file access, unauthorized, 226–227
file authorization, 91–93
File Signing utility, 417
file system access
configuring IIS and file system to minimize, 259
defined, 206
double decoding, 237–239
least privilege principle, 247–248
locking down in IIS, 297–298
parameterizing, 236–237
regex for filtering input, 225
role of honey pots, 241–243
FileDialogPermission class, 374
FileIOPermission class, 374
files, storing secrets in, 192–194
filtering functions, 213–214
filtering input, regular expression patterns, 224, 225
firewalls
and rule of least privilege, 271–272
sample layout for Web database application, 263–264
forgotten passwords, resetting, 28–42
form-based tokens, 118–119
Form property, 208
formatting HTML, regex for filtering input, 225
forms authentication
and ASP.NET resources, 62–63
configuring, 64–65
and cookies, 129–130
and non-ASP.NET resources, 63–64
overview, 58
principal and identity objects, 89
Ticket class, 129
and token expiratioin, 129–130
and web.config file, 58–62