I will certainly look at the standard authorization next time I build an app like this. Are you talking about the .NET Membership stuff?
Yes and no. The real part of security in ASP.NET is Forms Authentication (or Windows) -- the links I gave you above. Membership is really not the central part of security in the web -- SSL, cookies, XSS, XSRF, etc. are. Membership is really just a database
lookup for credentials and is a minor piece (and often over hyped and misunderstood). The one important piece that membership can potentially address is password management, but even the built in providers don't do this is a modern and most secure way.
BrockAllen
All-Star
27522 Points
4901 Posts
MVP
Re: Are sessions secure within SSL?
May 04, 2012 05:59 PM|LINK
Yes and no. The real part of security in ASP.NET is Forms Authentication (or Windows) -- the links I gave you above. Membership is really not the central part of security in the web -- SSL, cookies, XSS, XSRF, etc. are. Membership is really just a database lookup for credentials and is a minor piece (and often over hyped and misunderstood). The one important piece that membership can potentially address is password management, but even the built in providers don't do this is a modern and most secure way.
DevelopMentor | http://www.develop.com
thinktecture | http://www.thinktecture.com/