Best Practice to Implement Secure “Remember Me”
Sometimes, I come across certain web development frameworks which don’t provide an authentication feature, such as in Authentication ASP.NET.
security
How to synchronize lifetime of forms authentication cookie and Asp.Net Session?
I am building an ASP.NET web site that uses FormsAuthentication and a standard Session mechanism with configuration like:
What risk does Reflection pose? (Medium Trust)
The lack of reflection in Medium Trust hosting environments seems to cause a lot of problems for many popular web applications.
Best practices for control permissions?
Hey all, I need some advice on this…
Owin middleware for Bearer Token Authentication that supports JWT key rotation
I am looking for some guidance with configuring owin middleware bearer token authentication to support Open Id Connect key rotation.
What replaces .htaccess on IIS/ASP.NET sites?
On Apache/PHP sites if I want to put a senstive file within my website folders, I put a .htaccess file in that folder so users can’t download the sensitive file.
Session Hijacking Protection in ASP.NET
I’d like to find out what session ID hijacking protection is built into the current version of ASP.NET.
Why do Thread.CurrentPrincipal.Identity and WindowsIdentity.GetCurrent() differ when impersonation is turned on?
I enabled impersonation and Windows authentication.
Web application to use window domain accounts for authentication
If you have a web application that will run inside a network, it makes sense for it to support windows authentication (active directory?).