This month we published a white paper written by Stefan Schakow that describes changes to the request validation process in ASP.NET 4 and provides detailed guidance on several related security topics:
- Encryption options and functionality in the <machineKey> element.
- Interoperability of ASP.NET 4 forms authentication tickets with ASP.NET 2.0.
- Configuration options to relax automatic security checks on inbound URLs.
- Pluggable request validation.
- Pluggable encoding for HTML elements, HTML attributes, HTTP headers, and URLs.
— Tom Dykstra
ASP.NET and Web Tools Developer Content