Building Secure Microsoft ASP.NET Applications

Building Secure Microsoft ASP.NET Applications

by Microsoft Corporation, Danielle Voeller Bird
     
 

Building secure distributed Web applications can be challenging. It usually involves integrating several different technologies and products—yet your complete application will only be as secure as its weakest link. This guide presents a practical, scenario-driven approach to designing and building security-enhanced ASP.NET applications for Microsoft®

…  See more details below

Overview

Building secure distributed Web applications can be challenging. It usually involves integrating several different technologies and products—yet your complete application will only be as secure as its weakest link. This guide presents a practical, scenario-driven approach to designing and building security-enhanced ASP.NET applications for Microsoft® Windows® 2000 and version 1.1 of the Microsoft .NET Framework. It focuses on the key elements of authentication, authorization, and secure communication within and across the tiers of distributed .NET Web applications.

This guide focuses on:

  • Authentication—to identify the clients of your application
  • Authorization—to provide access controls for those clients
  • Secure communication—to help ensure that messages remain private and are not altered by unauthorized parties

Who should read this guide:

Middleware developers and architects who build or plan to build .NET Web applications using ASP.NET, XML Web Services, Enterprise Services (COM+), .NET Remoting, or Microsoft ADO.NET

About “Patterns and Practices”:

Patterns & Practices contain specific recommendations illustrating how to design, build, deploy, and operate architecturally sound solutions to challenging business and technical scenarios. The technical guidance is reviewed and approved by Microsoft engineering teams, consultants, and Product Support Services, and by partners and customers.

Note: Includes complete sample on the Web.

Read More

Editorial Reviews

bn.com
The Barnes & Noble Review
You’ve just discovered a single source for the techniques you need to secure any ASP.NET web application. Building Secure Microsoft ASP.NET Applications covers authentication, authorization, and secure communications in every tier, addressing nearly every scenario you’re likely to encounter.

Microsoft’s security specialists begin with fundamental application security principles. Some, you’re already well aware of (use defense in depth). Others may require you to rethink your approach (“Reduce surface area”: Avoid exposing information that users don’t need. “Check at the gate”: Don’t always flow a user’s security context to the back end for authorization.)

After reviewing ASP.NET’s new security model, the authors offer practical guidance for designing effective authentication and authorization systems. Should you use Active Directory for authentication, or a custom data store? How do you handle non-Windows clients and servers? When should you depend on trusted subsystems, and when not?

Next, you’ll learn how to use SSL, IPSec, and RPC Encryption to secure sensitive data across networks and the Internet; and how to protect both intranet and extranet applications against both outsiders and rogue insiders.

You’ll find detailed coverage of securing XML-based web services; systems built with .NET Remoting; and data access connections to SQL Server 2000. There’s also a full chapter on protecting .NET “Enterprise Services”: distributed transactions, object pooling, concurrency management, and other middleware functions.

The book closes with security troubleshooting, and several invaluable “How-to” chapters. Among these: authenticating SQL Server forms; securing database communications; calling web services via SSL; and using the Win32 Data Protection API. Bill Camarda

Bill Camarda is a consultant, writer, and web/multimedia content developer. His 15 books include Special Edition Using Word 2000 and Upgrading & Fixing Networks for Dummies, Second Edition.

Read More

Product Details

ISBN-13:
9780735618909
Publisher:
Microsoft Press
Publication date:
02/05/2003
Series:
Developer Reference Series
Pages:
624
Product dimensions:
7.46(w) x 9.14(h) x 1.33(d)

Meet the Author

Founded in 1975, Microsoft® is the worldwide leader in software, services, and solutions that help people and businesses realize their full potential. Since 1988, Microsoft has been building accessibility options right into its products to enable everyone to personalize their PCs to make them easier and more comfortable to see, hear, and use.

Customer Reviews

Average Review:

Write a Review

and post it to your social network

     

Most Helpful Customer Reviews

See all customer reviews >