W

W3C Extended Logging, SQL Server Auditing

Web applications, Introduction, Authorization, Security Model for ASP.NET Applications, Logical Tiers, Physical Deployment Models, Implementation Technologies, Security Architecture, Security Across the Tiers, Security Configuration Steps, Forms Implementation Guidelines, Using the Anonymous Internet User Account, Configure Authorization (Component-Level Access Checks), Formatter Sinks, .NET Remoting Gatekeepers, Configuring the Web Server, Configuring the Remote Application Server, Configuring the Application Server, Configuring the Web Server, Choosing a Host Process, Connecting with Least Privilege, Create a Web Application with a Logon Page, Requirements, Requirements, How To: Implement IPrincipal, Create a Windows Service Application that will Launch the Serviced Component, Store the Encrypted Data in the Registry, Examine the Configured Application, Configure and Install the Serviced Component, Install the Certificate Authority’s Certificate on the Client Computer, Create a Simple Web Application, Force All Clients to Use SSL

adding roles to, Configure Authorization (Component-Level Access Checks)

client., Force All Clients to Use SSL (see )

connected landscape of distributed, Introduction

creating simple, for client certificates, Create a Simple Web Application

creating simple, for IPrincipal implementation, How To: Implement IPrincipal

creating, to call Web services, Configure and Install the Serviced Component, Install the Certificate Authority’s Certificate on the Client Computer

creating, to retrieve encrypted connection string from registry, Store the Encrypted Data in the Registry

creating, to test encryption and decryption, Create a Windows Service Application that will Launch the Serviced Component

creating, to test serviced component security, Examine the Configured Application

creating, with logon page, Create a Web Application with a Logon Page, Requirements, Requirements

database trust of, Connecting with Least Privilege

hosting multiple, Forms Implementation Guidelines, Using the Anonymous Internet User Account

logical tiers, Logical Tiers

physical deployment models, Physical Deployment Models

(see also , )

remote object hosting, Formatter Sinks, .NET Remoting Gatekeepers, Configuring the Remote Application Server, Configuring the Application Server, Configuring the Web Server, Choosing a Host Process

security., Security Architecture (see )

servers., Configuring the Web Server (see , , )

technologies, Authorization, Implementation Technologies, Security Across the Tiers

Web services partner applications, Security Configuration Steps

Web applications security., Introduction, The Foundations, The Foundations, Authorization, Design Principles, Security Model for ASP.NET Applications, Security Model for ASP.NET Applications, Implementation Technologies, Security Architecture, Security Architecture, Authentication, Authentication, More Information, More Information, More Information, More Information, More Information, More Information, More Information, Gatekeepers and Gates, Gatekeepers and Gates, Gatekeepers and Gates, Gatekeepers and Gates, Gatekeepers and Gates, Gatekeepers and Gates, Gatekeepers and Gates, ASP.NET and HttpContext.User, ASP.NET and HttpContext.User, ASP.NET and HttpContext.User, ASP.NET and HttpContext.User, Authentication and Authorization Design, Secure Communication, Secure Communication, Intranet Security, Intranet Security, Intranet Security, Intranet Security, Extranet Security, Internet Security, Data Access Security, Troubleshooting Security Issues, Reference Hub, .NET Web Application Security

(see also )

.NET Framework security, Gatekeepers and Gates

(see also )

.NET remoting security, ASP.NET and HttpContext.User, ASP.NET and HttpContext.User

(see also )

architecture, Security Architecture

ASP.NET security, Authentication, More Information, Gatekeepers and Gates, ASP.NET and HttpContext.User

(see also )

authentication, The Foundations, Authentication

(see also )

authentication and authorization strategies., Authentication and Authorization Design (see )

authorization, The Foundations, More Information

(see also )

Code Access Security, Gatekeepers and Gates

configurable., Intranet Security (see )

configuration., Intranet Security (see )

connected landscape and, Introduction

data access security., Data Access Security (see )

design principles, Design Principles

Enterprise Services security, More Information, More Information, Gatekeepers and Gates

(see also )

extranet security., Extranet Security (see )

gatekeepers and gates, More Information

(see also )

Internet security., Internet Security (see )

intranet security., Intranet Security (see )

programmatic., Intranet Security (see )

reference hub, Reference Hub

secure communication, Secure Communication, Secure Communication

(see also )

SQL Server security, More Information, More Information, Gatekeepers and Gates

(see also )

technologies, Authorization, Implementation Technologies, Security Architecture, .NET Web Application Security

troubleshooting., Troubleshooting Security Issues (see )

Web application characteristics, Security Model for ASP.NET Applications

(see also )

Web services security, Gatekeepers and Gates, ASP.NET and HttpContext.User

(see also )

Windows security, Gatekeepers and Gates

(see also )

Web browsers., Choose the Identities Used for Resource Access (see )

Web farms, Choosing Between IPSec and SSL, Web Farm Considerations, Web Farm Considerations, Web Farm Considerations, Web Farm Considerations

DPAPI and, Web Farm Considerations

session state and, Web Farm Considerations

SSL, load balancing, and, Choosing Between IPSec and SSL

using Forms authentication in, Web Farm Considerations

Web gardens, Web Farm Considerations

Web pages, Development Steps for Forms Authentication, More Information, Determining Identity

creating COM objects in, More Information

determining identity in, Determining Identity

logon., Development Steps for Forms Authentication (see )

Web requests., IIS 6.0 and Windows .NET Server (see )

Web Server Certificate Wizard, Generate a Certificate Request

Web servers, Physical Deployment Models, Authentication and Authorization Design, Using RPC Encryption, Configuring the Web Server (that Hosts the Web Application), Security Configuration Steps, ASP.NET to SQL Server, Security Configuration Steps, Security Configuration Steps, The Result, The Result, More Information, Configure the Web Server, Proxy Server Authentication, Flowing the Original Caller, Forms Authentication, Flowing the Caller’s Identity, Flowing the Original Caller, Configuring the Web Server, Choosing a Host, How To: Set Up SSL on a Web Server

.NET remoting settings, Flowing the Original Caller, Configuring the Web Server, Choosing a Host

anonymous domain accounts at, More Information

as application servers, Physical Deployment Models

extranet settings, Security Configuration Steps, The Result

Internet settings, The Result, Configure the Web Server

intranet settings, Configuring the Web Server (that Hosts the Web Application), Security Configuration Steps, Security Configuration Steps

original caller identity flow and, ASP.NET to SQL Server

proxy server authentication, Proxy Server Authentication

resources and, Authentication and Authorization Design

secure communication and, Using RPC Encryption

setting up SSL on, How To: Set Up SSL on a Web Server

Web services settings, Flowing the Original Caller, Forms Authentication, Flowing the Caller’s Identity

Web services, Implementation Technologies, Web Server to Remote Application Server, More Information, Web Services Security, Web Services Security, Message Level (End-to-End) Security, Summary, Install the Certificate Authority’s Certificate on the Client Computer, Hubs

as implementation technology, Implementation Technologies

creating application to call, Install the Certificate Authority’s Certificate on the Client Computer

creating simple, Summary

Development Toolkit, Web Server to Remote Application Server, Web Services Security, Message Level (End-to-End) Security

Enterprise Services and, More Information

reference information, Hubs

security., Web Services Security (see )

Web services security, Introduction, Security Across the Tiers, Gatekeepers and Gates, ASP.NET and HttpContext.User, Web Server to Remote Application Server, Pitfalls, Exposing a Web Service, Accessing the Registry, Web Services Security, Web Services Security, Platform/Transport Level (Point-to-Point) Security, Platform/Transport Security Architecture, More Information, Configuring Security, Disable HTTP-GET, HTTP-POST, Using the ConnectionGroupName Property, Proxy Server Authentication, Configuring the Application Server, Configuring the Web Server, Configuring the Web Server, Accessing Network Resources, Accessing Network Resources, Solution Implementation, Disadvantages, Determining Identity in a Web service, Visual Studio .NET Tools, How To: Call a Web Service Using Client Certificates from ASP.NET, How To: Call a Web Service Using SSL, How To: Set Up Client Certificates, Configuration Stores and Tools, .NET Web Application Security

(see also )

.NET remoting security vs., Disadvantages

accessing COM objects, Accessing the Registry, Accessing Network Resources

accessing network resources, Configuring the Web Server

accessing system resources, Configuring the Web Server

architecture, Platform/Transport Level (Point-to-Point) Security, Platform/Transport Security Architecture

authentication and authorization strategies, More Information

calling Web services from non-Windows clients, Using the ConnectionGroupName Property

configuration stores and tools, Configuration Stores and Tools

configuring, Configuring Security

connected landscape and, Introduction

determining identity in, Determining Identity in a Web service

extranet scenario, Exposing a Web Service

flowing original callers, Proxy Server Authentication

gatekeepers and gates, Gatekeepers and Gates

intranet scenario, Pitfalls

model, Web Services Security

options, Security Across the Tiers, ASP.NET and HttpContext.User, .NET Web Application Security

passing credentials for authentication, Disable HTTP-GET, HTTP-POST

secure communication, Web Server to Remote Application Server, Solution Implementation

troubleshooting, Visual Studio .NET Tools

trusted subsystem model, Configuring the Application Server

using client certificates, Accessing Network Resources, How To: Call a Web Service Using Client Certificates from ASP.NET, How To: Set Up Client Certificates

using SSL, How To: Call a Web Service Using SSL

Web sites, Searching for Implementation Solutions, Generate a Certificate Request, Reference Hub

(see also )

Web.config files, Enterprise Services (COM+) Roles, ASP.NET Security Architecture, ASP.NET Security Architecture, Windows Authentication with Impersonation, When to Use, When to Use, More Information, More Information, Configurable Security, Programmatic Security, Configure IIS Settings, Secure Resources, Secure Resources, Locking Configuration Settings, Passport Authentication, Custom Authentication, Using a Serviced Component, Hosting Multiple Web Applications, Storing Secrets, More Information, Disable HTTP-GET, HTTP-POST, Using File Authorization, Using DPAPI from Enterprise Services, Using DPAPI Directly from ASP.NET, Process for Troubleshooting, Enable Tracing, Modify the Web Application to Read an Encrypted Connection String from Web.Config, Write a Web Application to Test the Encryption and Decryption Routines, ASP.NET Identity Matrix

.NET remoting security, Using File Authorization

ASP.NET security, Configure IIS Settings

authorization, ASP.NET Security Architecture, ASP.NET Security Architecture, When to Use, Configurable Security

connection strings in, Using DPAPI Directly from ASP.NET

custom authentication, Custom Authentication

encrypted connection strings, Using DPAPI from Enterprise Services, Modify the Web Application to Read an Encrypted Connection String from Web.Config, Write a Web Application to Test the Encryption and Decryption Routines

Enterprise Services (COM+) roles, Enterprise Services (COM+) Roles

fixed identities, Storing Secrets

Forms authentication, More Information

HTTP-GET and HTTP-POST support, Disable HTTP-GET, HTTP-POST

IIS security, ASP.NET Identity Matrix

impersonation, Using a Serviced Component, Hosting Multiple Web Applications

locking settings in, Secure Resources

Passport authentication, Programmatic Security, Passport Authentication

preventing download of files, Locking Configuration Settings

securing, Secure Resources

troubleshooting and, Process for Troubleshooting, Enable Tracing

Windows authentication, Windows Authentication with Impersonation, When to Use, More Information, More Information

WebCasts., Reference Hub (see )

WebServiceStudio, Visual Studio .NET Tools

WFetch.exe, Windows Task Manager

Windows .NET Server 2003, Hosting Multiple Web Applications, IIS and ASP.NET Processing

Windows 2000, Design Principles, Security Across the Tiers, Authentication, More Information, More Information, Gatekeepers and Gates, Evidence and Security Policy, Disadvantages of the Trusted Subsystem Model, IPSec, ASP.NET to SQL Server, Accessing System Resources, Using Forms Authentication in a Web Farm, Register Serviced Components, Authentication, Using the ConnectionGroupName Property, Using a Windows Service Host, Advantages, Using Forms Authentication, Windows Security Logs, Fusion Log Viewer (Fuslogvw.exe), Visual Studio .NET Tools, Develop LDAP Authentication Code to Look Up the User in Active Directory, Call the Managed DPAPI Class Library, Configure, Strong Name, and Register the Serviced Component, How To: Use Role-based Security with Enterprise Services, Create a Windows Account to Run the Service, Base Configuration, Seminars and WebCasts, Keys and Certificates

.NET remoting and, Using a Windows Service Host

accounts, Call the Managed DPAPI Class Library, How To: Use Role-based Security with Enterprise Services, Create a Windows Account to Run the Service

(see also )

authentication., ASP.NET to SQL Server (see , )

base configuration, Base Configuration

calling Web services from non-Windows clients, Using the ConnectionGroupName Property

certificate stores, Keys and Certificates

event log, Design Principles

gatekeepers and gates, Gatekeepers and Gates

groups, Register Serviced Components, Develop LDAP Authentication Code to Look Up the User in Active Directory

groups vs. .NET roles, More Information

High Encryption Pack, Using Forms Authentication in a Web Farm

identities vs. .NET Framework identities, Evidence and Security Policy

identity flow, Disadvantages of the Trusted Subsystem Model

Installer, Accessing System Resources

IPSec and, IPSec

Kerberos., Authentication (see )

reference information, Seminars and WebCasts

Resource Kit, Using Forms Authentication, Visual Studio .NET Tools

RPC for DCOM, Authentication

security logs, Windows Security Logs

security options, Security Across the Tiers

services., Configure, Strong Name, and Register the Serviced Component (see )

SSPI, More Information, Advantages

Task Manager, Fusion Log Viewer (Fuslogvw.exe)

Windows ACLs, The Foundations, Choose an Authorization Strategy, Authorization Approaches, Disadvantages of the Impersonation / Delegation Model, Windows Authentication with Impersonation, When to Use, Configurable Security, URL Authorization Examples, Security Architecture, More Information, When to Use, Using UDL Files, Using Custom Text Files, Using Forms Authentication

authorization and, The Foundations, Disadvantages of the Impersonation / Delegation Model

configuring, for secure resources, URL Authorization Examples

Enterprise Services and, Security Architecture

Forms authentication and, Configurable Security

registry keys and, Using Custom Text Files

resource-based authorization and, Choose an Authorization Strategy, Authorization Approaches

troubleshooting, Using Forms Authentication

UDL files and granularity of, Using UDL Files

Windows authentication with impersonation, Windows Authentication with Impersonation, More Information

Windows authentication without impersonation, When to Use, When to Use

Windows authentication, Authentication, Authentication, More Information, WindowsPrincipal and WindowsIdentity, Impersonation, .NET Roles with Windows Authentication, Using .NET Roles, Application Server to Database Server, Available Authorization Options, Windows Authentication with Impersonation, When to Use, More Information, Creating a Custom IPrincipal class, Securing the Database Connection String, Calling Serviced Components from ASP.NET, Calling Serviced Components from ASP.NET, More Information, More Information, When to Use, More Information, Passing Credentials for Authentication to Web Services, Anatomy of a Request When Hosting in ASP.NET, Trusted Subsystem vs. Impersonation/Delegation, Trusted Subsystem vs. Impersonation/Delegation, Windows Authentication, Implementing Mirrored ASPNET Process Identity, Connecting to SQL Server Using Windows Authentication, Using Fixed Identities within ASP.NET, Using Fixed Identities within ASP.NET, Using the Anonymous Internet User Account, Using the Anonymous Internet User Account, Using the Anonymous Internet User Account, IIS Authentication Issues, Fusion Log Viewer (Fuslogvw.exe), Forms Authentication Processing

.NET remoting and, Anatomy of a Request When Hosting in ASP.NET

.NET roles with and without, .NET Roles with Windows Authentication, Using .NET Roles

ASP.NET process identity and, Securing the Database Connection String, Windows Authentication

ASP.NET security and, Authentication, Creating a Custom IPrincipal class

authorization options and, Available Authorization Options

data access security and, Trusted Subsystem vs. Impersonation/Delegation

delegation and, Impersonation

ISQL.exe and, Fusion Log Viewer (Fuslogvw.exe)

mechanisms, Authentication

(see also , , , , )

original caller identity and, Using the Anonymous Internet User Account

principals and identities, WindowsPrincipal and WindowsIdentity

processing, Forms Authentication Processing

scenarios that prevent, Using the Anonymous Internet User Account

serviced components and, Calling Serviced Components from ASP.NET, Using Fixed Identities within ASP.NET

SQL authentication vs., Trusted Subsystem vs. Impersonation/Delegation

SQL Server and, More Information, Application Server to Database Server, Implementing Mirrored ASPNET Process Identity

troubleshooting, IIS Authentication Issues

Web services and, More Information, Passing Credentials for Authentication to Web Services

with anonymous Internet user account, Using Fixed Identities within ASP.NET

with fixed identities, More Information, More Information, Connecting to SQL Server Using Windows Authentication

with impersonation, Windows Authentication with Impersonation, Calling Serviced Components from ASP.NET, More Information, Using the Anonymous Internet User Account

without impersonation, When to Use, When to Use

Windows services, Solution Implementation, Hosting in a Windows Service, Choosing a Host, Advantages, Why Use Enterprise Services?, Call the Managed DPAPI Class Library, Configure, Strong Name, and Register the Serviced Component, Create a Windows Service Application that will Launch the Serviced Component, How To: Host a Remote Object in a Windows Service, How To: Host a Remote Object in a Windows Service

creating Windows account for, Call the Managed DPAPI Class Library

creating, to launch serviced component, Configure, Strong Name, and Register the Serviced Component

installing and starting, Create a Windows Service Application that will Launch the Serviced Component

passing Web services client certificates using, Solution Implementation

remote object hosting in, Hosting in a Windows Service, Choosing a Host, Advantages, How To: Host a Remote Object in a Windows Service

TCP channel and, How To: Host a Remote Object in a Windows Service

using, with DPAPI, Why Use Enterprise Services?

WindowsIdentity objects, WindowsPrincipal and WindowsIdentity, Authentication and Authorization Design, ASP.NET Identity Matrix

WindowsPrincipal objects, WindowsPrincipal and WindowsIdentity, .NET Roles with Windows Authentication, Principal Permission Demands and Explicit Role Checks, Create an IPrincipal Object, How To: Implement IPrincipal, ASP.NET Identity Matrix

WS-Security specification, Web Server to Remote Application Server, Web Services Security, Application Level Security

Wsdl.exe tool, Passing Credentials for Authentication to Web Services, Proxy Server Authentication