Category Archives: Security

From Troy Hunt – The beginners guide to breaking website security…

This post should motivate some people to be more security minded.  I know I am not perfect but I did not realize all of the capabilities that are shown in this post.  Mainly the ability for it to use the name of one of your trusted networks.

Web.Config & URL Authorization

If you are making the change to IIS 7 and you use your web.config file to control access there are a couple things you need to know.

This is known as URL Authorization and has changed a little from the older versions of IIS.  In the past we could just make sure the site was set to integrated authentication and then set our web.config authentication mode with authroization allow/deny settings and be happy.

I have been learning the hard way there is a bit of a change for those using IIS7 or better.  To explain it best I will simply use a couple links to the information I have found.

Security Authorization

ASP.NET Authorization