Expert Web Services Security in the .NET Platform / Edition 1by Laurence Moroney, Brian Nantz
Pub. Date: 11/04/2004
Any company using .NET will eventually (if it hasn't already) expose part of its functionality as a .NET Web service, and securing these features will become job number one.Expert Web Services Security in the .NET Platform is a comprehensive treatment on how to secure Web services on the .NET platform. This book specifically focuses on Web services security,/i>
Any company using .NET will eventually (if it hasn't already) expose part of its functionality as a .NET Web service, and securing these features will become job number one.Expert Web Services Security in the .NET Platform is a comprehensive treatment on how to secure Web services on the .NET platform. This book specifically focuses on Web services security, not general .NET security.
Authors Brian Nantz and Laurence Moroney lay the foundation for a complete discussion of Web services security in the .NET platform by first describing the key aspects of security for the Windows operating system, Internet Information Services, and ASP.NET. They show developers how to use the WS-Security W3C specifications for industry-standard authentication, encryption, authorization, XML signature, attachments, and routing with Web services. The specific working code examples and clear-cut explanations will assist developers in readily integrating Web services security into their applications.
- Publication date:
- Edition description:
- Product dimensions:
- 7.50(w) x 9.00(h) x 7.50(d)
Table of Contents
Chapter 1: The Security Process on the Win32 Platform; Chapter 2: IIS, The ASP.NET Worker Process and ISAPI; Chapter 3: .NET Framework Security; Chapter 4: Security Policy Administration; Chapter 5: Administration Tools; Chapter 6: Authentication in ASP.NET; Chapter 7: Web Services and Security; Chapter 8: The Microsoft Federated Security and Identity Roadmap
and post it to your social network
Most Helpful Customer Reviews
See all customer reviews >
The book offers a good general description of Web Services. And specifically on how to make a simple Web Service using the .NET platform. But the thrust of the book is in showing how to incorporate cryptographic methods into the WS communications. The authors claim that perhaps the most important reason that WS have not taken off is security. Without a secure authentication and authorisation of messages, companies are leery about exposing their data via WS. So the book devotes most of its space to the various cryptographic issues involved in .NET and WS. Some of this is not restricted to WS. For example, you may want to encrypt a channel, over which you will send sensitive data. That data might be a WS message, or something else. Hence, we get explanations of Active Directory, which handles a lot of these grubby details. Later, they discuss public key cryptography. Which they term asynchronous encryption; not a widely used term. They contrast this to synchronous encryption, which most others call symmetric encryption. But having said this, the book does offer a reasonable guide to using C# and .NET for WS. What is left for the reader is the much harder problem. That of designing a useful.