I started out writing this book with the intent of setting down in words a brain dump of some of the more esoteric areas of features I either “own” or work on in conjunction with other folks. However, as the book took shape I found myself diving into areas that were important from a security perspective but that dealt with aspects of features that very few people really understood (myself included). I would like to thank the following folks for answering my sometimes off-the-wall security questions: Pat, Shai, Erik, Mike, Simon, Adam, Manu, Helen, Mark, Laura, Dmitry, Ting, DaveM, Sudheer, Richa, Smitha, and DavidE. Now that it’s all written down I promise to stop pestering you, maybe. . . .I would also like to thank Jim Minatel for walking up to me at a DevConnections conference in 2004 and broaching the idea of writing a security book. Without his suggestion and support this project never would have occurred!

This book covers security topics on a wide range of areas in ASP.NET 2.0. It starts with detailed coverage of how security is applied when an ASP.NET pplication starts up and when a request is processed. The book then branches out to cover security information for features such as trust levels, forms authentication, session state, page security, and configuration system security. You will also see how you can integrate ASP.NET security with legacy ASP applications. Over the course of these topics, you will gain a solid understanding of many of the less publicized security features in ASP.NET 2.0. The book switches gears in Chapter 9 and addresses two new security services in ASP.NET 2.0: Membership and Role Manager. You start out learning about the provider model that underlies both of these features. Then you will get a detailed look at the internals of both features, as well as the SQLand Active Directory–based providers that are included with them. After reading through these topics, you will have a thorough background on how you can work with the new providers and how you can extend them in your applications.