Improving Web Application Security: Threats and - CGISecurity

Chapter 10: Building Secure ASP.NET Pages and Controls 261Partition Your Web SiteYour Web site design should clearly differentiate between publicly accessible areasand restricted areas that require authenticated access. Use separate subdirectoriesbeneath your application’s virtual root directory to maintain restricted pages, such ascheckout functionality in a classic e-commerce Web site that requires authenticatedaccess and transmits sensitive data such as credit card numbers. Separatesubdirectories allow you to apply additional security (for example, by requiring SSL)without incurring SSL performance overhead across the entire site. It also allows youto mitigate the risk of session hijacking by restricting the transmission ofauthentication cookies to HTTPS connections. Figure 10.2 shows a typicalpartitioning.URLAuthorizationallows anonymousaccessApplication v-dirpublic pagesweb.configWeb.configRestricted Subfolderrestricted pageslogin.aspxAll pages require SSLIIS Metabase propertyAccessSSL=trueURLAuthorizationdenies unauthenticatedusers and forces a loginFigure 10.2A Web site partitioned into public and secure areasNote that in Figure 10.2, the restricted subfolder is configured in Internet InformationServices (IIS) to require SSL access. The first element in Web.configallows all users to access the public area, while the second element preventsunauthenticated users from accessing the contents of the secured subfolder andforces a login.For more information about restricting authentication cookies so that they arepassed only over HTTPS connections and about how to navigate betweenrestricted and non-restricted pages, see “Use Absolute URLs for Navigation” inthe “Authentication” section of this chapter.