The book opens with an introductory chapter on the new Internet Information Services 7.0 (IIS 7.0). The chapter highlights the new features of IIS 7.0 including new major components, modules, and operation modes. The book then focuses on the new IIS 7.0 and ASP.NET integration mode and covers the security context of a request from the moment it enters IIS 7.0, operating in integrated mode, until a response is generated by ASP.NET runtime and served back to the requester. The book then gives a detailed explanation of the request life cycle, for an ASP.NET application running on IIS 7.0 under the classic mode, from the moment it enters IIS 7.0 until ASP.NET generates a corresponding response. The book moves on to explore the security context associated with the processing of the request by ASP.NETs different modules while operating in the classic mode of IIS 7.0 which resembles that of IIS 6.0. Next, the ASP.NET trust levels are discussed thoroughly in both development and hosting stages. An overview of the ASP.NET configuration files is then given to show developers how to securely access those files for reading and editing purposes. Moreover, the book delves into exploring ASP.NET Session State, Membership and Role management (along with different providers available in those two features) and security integration between ASP.NET and classic ASP. At this stage, the new AJAX authentication and authorization integration is introduced. Lastly, the book ends by providing a list of best practices for developing secure ASP.NET web applications including protecting against AJAX threats.