ROPC: Fix/mitigate ASP.NET Framework

[Rick-Anderson]

After #33829 merges. copied list in #33703

Start a ASP.NET overview

In general, our archived/previous-version content is out of scope for SFI right now.

Password search: Line count: 172

• [x] Adding ASP.NET Identity to an Empty or Existing Web Forms Project - ASP.NET 4.x
• [x] Create a secure ASP.NET Web Forms app with user registration, email confirmation and password reset (C#)
• [x] External Authentication Services with ASP.NET Web API (C#)
• [x] Account Confirmation & Password Recovery - ASP.NET Identity (C#) - ASP.NET 4.x
• [x] Deploying passwords and other sensitive data to ASP.NET and Azure App Service - ASP.NET 4.x
• [x] Creating the Membership Schema in SQL Server (C#)
• [x] Secure a Web API with Individual Accounts and Local Login in ASP.NET Web API 2.2
• [x] ASP.NET Identity Features & API - ASP.NET 4.x
• [x] Creating the Membership Schema in SQL Server (VB)
• [x] Working with SSL in Web API
• [x] Use ASP.NET forms-based authentication - ASP.NET
• [x] Create a secure ASP.NET MVC 5 web app with log in, email confirmation and password reset (C#)
• [ ] Creating User Accounts (C#)
• [ ] ASP.NET Web Deployment using Visual Studio: Command Line Deployment
• [ ] Creating User Accounts (VB)
• [ ] Testing the Strength of a Password (C#)
• [ ] Recovering and Changing Passwords (VB)
• [ ] Testing the Strength of a Password (VB)
• [ ] Validating User Credentials Against the Membership User Store (C#)
• [ ] Authentication and Authorization in ASP.NET Web API
• [ ] MVC recommended tutorials and articles
• [ ] Recovering and Changing Passwords (C#)
• [ ] Adding Security and Membership to an ASP.NET Web Pages (Razor) Site
• [ ] Validating User Credentials Against the Membership User Store (VB)
• [ ] ASP.NET tutorials
• [ ] ASP.NET 3.5 - Security Administration
• [ ] Two-factor authentication using SMS and email with ASP.NET Identity - ASP.NET 4.x
• [ ] ASP.NET Identity Recommended Resources - ASP.NET 4.x
• [ ] Authenticating Users with Windows Authentication (C#)
• [ ] Security
• [ ] Deploying Web Packages
• [ ] ASP.NET and Web Tools 2013.2 for Visual Studio 2013 Release Notes
• [ ] Impersonation in ASP.NET applications - ASP.NET
• [ ] Single Sign-On (Building Real-World Cloud Apps with Azure)
• [ ] ASP.NET Identity Overview - ASP.NET 4.x
• [ ] Secure Applications Using Authentication and Authorization
• [ ] Part 7: Membership and Authorization
• [ ] ASP.NET MVC 5 app with SMS and email Two-Factor Authentication
• [ ] ASP.NET Identity
• [ ] Sending Email from an ASP.NET Web Pages (Razor) Site
• [ ] Security, Authentication, and Authorization with ASP.NET MVC
• [ ] Protecting Connection Strings and Other Configuration Information (C#)
• [ ] Migrating an Existing Website from SQL Membership to ASP.NET Identity - ASP.NET 4.x
• [ ] Security, Authentication, and Authorization in ASP.NET Web Forms
• [ ] Create an ASP.NET Web Forms app with SMS Two-Factor Authentication (C#)
• [ ] Authentication Filters in ASP.NET Web API 2
• [ ] Upload a file to a Web site by using Visual C# - ASP.NET
• [ ] Membership
• [ ] Older Versions - Security
• [ ] Fix for 'Server Application Unavailable' Error after Applying Security Update for IE
• [ ] PasswordStrength
• [ ] SignalR Scaleout with Redis
• [ ] ASP.NET Web Pages (Razor) API Quick Reference
• [ ] Authenticating Users with Forms Authentication (C#)
• [ ] Introduction to ASP.NET Identity - ASP.NET 4.x
• [ ] How do I use the HTML Editor Control? (C#)
• [ ] Create MVC 5 App with Facebook, Twitter, LinkedIn and Google OAuth2 Sign-on (C#)
• [ ] Developing ASP.NET Apps with Azure Active Directory - ASP.NET 4.x
• [ ] Overview of Custom Storage Providers for ASP.NET Identity - ASP.NET 4.x
• [ ] Authenticating Users with Forms Authentication (VB)
• [ ] SignalR Scaleout with Redis (SignalR 1.x)
• [ ] Preventing Open Redirection Attacks (C#)
• [ ] Unlocking and Approving User Accounts (C#)
• [ ] [How Do I:] Use the ASP.NET AJAX PasswordStrength Extender?
• [ ] Authenticating Users with Windows Authentication (VB)
• [ ] WebMatrix 1.0 Release Readme
• [ ] How do I use the HTML Editor Control? (VB)
• [ ] Unlocking and Approving User Accounts (VB)
• [ ] Multiple ContentPlaceHolders and Default Content (C#)
• [ ] Source Control (Building Real-World Cloud Apps with Azure)
• [ ] Know a library other than Knockout?
• [ ] An Overview of Forms Authentication (C#)
• [ ] Tutorial: Use EF Migrations in an ASP.NET MVC app and deploy to Azure
• [ ] Basic Authentication in ASP.NET Web API
• [ ] Introduction to Working with a Database in ASP.NET Web Pages (Razor) Sites
• [ ] Multiple ContentPlaceHolders and Default Content (VB)
• [ ] An Overview of Forms Authentication (VB)
• [ ] WebMatrix Content Guide
• [ ] Automate Everything (Building Real-World Cloud Apps with Azure)
• [ ] Configuring Deployment Properties for a Target Environment
• [ ] Automate Everything (Building Real-World Cloud Apps with Azure)
• [ ] ASP.NET MVC Views Overview (C#)
• [ ] Security Basics and ASP.NET Support (C#)
• [ ] ASP.NET Web Deployment using Visual Studio: Deploying to Production
• [ ] Security Basics and ASP.NET Support (VB)
• [ ] Creating Custom HTML Helpers (C#)
• [ ] Backbone Template
• [ ] ASP.NET Web Deployment using Visual Studio: Web.config File Transformations
• [ ] DataGrid controls display incorrectly in pages - ASP.NET
• [ ] ASP.NET MVC Views Overview (VB)
• [ ] Using Web API 2 with Entity Framework 6
• [ ] Build RESTful APIs with ASP.NET Web API - ASP.NET 4.x
• [ ] Protecting Connection Strings and Other Configuration Information (VB)
• [ ] ASP.NET Web Deployment using Visual Studio: Deploying a Database Update
• [ ] ASP.NET Identity: Using MySQL Storage with an EntityFramework MySQL Provider (C#) - ASP.NET 4.x
• [ ] Checkout and Payment with PayPal
• [ ] ASP.NET HTTP modules and handlers - ASP.NET
• [ ] Appendix: The Fix It Sample Application (Building Real-World Cloud Apps with Azure)
• [ ] Setting Up the Contact Manager Solution
• [ ] Customizing Site-Wide Behavior for ASP.NET Web Pages (Razor) Sites
• [ ] Sorting, Filtering, and Paging with the Entity Framework in an ASP.NET MVC Application (3 of 10)
• [ ] Running ASP.NET 1.1 with IIS 6.0
• [ ] Hands on Lab: Maintainable Azure Websites: Managing Change and Scale
• [ ] ASP.NET Web Deployment using Visual Studio: Deploying a Code Update
• [ ] Implementing a Custom MySQL ASP.NET Identity Storage Provider - ASP.NET 4.x
• [ ] ASP.NET Web Deployment using Visual Studio: Preparing for Database Deployment
• [ ] Create a Linux virtual machine in Azure - ASP.NET Core
• [ ] Preventing JavaScript Injection Attacks (VB)
• [ ] Authentication and Authorization for SignalR Hubs (SignalR 1.x)
• [ ] Users and Roles On The Production Website (C#)
• [ ] Copy core dump files to another machine - ASP.NET Core
• [ ] Creating Custom HTML Helpers (VB)
• [ ] Authentication and Authorization for SignalR Hubs (SignalR 1.x)
• [ ] Preventing JavaScript Injection Attacks (C#)
• [ ] Older Versions - Ajax Control Toolkit
• [ ] Introducing ASP.NET Web Pages - HTML Form Basics
• [ ] Deploying an ASP.NET Web Application with SQL Server Compact using Visual Studio or Visual Web Developer: Deploying to the Production Environment - 7 of 12
• [ ] ASP.NET Web Pages (Razor) FAQ
• [ ] Deploying an ASP.NET Web Application with SQL Server Compact using Visual Studio or Visual Web Developer: Deploying SQL Server Compact Databases - 2 of 12
• [ ] Performing a What If Deployment
• [ ] ASP.NET Web Forms Guidance
• [ ] Configuring Permissions for Team Build Deployment
• [ ] Deploying Membership Databases to Enterprise Environments
• [ ] What is Web Forms
• [ ] Using Page Inspector with an Integrated browser in ASP.NET MVC
• [ ] Data Source Controls
• [ ] ASP.NET MVC 3
• [ ] Breeze/Angular template
• [ ] ASP.NET security overview - ASP.NET
• [ ] Breeze/Knockout template
• [ ] Breeze/Knockout template
• [ ] Choosing the Right Approach to Web Deployment
• [ ] Deploying an ASP.NET Web Application with SQL Server Compact using Visual Studio or Visual Web Developer: Web.Config File Transformations - 3 of 12
• [ ] Migrating Universal Provider Data for Membership and User Profiles to ASP.NET Identity (C#) - ASP.NET 4.x
• [ ] Configuration builders for ASP.NET
• [ ] Introducing ASP.NET Web Pages - Publishing a Site by Using WebMatrix
• [ ] Create the Project
• [ ] Deploying Your Site Using an FTP Client (C#)
• [ ] ASP.NET Web Forms
• [ ] Core Differences Between IIS and the ASP.NET Development Server (C#)
• [ ] Core Differences Between IIS and the ASP.NET Development Server (C#)
• [ ] Creating a Server Farm with the Web Farm Framework
• [ ] Configuring a Database Server for Web Deploy Publishing
• [ ] Understanding ASP.NET AJAX Authentication and Profile Application Services
• [ ] Configuring a Website that Uses Application Services (C#)
• [ ] Server Controls
• [ ] ASP.NET MVC 4 Custom Action Filters
• [ ] Configuring a Website that Uses Application Services (VB)
• [ ] Data Storage Options (Building Real-World Cloud Apps with Azure)
• [ ] ASP.NET Web Forms Connection Resiliency and Command Interception
• [ ] Deploying an ASP.NET Web Application with SQL Server Compact using Visual Studio or Visual Web Developer: Migrating to SQL Server - 10 of 12
• [ ] Hands On Lab: Build a Single Page Application (SPA) with ASP.NET Web API and Angular.js - ASP.NET 4.x
• [ ] Assigning Roles to Users (C#)
• [ ] Install and Configure ASP.NET
• [ ] ASP.NET MVC 3 Release Notes
• [ ] What's New in ASP.NET MVC 4
• [ ] Storing Additional User Information (C#)
• [ ] Storing Additional User Information (VB)
• [ ] Assigning Roles to Users (VB)
• [ ] ASP.NET MVC 4 Fundamentals
• [ ] ASP.NET Web Forms Connection Resiliency and Command Interception
• [ ] Core Differences Between IIS and the ASP.NET Development Server (VB)
• [ ] Hands On Lab: Real-Time Web Applications with SignalR
• [ ] Deploying a Database (C#)
• [ ] Introducing ASP.NET Web Pages - Displaying Data
• [ ] Deploying a Database (VB)
• [ ] What's New in Web Forms in ASP.NET 4.5
• [ ] Hands On Lab: One ASP.NET: Integrating ASP.NET Web Forms, MVC and Web API
• [ ] What's New in ASP.NET and Web Development in Visual Studio 2012
• [ ] Monitoring and Telemetry (Building Real-World Cloud Apps with Azure)
• [ ] Configuration and Instrumentation
• [ ] ASP.NET and Web Tools for Visual Studio 2013 Release Notes

155 results for ""connection string"" in ASP.NET Documentation

• [ ] Configuring the Data Access Layer's Connection- and Command-Level Settings (VB)
• [ ] Creating a Connection String and Working with SQL Server LocalDB
• [ ] Configuring the Data Access Layer's Connection- and Command-Level Settings (C#)
• [ ] Introduction to Working with a Database in ASP.NET Web Pages (Razor) Sites
• [ ] Configuring Parameters for Web Package Deployment
• [ ] Manually Installing Web Packages
• [ ] Querying Data with the SqlDataSource Control (C#)
• [ ] Tutorial: Get Started with Entity Framework 6 Code First using MVC 5
• [ ] Protecting Connection Strings and Other Configuration Information (VB)
• [ ] ASP.NET Identity: Using MySQL Storage with an EntityFramework MySQL Provider (C#) - ASP.NET 4.x
• [ ] Protecting Connection Strings and Other Configuration Information (C#)
• [ ] Deploying an ASP.NET Web Application with SQL Server Compact using Visual Studio or Visual Web Developer: Migrating to SQL Server - 10 of 12
• [ ] Adding a Model 2012
• [ ] Create the Data Access Layer
• [ ] Creating the Membership Schema in SQL Server (C#)
• [ ] Configuring Deployment Properties for a Target Environment
• [ ] Adding a Model (VB)
• [ ] Creating the Membership Schema in SQL Server (VB)
• [ ] Adding a Model (C#)
• [ ] SignalR Scaleout with Azure Service Bus
• [ ] SignalR Scaleout with Azure Service Bus
• [ ] Deploying an ASP.NET Web Application with SQL Server Compact using Visual Studio or Visual Web Developer: Web.Config File Transformations - 3 of 12
• [ ] Creating an Entity Framework Data Model for an ASP.NET MVC Application (1 of 10)
• [ ] ASP.NET Web Deployment using Visual Studio: Web.config File Transformations
• [ ] Store ASP.NET SQL Server mode session state - ASP.NET
• [ ] Adding ASP.NET Identity to an Empty or Existing Web Forms Project - ASP.NET 4.x
• [ ] Sorting, Filtering, and Paging with the Entity Framework in an ASP.NET MVC Application (3 of 10)
• [ ] Common Configuration Differences Between Development and Production (VB)
• [ ] Common Configuration Differences Between Development and Production (C#)
• [ ] Building and Packaging Web Application Projects
• [ ] ASP.NET MVC Getting Started
• [ ] Understanding the Project File
• [ ] Part 3: Creating an Admin Controller
• [ ] ASP.NET Web Deployment using Visual Studio: Deploying to Test
• [ ] Setting Up the Contact Manager Solution
• [ ] Create an OData v4 Endpoint Using ASP.NET Web API 2.2
• [ ] Membership
• [ ] Users and Roles On The Production Website (C#)
• [ ] Deploying an ASP.NET Web Application with SQL Server Compact using Visual Studio or Visual Web Developer: Deploying to IIS as a Test Environment - 5 of 12
• [ ] Authenticating Users with Forms Authentication (C#)
• [ ] Deploying passwords and other sensitive data to ASP.NET and Azure App Service - ASP.NET 4.x
• [ ] Users and Roles On The Production Website (VB)
• [ ] Source Control (Building Real-World Cloud Apps with Azure)
• [ ] Deploying an ASP.NET Web Application with SQL Server Compact using Visual Studio or Visual Web Developer: Deploying a SQL Server Database Update - 11 of 12
• [ ] Getting Started with ASP.NET MVC 5 Index
• [ ] Advanced Data Access Scenarios
• [ ] Use ASP.NET forms-based authentication - ASP.NET
• [ ] Tutorial: Use EF Migrations in an ASP.NET MVC app and deploy to Azure
• [ ] Accessing Your Model's Data from a Controller Using a View Template
• [ ] Adding a New Model
• [ ] adding-a-model
• [ ] Automate Everything (Building Real-World Cloud Apps with Azure)
• [ ] Authenticating Users with Forms Authentication (VB)
• [ ] Understanding the Project File
• [ ] Secure Applications Using Authentication and Authorization
• [ ] Data Source Controls
• [ ] Querying Data with the SqlDataSource Control (VB)
• [ ] Creating a Data Access Layer (C#)
• [ ] ASP.NET Hosting Options (C#)
• [ ] Build RESTful APIs with ASP.NET Web API - ASP.NET 4.x
• [ ] SignalR Scaleout with Azure Service Bus (SignalR 1.x)
• [ ] How do I use the ComboBox Control? (C#)
• [ ] How do I use the ComboBox Control? (VB)
• [ ] ASP.NET Data Access - Recommended Resources
• [ ] ASP.NET Hosting Options (VB)
• [ ] ASP.NET Web Deployment using Visual Studio: Deploying to Production
• [ ] ASP.NET MVC 4 Models and Data Access
• [ ] Deploying an ASP.NET Web Application with SQL Server Compact using Visual Studio or Visual Web Developer: Deploying to the Production Environment - 7 of 12
• [ ] DataGrid controls display incorrectly in pages - ASP.NET
• [ ] Deploying an ASP.NET Web Application with SQL Server Compact using Visual Studio or Visual Web Developer: Troubleshooting (12 of 12)
• [ ] Older Versions - Data Access
• [ ] Older Versions - Data Access
• [ ] Deploying a Database (C#)
• [ ] Running ASP.NET 1.1 with IIS 6.0
• [ ] Deploying an ASP.NET Web Application with SQL Server Compact using Visual Studio or Visual Web Developer: Deploying SQL Server Compact Databases - 2 of 12
• [ ] Deploying a Database (VB)
• [ ] Configuration builders for ASP.NET
• [ ] Troubleshooting the Packaging Process
• [ ] Interacting with the Content Page from the Master Page (C#)
• [ ] Appendix: The Fix It Sample Application (Building Real-World Cloud Apps with Azure)
• [ ] Interacting with the Content Page from the Master Page (VB)
• [ ] Appendix: The Fix It Sample Application (Building Real-World Cloud Apps with Azure)
• [ ] Web Deployment in the Enterprise
• [ ] Part 4: Models and Data Access
• [ ] Migrating an Existing Website from SQL Membership to ASP.NET Identity - ASP.NET 4.x
• [ ] Migrating Universal Provider Data for Membership and User Profiles to ASP.NET Identity (C#) - ASP.NET 4.x
• [ ] Accessing your Model's Data from a Controller (C#)
• [ ] Configuration and Instrumentation
• [ ] ASP.NET Web Deployment using Visual Studio: Preparing for Database Deployment
• [ ] Hands on Lab: Maintainable Azure Websites: Managing Change and Scale
• [ ] Implementing Inheritance with the Entity Framework in an ASP.NET MVC Application (8 of 10)
• [ ] Implementing Inheritance with the Entity Framework in an ASP.NET MVC Application (8 of 10)
• [ ] ASP.NET Web Pages (Razor) API Quick Reference
• [ ] Using SignalR performance counters in an Azure Web Role
• [ ] Accessing your Model's Data from a Controller (VB)
• [ ] Adding a New Field
• [ ] Logging Error Details with ASP.NET Health Monitoring (C#)
• [ ] Creating a Data Access Layer (VB)
• [ ] Configuring Permissions for Team Build Deployment
• [ ] Tutorial: Implement Inheritance with EF in an ASP.NET MVC 5 appS
• [ ] ASP.NET Web Deployment - Recommended Resources
• [ ] Logging Error Details with ASP.NET Health Monitoring (VB)
• [ ] UI and Navigation
• [ ] Accessing Your Model's Data from a New Controller
• [ ] ASP.NET Identity Recommended Resources - ASP.NET 4.x
• [ ] Data Storage Options (Building Real-World Cloud Apps with Azure)
• [ ] Debugging Stored Procedures (C#)
• [ ] Customizing Database Deployments for Multiple Environments
• [ ] Deploying Web Packages
• [ ] WebMatrix 1.0 Release Readme
• [ ] ASP.NET MVC 4 Beta Release Notes
• [ ] ASP.NET MVC 4 Beta Release Notes
• [ ] Enable Automated Unit Testing
• [ ] Understanding the Build Process
• [ ] Storing Additional User Information (C#)
• [ ] Displaying a Custom Error Page (VB)
• [ ] Overview of Custom Storage Providers for ASP.NET Identity - ASP.NET 4.x
• [ ] Checkout and Payment with PayPal
• [ ] Debugging Stored Procedures (VB)
• [ ] Storing Additional User Information (VB)
• [ ] Displaying a Custom Error Page (C#)
• [ ] Processing Unhandled Exceptions (C#)
• [ ] Application Lifecycle Management: From Development to Production
• [ ] Configuring a Database Server for Web Deploy Publishing
• [ ] Creating Stored Procedures and User-Defined Functions with Managed Code (VB)
• [ ] Interacting with the Master Page from the Content Page (C#)
• [ ] Creating Stored Procedures and User-Defined Functions with Managed Code (C#)
• [ ] Tutorial: Create a more complex data model for an ASP.NET MVC app
• [ ] Hands On Lab: Real-Time Web Applications with SignalR
• [ ] Interacting with the Master Page from the Content Page (VB)
• [ ] ASP.NET MVC 4 Custom Action Filters
• [ ] Processing Unhandled Exceptions (VB)
• [ ] Inserting, Updating, and Deleting Data with the SqlDataSource (VB)
• [ ] Advanced Entity Framework Scenarios for an MVC Web Application (10 of 10)
• [ ] Data Bound Controls
• [ ] Creating and Managing Roles (C#)
• [ ] Inserting, Updating, and Deleting Data with the SqlDataSource (C#)
• [ ] ASP.NET Web Forms Guidance
• [ ] Tutorial: Learn about advanced EF Scenarios for an MVC 5 Web app
• [ ] What's New in Web Forms in ASP.NET 4.5
• [ ] Caching
• [ ] What's New in ASP.NET and Web Development in Visual Studio 2012
• [ ] Creating a More Complex Data Model for an ASP.NET MVC Application (4 of 10)
• [ ] Batch Inserting (C#)
• [ ] Creating and Managing Roles (VB)
• [ ] Creating New Stored Procedures for the Typed DataSet's TableAdapters (C#)
• [ ] Batch Inserting (VB)
• [ ] Creating New Stored Procedures for the Typed DataSet's TableAdapters (VB)
• [ ] ASP.NET Web Forms
• [ ] What's New in ASP.NET MVC 4
• [ ] Building a Custom Database-Driven Site Map Provider (C#)
• [ ] Building a Custom Database-Driven Site Map Provider (VB)
• [ ] ASP.NET MVC 4 Fundamentals
• [ ] Creating User Accounts (VB)
• [ ] Creating User Accounts (C#)
• [ ] Overview: ASP.NET 4 and Visual Studio 2010 Web Development

---

Associated WorkItem - 317461

[wadepickett]

@tdykstra, you ok with taking this one entirely, while I work on all the SFI images? I am taking on a couple hundred images to fix this sprint starting in order of worst severity and overall there are well over a 1000 to do. If so, I will take my name of this one.

[tdykstra]

@Rick-Anderson Should the title be "... Core and Framework"?

[wadepickett]

@Rick-Anderson Should the title be "... Core and Framework"?

The list in the issue noted in the description is only for the AspNetDocs repo. Maybe to clarify we should just say this issue is for all ROPC issues int the AspNetDocs repo to be clear.

@tdykstra see my question above on me working on all the images (over 1000) while you handle ROPC. Thoughts?

[Rick-Anderson]

@Rick-Anderson Should the title be "... Core and Framework"?

Fixed

[tdykstra]

@wadepickett How about we start with that intent and re-evaluate how much time each of us has left to do after a sprint or two? If the list in #33703 is only ASP.NET Framework, where is the equivalent list for ASP.NET Core?

[wadepickett]

@wadepickett How about we start with that intent and re-evaluate how much time each of us has left to do after a sprint or two? If the list in #33703 is only ASP.NET Framework, where is the equivalent list for ASP.NET Core?

Great idea, let's go that route. I will focus on images, you on ROPC this sprint and we discuss how that is going as we start each new sprint to figure out if we need to move the work around between us.

We can group these by sprint for there severity or however we want to prioritize them.

I created new issues for fixing SFI flagged images. One per sprint (what I could fit into a sprint) per repo. So one for AspNetDocs and one for AspNetCore.Docs and one for EF, etc. Starting with the most severe first.

You could do the same with ROPC. Indicate a group you will hit in a repo based on priority that fits into this sprint and another for the next. One issue for each repo per sprint.

For repo AspNetCore.Docs there were 66 ROPC remaining items (maybe that is less now). The "list" at the moment is simply what is listed into the dashboard connected spreadsheet.

And the plan was to apply where we can the standard include regarding secure auth flow, see example pr https://github.com/dotnet/AspNetCore.Docs/pull/33408