We can easily protect user from accessing particular page through asp.net authentication and authorization mechanisim. For details see
this link. Also you can implement your own Session based protection model as mentioned in
this
link.
As far data access, most common issue is tempring the Query string as you mentioend. To avoid that you can implement some query string encryption module through which you can assure that querystring is not tempered. Here is a sample for that which will give
you a quick start:-
Star
10444 Points
2463 Posts
Re: question about multi user website and security
Sep 23, 2010 08:49 AM|sirdneo|LINK
There are two level of access :-
1- Page Level
2- Data Level
We can easily protect user from accessing particular page through asp.net authentication and authorization mechanisim. For details see this link. Also you can implement your own Session based protection model as mentioned in this link.
As far data access, most common issue is tempring the Query string as you mentioend. To avoid that you can implement some query string encryption module through which you can assure that querystring is not tempered. Here is a sample for that which will give you a quick start:-
http://www.devwebpro.co.uk/devwebprouk-46-20070125ASPNETHttpModuleforQueryStringEncryption.html
http://ryanscook.com/adminsBlog/2005/05/querystring-encryptor-httpmodule.html
Also try to avoid using Querystring for sensitive data and use session which is more secure.
Zeeshan Umar
~Please Mark As Answer, one or multiple posts, which helped you. So that it might be useful for others~