<div>
<div class="content wysiwyg-content">
I realize this question is vague. I'm just looking for some direction. Using the example of a company intranet, what are some common approaches to security? The user would obviously need to authenticate to the site, but based on various attributes (e.g. location, department, level, etc.) the user would only see certain content on the site. I am currently considering an ASP.NET 3.5 application that stores users and related user attributes in a SQL table. The links would also be stored in the database along with the user attributes and file permissions related to that link. On the other hand maybe using AD and groups is a better approach. <br />
<br />
I don't necessarily need a detailed explanation of web application security models. I'm just looking for direction on how to research it further. For example, is there a good book that explains how to implement a web application security model that goes beyond a simple username and password? Are there certain topics to research such as &quot;role based security&quot; or &quot;content management&quot;?
</div>
</div>


I realize this question is vague. I'm just looking for some direction. Using the example of a company intranet, what are some common approaches to security? The user would obviously need to authenticate to the site, but based on various attributes (e.g. location, department, level, etc.) the user would only see certain content on the site. I am currently considering an ASP.NET 3.5 application that stores users and related user attributes in a SQL table. The links would also be stored in the database along with the user attributes and file permissions related to that link. On the other hand maybe using AD and groups is a better approach. 

I don't necessarily need a detailed explanation of web application security models. I'm just looking for direction on how to research it further. For example, is there a good book that explains how to implement a web application security model that goes beyond a simple username and password? Are there certain topics to research such as "role based security" or "content management"?

Web Application Security Model

Web applications are systems that run in browsers that perform functions normally associated with other client-based programs. One of the most commonly used web applications is email; instead of downloading individual emails to a local machine, the data is shown through a website. Other examples of web applications are collaborative systems like a wiki or an online game.

Web Applications

The successor to Active Server Pages, ASP.NET websites utilize the .NET framework to produce dynamic, data and content-driven web applications and services. ASP.NET code can be written using any .NET supported language. As of 2009, ASP.NET can also apply the Model-View-Controller (MVC) pattern to web applications

ASP.NET

Security is the protection of information systems from theft or damage to the hardware, the software, and the information on them, as well as from disruption or misdirection of the services they provide. The main goal of security is protecting assets, and an asset is anything of value and worthy of protection.  Information Security is a discipline of protecting information assets from threats through safeguards to achieve the objectives of confidentiality, integrity, and availability or CIA for short. On the other hand, disclosure, alteration, and disruption (DAD) compromise the security objectives.