-1

I am using MVC and Nhibernate in my application. How can i improve security of my application using proper authentication and authorization?

Right now i am using asp.net mvc authentication.

Navid Rahmani
  • 7,848
  • 9
  • 39
  • 57
Pankaj
  • 4,419
  • 16
  • 50
  • 72
  • 1
    Do you have some specific security issues? ASP.NET forms authentication and authorization are secure enough. – Darin Dimitrov Dec 31 '09 at 09:47
  • @@Darin.. all my query strings and impotent data are encrypted. But still i am worried abut hackers. I don't want to take any risk. – Pankaj Dec 31 '09 at 09:53
  • duplicate: http://www.google.com/search?hl=en&q=web+application+security+site:stackoverflow.com http://stackoverflow.com/questions/354644/application-security-audit-of-an-net-web-application http://stackoverflow.com/questions/1501550/checklist-of-steps-to-secure-asp-net-web-application http://stackoverflow.com/questions/47323/top-tips-for-secure-web-applications – Mauricio Scheffer Jan 04 '10 at 01:53

2 Answers2

2

The question is frankly too open. "Proper" authentication and authorization depends on what your application is doing and the data it accepts, stores and outputs. For example twitter's authentication strategy is very different to that of your bank's on-line banking service.

There's also more to it than authentication and authorization, there's XSS, CSRF, Cryptography, Information Leaks and more. Start with the OWASP Top 10 and go from there. However this will not show you the code, because you can't be generic about this, it always needs tailored to the application being secured.

blowdart
  • 55,577
  • 12
  • 114
  • 149
1

I would suggest you to scan your site for vulnerabilities using some of these great solutions.

Personally, i find this extremely useful.

Sarfraz
  • 377,238
  • 77
  • 533
  • 578