Security Basics mailing list archives
RE: .NET Web Application Security
From: "Jason Dinsdale" <jasondinsdale () gmail com>
Date: Fri, 14 Mar 2008 10:46:20 +1100
I would have suggested HP Select Access, which is a SSO-style authentication product for web apps that provides the security layer for web apps as you describe. Leverages LDAP directories for identity data and passes back personalization info to the web apps for authenticated. Unfortunately HP has just withdrawn from the IDM market, and is no longer selling licenses. However, I'm sure there's alternatives out there ... CA SiteMinder comes to mind, also OpenSSO (although it's for Java apps only as I understand it). HTH, JD -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Alex Bolduc Sent: Saturday, 1 March 2008 6:17 AM To: security-basics () securityfocus com Subject: .NET Web Application Security Integrating role-based security into our web-application from the beginning would obviously have been the ideal scenario. That not being the case, we are faced with an immediate need to secure several web-based .NET forms (down to the HTML input elements, buttons, etc.) so that certain data is visible/updateable/etc based on user roles. Does anyone know if a 3rd-party solution exists that we can integrate into (or "layer over") our .NET web-app to provide role-based security as an interim solution (until we can design, test and implement role-based security into the next phase of our code)? Thanks in advance. -Alex Bolduc
Current thread:
- Re: .NET Web Application Security fake (Mar 01)
- <Possible follow-ups>
- RE: .NET Web Application Security Jason Dinsdale (Mar 14)