Check out the new ASP.NET 2.0 Security FAQs on Channel 9 at MSDN. It's in Wiki form i.e. besides reading the FAQs, you can also contribute towards the content.

Here's a sample of the frequently-asked questions:

• How do I enforce strong passwords using membership feature in ASP.NET 2.0?
• How do I use Role Authorization in ASP.NET 2.0?
• What all security events do health monitoring feature logs by default?
• How do I encrypt sensitive data in machine.config or web.config file?
• How should I prevent someone from disassembling code?
• ...and lots more!

This is highly recommended stuff for anyone seeking security guidance in ASP.NET 2.0 application development.

    Comments [0]