Read the recent
Industry Review
by Dino Esposito		   General Features:
  • Password protects individual files, entire directories or even directories and all subdirectories with a single password protection entry!
  • ASP.NET password protection can be accomplished with a web administration system without editing your ASP.NET Files
  • All users, groups and password protected areas are stored in database backend
  • Other settings and configuration data is stored in XML files
  • No special installation requirements, works great in shared hosting environments.  If your web host supports ASP.NET in most cases you can copy .netPROTECT's files to your IIS web site and start using the solution!
  • Works with medium trust ASP.NET applications
  • Native database support for SQL Server via SQL Client, Access via Native OLEDB, Oracle and MySQL.
  • All text values used by the system can be customized with individual language files for simple internationalization.
  • A file streaming control is included to enable you to protect file content other than ASP.NET scripts seamlessly.
  • Web based admin for signup form creation and customization
  • New: Works in shared hosting environments even under custom medium trust
  • New: Supports IIS7 and when using IIS 7 protects all files served through IIS including images, documents etc.  it is not limited to asp.net content!
  • New: Migrate existing ASP.NET 2.0 web sites using the membership / provider model to .netPROTECT with the included migration helper!
Password Features:
  • Password recovery.  User can request a new password which will be automatically generated and emailed to them.
  • Users can change their own password through a password change form.
  • No passwords are stored in plain text for enhanced security all passwords are hashed with a cryptographically secure 1 way algorithm.
  • Password selection rules for length, number of digits, number of symbols and number of mixed case characters is supported.  Configurable through a web administration with no coding required.
  • Prevent recent password use.  An admin configurable count enables previous passwords to be tracked for enhanced security.  An user will not be able to change their password to the same value used over the past x password changes if this feature is enabled.
  • Force password change every x period of time or on a specific date for all users in the future.
  • Expire passwords on an individual user basis
  • Admin defined message or redirect for the password expired condition
  • When a given users password expires they are given an option to change their password and after successfully completing this change will be automatically redirected to the resource they originally requested.
  • New: Administrator configurable "remember me" option for the login form
Administration Features:
  • Completely web based interface
  • Wizards for customizing login form, logout form, and password form with no coding required.
  • Ability to add custom fields and to select the types of controls used to collect date for these fields in the signup form without programming.  Search functionality and email token and template functionality seamlessly work with custom fields.
  • Extensive search and navigation control for easy user, group and protected area management
  • Users can be listed alphabetically or searched on any criteria
  • Master administrators can delegate individual group or protected area administration to lower level users
  • Complete web based reporting, auditing and statistics (see below for details)
  • Familiar interface emulates desktop application look and feel
  • Seamless support for web sites with multiple independent applications in IIS
  • Web administration of language customization and internationalization including control of culture and language selection.  Add support for your own local language quickly and easily.
Account Abuse Prevention Features:
  • Control concurrent logins (multiple logins using the same username at the same time).  Deny concurrent login attempts, set quotas on a per site, per user or per group basis.  Automatically disable users past a specific threshold.
  • Set limits on the Hits, logins per time, and concurrent users
  • Block future failed login attempts (dictionary attacks)
  • log / track abuse attempts
  • Disable accounts automatically at set thresholds
  • After x attempts prevent logins for x period with administrator defined periods
  • Set independent messages / redirects for blocked login or disabled account
  • Global control of total number of users authenticated in the site with specific error message or redirect
  • Maximum number of concurrent users with the same username
  • Maximum number unique logins per period
  • Maximum number concurrent logins per period
  • Maximum x hits from unique or concurrent users
  • New: Maximum number of kb (data transfer) per user, per group or per access restriction!
Filters and Automatic Logins:
  • Filters prevent or restrict access to a given site or protected area based on set criteria including the users IP, user agent, or other headers.  Administrators can control the restrictions in place and error message(s) or redirect(s) used.
  • Autologins allow for set groups to be automatically authenticated against the system.  A common scenario is to setup an autologin for a set of IP's within ones intranet.  In such a case users are automatically authenticated with a defined autologin user account of your choice.
  • Autologins can each be assigned an user context so full logging, auditing and reporting remains possible even on those who autologin.
  • Global and user level redirects with token support enables automatic user redirect after login to custom locations per user.
  • "Remember me" option for users to be automatically logged in based on cookie value for duration that can be configured in the web administration.
Email Sending Functionality:
  • In addition to automated emailing for password change request a comprehensive SMTP mail engine is included with .netPROTECT
  • Perform searches on subsets of of users using any data stored on those users including any custom fields defined.
  • Email to any individual user any message text
  • Email to any group or selection of users any message text
  • Example usage, search for all users who expire in less than 10 days and offer a special incentive to renew or email all users who have expired passwords and send them a link to the password update page.
  • Template supported to replace tokens with user details such as %USERNAME% so messages can be easily personalized even when being sent to all users.  Templates are also supported for custom fields and support automated replacement.
  • Ability for accounts to self activate based on email notification auto generated URL and other activation scenerios.
File Handling Support:
  • Protects all ASP.NET content without special handling; by directory or file without needing to modify the content being protected.
  • Large file streaming support with built in auto-resume which enables you to resume downloading large files if interrupted (requires download manger on the client side).  Improve download user experience via HTTP.
  • Automatic MIME type detection and assignment so streamed binary can be saved as the correct file type or viewed with the appropriate reader / application.
  • Ability to protect all file types (independent of ASP.NET) through the built in streaming system using a simple file rename.
Reporting and Auditing Features:
  • Complete audit trail possible including all requests through the system
  • Track each page requested, user details, time, logins / logouts and more
  • Ability to view all live users in the system and drill down into concurrent user count.
  • Reporting and charts for logins over time, total requests
  • Report top visited pages, top users etc.
Payment Features (with the .netPAYMENT add-on):
  • Seamlessly integrated with .netPROTECT
  • Enables real-time payment processing and account activation after payment
  • Complete recurring billing support with custom subscription including prorated billings for partial periods
  • Advanced email notification support for cards near expiration and subscriptions close to lapsing as well as notification on failures to charge.
  • Multi-threaded billing agent can process multiple transactions at the same time
  • Advanced billing reporting including dollar amounts with unique "future" billing date support which allows for revenue forecasting based on future scheduled billings.