- Shopping Bag ( 0 items )
Any company using .NET will eventually (if it hasn't already) expose part of its functionality as a .NET Web service, and securing these features will become job number one.Expert Web Services Security in the .NET Platform is a comprehensive treatment on how to secure Web services on the .NET platform. This book specifically focuses on Web services security, not general .NET security.
Authors Brian Nantz and Laurence Moroney lay the foundation for a complete discussion of Web services security in the .NET platform by first describing the key aspects of security for the Windows operating system, Internet Information Services, and ASP.NET. They show developers how to use the WS-Security W3C specifications for industry-standard authentication, encryption, authorization, XML signature, attachments, and routing with Web services. The specific working code examples and clear-cut explanations will assist developers in readily integrating Web services security into their applications.
|Ch. 1||Web services and XML standards||1|
|Ch. 2||Windows security||27|
|Ch. 3||ASP.NET architectural overview||57|
|Ch. 4||Security tools and tips||77|
|Ch. 5||.NET cryptography||107|
|Ch. 6||Web services and integrated Windows security||129|
|Ch. 7||Web services over SSL||151|
|Ch. 8||WS-security with the WSE||171|
|Ch. 9||Using SQL Server with ASP.NET||191|
|Ch. 10||.NET IL obfuscation and intellectual property||219|
Posted November 13, 2004
The book offers a good general description of Web Services. And specifically on how to make a simple Web Service using the .NET platform. But the thrust of the book is in showing how to incorporate cryptographic methods into the WS communications. The authors claim that perhaps the most important reason that WS have not taken off is security. Without a secure authentication and authorisation of messages, companies are leery about exposing their data via WS. So the book devotes most of its space to the various cryptographic issues involved in .NET and WS. Some of this is not restricted to WS. For example, you may want to encrypt a channel, over which you will send sensitive data. That data might be a WS message, or something else. Hence, we get explanations of Active Directory, which handles a lot of these grubby details. Later, they discuss public key cryptography. Which they term asynchronous encryption; not a widely used term. They contrast this to synchronous encryption, which most others call symmetric encryption. But having said this, the book does offer a reasonable guide to using C# and .NET for WS. What is left for the reader is the much harder problem. That of designing a useful.Was this review helpful? Yes NoThank you for your feedback. Report this reviewThank you, this review has been flagged.