Monthly Archives: July 2006

Joe Kaplan is blogging

Joe Kaplan finally has a blog. He is the author of this great book and you can find a lot of useful LDAP/AD and ADFS related content on his brand new blog. http://www.joekaplan.net/  

Posted in Uncategorized | Leave a comment

The Appendixes

OK – that’s the last book related post for now – if you think this information is useful and you want it at the earliest possible date – you can pre-order here or here :) Appendix A: Building a Custom Protected Configuration … Continue reading

Posted in Uncategorized | Leave a comment

Chapter 3: Input Validation

- What is Input?- The Need for Input Validation  – The Data/Control Channel Problem    – SQL Injection, Cross Site Scripting, Directory Traversal- Input Validation Techniques  – Black Listing  – White Listing    – Data Type Conversion    – Regular Expressions    – XML … Continue reading

Posted in Uncategorized | Leave a comment

Chapter 5: Authentication and Authorization

the biggest chapter in the whole book… Fundamentals – Terminology- Application Design (Trusted Subsystem vs Impersonation/Delegation)- ASP.NET Security Pipeline and Infrastructure  – IPrincipal and IIdentity  – Role-based Authorization (programmatically vs declarative)- Server Authentication Using Windows Accounts – IIS Authentication Methods (Basic, … Continue reading

Posted in Uncategorized | 1 Comment

Manuscript Shipped

Finally! I shipped the complete manuscript to MS Press on Monday….The final book is supposed to hit the shelves in October. With that much spare time, I am almost bored now….  

Posted in Uncategorized | Leave a comment

Eval is not Evil

While working through the ASP.NET security reference implementation (which is good work btw), the following guideline caught my attention: “Additionally, all calls to DataBinder.Eval() have been removed. While Eval is sometimes safe to use on purely static data, it is … Continue reading

Posted in Uncategorized | Leave a comment

How to get Cookieless FormsAuthentication to work with self-issued FormsAuthenticationTickets and custom UserData

This question was asked by Scott recently. Short answer: you can :) The trick is to do a Response.Redirect with an appended query string in the following format: ~/Page.aspx?{0}={1} where {0} = forms ticket name{1} = encrypted forms ticket string … Continue reading

Posted in Uncategorized | Leave a comment