identity, Calling Serviced Components from ASP.NET

calling, from ASP.NET Web applications, Calling Serviced Components from ASP.NET

client certificates and., How To: Set Up Client Certificates (see )

configuring, Security Configuration Steps, Create the Serviced Component

configuring and installing, Develop the Serviced Component Used to Call the Web Service

configuring interface proxies, Calling Serviced Components from ASP.NET

configuring, strong naming, and registering, Create a Windows Account to Run the Enterprise Services Application and Windows Service

creating Windows service to launch, Configure, Strong Name, and Register the Serviced Component

creating, with encryption and decryption methods, Requirements

DLL locking problems, RPC Encryption

QueryInterface exceptions, More Information

registering, Register Serviced Components

role-based authorization with, How To: Use Role-based Security with Enterprise Services

storing secrets with, Options for Storing Secrets in ASP.NET

versioning, Versioning

Windows authentication and impersonation, Calling Serviced Components from ASP.NET, Using Fixed Identities within ASP.NET

session state, Storing Secrets, Securing Session and View State, Securing the Database Connection String, Web Farm Considerations

as secret, Storing Secrets

networks and, Securing the Database Connection String

SQL, Securing Session and View State

Web farms and, Web Farm Considerations

Setspn.exe, Using Forms Authentication

settings., Intranet Security (see , )

SHA1 (Secure Hash Algorithm), Securing Session and View State, The decryptionKey Attribute

signing certificates, Keys and Certificates

single quotation (’), Anatomy of a SQL Script Injection Attack

sinks, .NET remoting, .NET Remoting Architecture, .NET Remoting Architecture, Transport Channel Sinks, Transport Channel Sinks

custom, Transport Channel Sinks

formatter, Transport Channel Sinks

transport channel, .NET Remoting Architecture

Sn.exe tool, Create a C# Class Library, Create a Windows Account to Run the Enterprise Services Application and Windows Service, Configure the Serviced Component, Develop the Serviced Component Used to Call the Web Service

SOAP headers, Application Level Security, Platform/Transport Security Architecture, Using the ConnectionGroupName Property

SoapFormatter class, Formatter Sinks

software configuration, base, Base Configuration

specific credentials, The <processModel> Element, Using Specific Credentials, Using DefaultCredentials

SQL authentication, More Information, Application Server to Database Server, Non-Internet Explorer Browsers, Analysis, Storing Secrets, Securing SQL Session State, Trusted Subsystem vs. Impersonation/Delegation, Using the Anonymous Internet User Account, Connection String Types, Connection String Types, Choosing a SQL Account for Your Connections, Choosing a SQL Account for Your Connections, Fusion Log Viewer (Fuslogvw.exe)

choosing SQL accounts, Connection String Types

connection strings, Storing Secrets, Securing SQL Session State, Connection String Types, Choosing a SQL Account for Your Connections

data access security and, Using the Anonymous Internet User Account

intranet security and, Non-Internet Explorer Browsers, Analysis

ISQL.exe and, Fusion Log Viewer (Fuslogvw.exe)

options, More Information

passing credentials over networks, Choosing a SQL Account for Your Connections

SSL and, Application Server to Database Server

Windows authentication vs., Trusted Subsystem vs. Impersonation/Delegation

SQL injection attacks, Design Principles, SQL Injection Attacks

SQL Server 2000, Forms authentication with, Configurable Security, How To: Use Forms Authentication with SQL Server 2000, How To: Use Forms Authentication with SQL Server 2000, Requirements, Requirements, Create a Web Application with a Logon Page, Configure the Web Application for Forms Authentication, Create a User Account Database, Create a User Account Database, Authenticate User Credentials Against the Database, Test the Application

authenticating user against database, Authenticate User Credentials Against the Database

configuring Web application for, Create a Web Application with a Logon Page

creating user account database, Create a User Account Database

creating Web application with logon page, Requirements

developing functions to generate hash and salt values, Configure the Web Application for Forms Authentication

requirements, Requirements

storing credentials, How To: Use Forms Authentication with SQL Server 2000

testing, Test the Application

using ADO.NET to store account details in database, Create a User Account Database

SQL Server 2000., Design Principles, Design Principles, Implementation Technologies, Security Architecture, Security Across the Tiers, More Information, More Information, Gatekeepers and Gates, The Trusted Subsystem Model, Enterprise Services (COM+) Roles, Enterprise Services (COM+) Roles, Web Server to Remote Application Server, Configuring ASP.NET, Configuring Enterprise Services, Configuring the Application Server (that Hosts the Web Service), Configure the Application Server, Related Scenarios, Security Configuration Steps, Configuring SQL Server, Configuring SQL Server, Configuring SQL Server, Configure the Application Server, Storing Secrets, Storing Secrets, Securing Session and View State, Data Access Security, Data Access Security, SQL Server Gatekeepers, Implementing Mirrored ASPNET Process Identity, Connection String Types, Connection String Types, Authorization, Authorization, Authorization, Connecting with Least Privilege, Creating a Least Privilege Database Account, SQL Injection Attacks, Auditing, Auditing, Auditing, Windows Security Logs, Windows Security Logs, How To: Use IPSec to Provide Secure Communication Between Two Servers, How To: Use SSL to Secure Communication with SQL Server 2000, Verify that Communication is Encrypted, Verify that Communication is Encrypted, Base Configuration, Configuration Stores and Tools, How Tos, .NET Web Application Security

(see also )

accounts, Connection String Types

application roles, Enterprise Services (COM+) Roles, Storing Secrets, Authorization

as implementation technology, Implementation Technologies, Security Architecture

auditing, Auditing, Windows Security Logs

authentication, More Information, Connection String Types

(see also )

authorization, More Information

base configuration, Base Configuration

configuration stores and tools, Configuration Stores and Tools

database roles, Authorization

database trust, Connecting with Least Privilege

Enterprise Manager, Creating a Least Privilege Database Account, Auditing, Windows Security Logs, Verify that Communication is Encrypted

extranet settings, Configuring SQL Server, Configuring SQL Server

fixed identities, The Trusted Subsystem Model

Forms authentication with., Data Access Security (see )

gates and gatekeepers, Gatekeepers and Gates, SQL Server Gatekeepers

Internet settings, Configuring SQL Server, Configure the Application Server

(see also )

intranet settings, Configuring ASP.NET, Configuring Enterprise Services, Configuring the Application Server (that Hosts the Web Service), Configure the Application Server, Security Configuration Steps

(see also )

IPSec and, How To: Use IPSec to Provide Secure Communication Between Two Servers

Network Utility, Verify that Communication is Encrypted

original caller identity flow, Related Scenarios

process identity, Auditing

reference information, How Tos

security options, Design Principles, Security Across the Tiers, .NET Web Application Security

session state, Storing Secrets, Securing Session and View State

SQL injection attacks, Design Principles, SQL Injection Attacks

SSL to, Web Server to Remote Application Server, How To: Use SSL to Secure Communication with SQL Server 2000

(see also )

user defined database roles, Enterprise Services (COM+) Roles, Authorization

Windows authentication and, Implementing Mirrored ASPNET Process Identity

SSL (Secure Sockets Layer)., Implementation Technologies, Security Architecture, ASP.NET Authentication Modes, Secure Communication, Secure Communication, SSL/TLS, Using RPC Encryption, Application Server to Database Server, Choosing Between IPSec and SSL, Choosing Between IPSec and SSL, Preventing Files from Being Downloaded, Accessing Non-Windows Network Resources, SSL, How To: Call a Web Service Using Client Certificates from ASP.NET, How To: Call a Web Service Using SSL, How To: Call a Web Service Using SSL, Summary, Configure the Web Service Virtual Directory to Require SSL, Install the Certificate Authority’s Certificate on the Client Computer, How To: Set Up SSL on a Web Server, How To: Set Up SSL on a Web Server, How To: Set Up SSL on a Web Server, Generate a Certificate Request, Submit a Certificate Request, Submit a Certificate Request, Install the Certificate on the Web Server, How To: Set Up Client Certificates, How To: Use SSL to Secure Communication with SQL Server 2000, How To: Use SSL to Secure Communication with SQL Server 2000, How To: Use SSL to Secure Communication with SQL Server 2000, Requirements, Requirements, Install a Server Authentication Certificate, Verify that the Certificate Has Been Installed, Verify that the Certificate Has Been Installed, Force All Clients to Use SSL, Allow Clients to Determine Whether to Use SSL

(see also )

as implementation technology, Implementation Technologies, Security Architecture

ASP.NET security and, Accessing Non-Windows Network Resources

browser to Web server scenario, Using RPC Encryption

client certificates and, How To: Call a Web Service Using Client Certificates from ASP.NET

(see also )

configuring, Preventing Files from Being Downloaded

configuring resources to require, Summary, Install the Certificate on the Web Server

configuring server to allow clients to choose whether to use, Force All Clients to Use SSL

configuring server to force clients to use, Verify that the Certificate Has Been Installed

Forms authentication and, ASP.NET Authentication Modes

generating certificate request, How To: Set Up SSL on a Web Server

installing certificate on client, Install the Certificate Authority’s Certificate on the Client Computer, Verify that the Certificate Has Been Installed

installing certificate on Web server, Submit a Certificate Request

installing server authentication certificate, Requirements

IPSec vs., Secure Communication, Choosing Between IPSec and SSL, How To: Use SSL to Secure Communication with SQL Server 2000

issues, SSL/TLS, How To: Use SSL to Secure Communication with SQL Server 2000

issuing certificate, Submit a Certificate Request

requirements, How To: Call a Web Service Using SSL, How To: Set Up SSL on a Web Server, Requirements

setting up, on Web server, How To: Set Up SSL on a Web Server

SQL Server and, Application Server to Database Server, How To: Use SSL to Secure Communication with SQL Server 2000

submitting certificate request, Generate a Certificate Request

testing, Configure the Web Service Virtual Directory to Require SSL

troubleshooting, SSL

verifying encryption, Allow Clients to Determine Whether to Use SSL

verifying server certificate installation, Install a Server Authentication Certificate

Web farming and load balancing and, Choosing Between IPSec and SSL

Web services security and, How To: Call a Web Service Using SSL, How To: Set Up Client Certificates

SSPI (Security Service Provider Interface), More Information

state, securing session and view, Securing Session and View State

static cloaking, Impersonation

stored procedures, Choose an Authentication Approach, Disadvantages of the Trusted Subsystem Model, Flowing the Caller’s Identity, SQL Injection Attacks

identity flow and, Choose an Authentication Approach, Disadvantages of the Trusted Subsystem Model, Flowing the Caller’s Identity

SQL injection attacks and, SQL Injection Attacks

stores., The Foundations, Retrieve a Role List from the Custom Data Store, Using DPAPI from Enterprise Services, Configuration Stores and Tools, Keys and Certificates

(see also )

certificate, Keys and Certificates

configuration., Configuration Stores and Tools (see )

DPAPI., Using DPAPI from Enterprise Services (see , )

role lists in custom data, Retrieve a Role List from the Custom Data Store

strings, connection., Modify the Web Application to Read an Encrypted Connection String from Web.Config (see )

strong names, Gatekeepers and Gates, Create a C# Class Library, Create a Windows Account to Run the Enterprise Services Application and Windows Service, Configure the Serviced Component, Develop the Serviced Component Used to Call the Web Service

strong passwords, Using the ASP.NET Process Identity, Summary

Support Center, Process for Troubleshooting, Searching for Implementation Solutions

surface area, reducing, Design Principles

symmetric encryption, SSL/TLS, Technical Choices, Symmetric Algorithm Support

sysadmin role, Connection String Types, Connecting with Least Privilege, Additional Best Practices

SYSTEM account, Design Principles, Avoid Running as SYSTEM, The <processModel> Element, Auditing, ASP.NET Worker Process Identity, How To: Implement Kerberos Delegation for Windows 2000

system resources, The Foundations, Authentication and Authorization Design, Accessing System Resources, Accessing the Registry, Configuring the Web Server, Authentication and Authorization Strategies

.NET remoting and, Authentication and Authorization Strategies

accessing event log, Accessing System Resources

accessing registry, Accessing the Registry

authorization and, The Foundations

identifying, Authentication and Authorization Design

Web services and, Configuring the Web Server