tags:

views:

117

answers:

3
Q: 

How to create roles and superuser in an ASP.NET MVC application in a secure way

This could be considered a duplicate question, as a similar one has already been asked, but I don't like any of the answers, and security was not addressed.

When deploying an ASP.NET MVC app, what's the right way to create roles and a superuser without risks?

Two ways come to my mind: using Application_Start or a custom action (better if with a non-obvious name and not linked).

Anyway, what about with first user's password?

I've seen tons of web apps that happily let the first person to access them to be the superuser; when you put such an app online, you can only pray to be the first to connect.

What is the most secure way to set password?

  • Hardcode it in the application?

  • Have it randomly generated and then mailed somewhere?

  • Have it randomly generated and then saved somewhere on filesystem?

  • Have it taken from a file on filesystem?

  • Something better that I couldn't figure out?

A: 

I use the ASP.NET membership provider and a SQL database.

Upon deploy, I have a script I run that creates my users.

It does mean my site is not "ready for business" until I run the script but I am okay with that.

Kindness,

Dan

Daniel Elliott  2009-09-04 14:52:01
A: 

Assuming the admin of the application doesn't want to run upload a pre-configured database you could configure an installation password in your web.config which must be set before it is uploaded. Then in your installation pages prompt for this password and the admin credentials. Obviously your installation pages would check for a blank installation password and refuse to proceed.

You could then add an HTTP handler which checks if the application has gone through the installation procedure, refusing to serve any pages other than the ones related to installation until the install is complete.

blowdart  2009-09-04 14:59:31
A: 

The best solution to this I have seen is to allow for the creation of a superuser via some installation bits then require the user delete or disable the installation bits for the application to run. Subtext works this way, as did Wordpress (at least the last time I installed it, which might have been back in the 90s).

Wyatt Barnett  2009-09-04 15:07:43

related questions

Encryption in C# Web-Services
How Do You Secure database.yml?
ASP.NET LocationProvider
What do you (or your company) use for wiping a machine?
Can a proxy server cache SSL GETs? If not, would response body encryption suffice?
Java: What is the best way to SFTP a file from a server
How do I call a Flex SWF from a remote domain using Flash (AS3) ?
Best way to store a database password in a startup script / config file?
Using VM to get around VPN restrictions
Best references for secure coding practices in ASP.NET and classic ASP.
Secure Memory Allocator in C++
Resolving Session Fixation in JBoss
Best Practices for securing a REST API / web service
Defensive programming
Personal Linux web server
Block user access to internals of a site using HTTP_REFERER
Is there an Unobtrusive Captcha for web forms?
My website got hacked... What should I do?
What all do I need to escape when sending a (My)SQL query?
How do you disable browser Autocomplete on web form field / input tag?
Best .NET obfuscation tools/strategy
Are there best practices for testing security in an Agile development shop?
What is the best way to avoid SQL injection attacks?
Found a critical bug, but the company doesn't care
PHP Session Security