RE: .NET Web Application Security

["Jason Dinsdale" <jasondinsdale () gmail com>]

I would have suggested HP Select Access, which is a SSO-style authentication
product for web apps that provides the security layer for web apps as you
describe.   Leverages LDAP directories for identity data and passes back
personalization info to the web apps for authenticated.  Unfortunately HP
has just withdrawn from the IDM market, and is no longer selling licenses.
However, I'm sure there's alternatives out there ... CA SiteMinder comes to
mind, also OpenSSO (although it's for Java apps only as I understand it).

HTH,

JD

-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On
Behalf Of Alex Bolduc
Sent: Saturday, 1 March 2008 6:17 AM
To: security-basics () securityfocus com
Subject: .NET Web Application Security

Integrating role-based security into our web-application from the beginning
would obviously have been the ideal scenario. That not being the case, we
are faced with an immediate need to secure several web-based .NET forms
(down to the HTML input elements, buttons, etc.) so that certain data is
visible/updateable/etc based on user roles. Does anyone know if a 3rd-party
solution exists that we can integrate into (or "layer over") our .NET
web-app to provide role-based security as an interim solution (until we can
design, test and implement role-based security into the next phase of our
code)?

Thanks in advance.

-Alex Bolduc