Thanks to all for coming out to the security talk. I am always pleased to see more than a handful of people to show up to talk about security. We had some fun and faced some challenges which we overcame!
Between my laptop going into hibernate, problems with our IIS 6.0 application pool identity, and forgetting to set the NetworkCredential on the ASMX proxy, we finished up just in time with a functional, full end-to-end solution that demonstrated how to implement the trusted subsystem security model in ASP.NET with Windows Integrated Security.
If anyone has any questions, don't hesitate to post. It may take me a day or two, but I WILL get back to you!
Download: Code
Download: Deck
- - -
This is a popular session that I've done a couple of times at the Phoenix Desert Code Camp I & II and will be repeating at the Austin Code Camp 2007 event on May 4th (along with my Introducing the ABCs of WCF talk). Security is never the funnest topic, but I try to keep it lively and interesting by taking a progressive approach to securing ASP.NET applications and ASMX services using the Trusted Subsystem Model.
Date: Saturday, May 4th, 8:00 am to 5:00 pm.
Topic: Hardening Security in ASP.NET Applications & Services
Abstract:
All applications and services are inherently insecure. While there are multiple options for managing authentication and authorization on the Microsoft .NET platform, choosing the right security configuration for your application can prove to be a daunting task. This session will take an in-depth look at the various options available for addressing authentication and authorization on the .NET Framework specifically for ASP.NET client applications that interact with ASP.NET Web Services. (Level 200)