Building Secure ASP.NET Applications: Authentication, Authorization, and Secure Communication
Retired Content |
---|
This content is outdated and is no longer being maintained. It is provided as a courtesy for individuals who are still using these technologies. This page may contain URLs that were valid when originally published, but now link to sites or pages that no longer exist. |
Base Configuration
J.D. Meier, Alex Mackman, Michael Dunner, and Srinath Vasireddy
Microsoft Corporation
Published: November 2002
Last Revised: January 2006
Applies to:
- Microsoft® ASP.NET
See the "patterns & practices Security Guidance for Applications Index" for links to additional security resources.
See the Landing Page for the starting point and a complete overview of Building Secure ASP.NET Applications.
Summary: This document provides a table that illustrates the base software configuration used during the development and testing of the Building Secure ASP.NET Applications Guide. (2 printed pages)
Base Configuration | Notes |
---|---|
Windows 2000 SP3 .NET Framework SP2 |
For more information, see the following Knowledge Base article: INFO: Determining Whether Service Packs Are Installed on .NET Framework. Download .NET Framework Service Pack 2. |
ASP.NET | Notes |
Running ASP.NET on a domain controller | In general, it's not advisable to run your Web server on a domain controller, because a compromise of the machine is a compromise of the domain. If you need to run ASP.NET on a domain controller, you need to give the ASP.NET process account appropriate privileges as outlined in the following Knowledge Base article: BUG: ASP.NET Does Not Work with the Default ASPNET Account on a Domain Controller. |
ASP.NET Session State Security Hotfix | Download ASP.NET Session State Security Hotfix. |
MDAC | Notes |
MDAC 2.6 is required by the .NET Framework | Visual Studio .NET installs MDAC 2.7. |
SQL Server 2000 | Notes |
SQL Server 2000 SP2 |
Retired Content |
---|
This content is outdated and is no longer being maintained. It is provided as a courtesy for individuals who are still using these technologies. This page may contain URLs that were valid when originally published, but now link to sites or pages that no longer exist. |