.NET Framework Security

Paperback (Print)
Used and New from Other Sellers
Used and New from Other Sellers
from $1.99
Usually ships in 1-2 business days
(Save 96%)
Other sellers (Paperback)
  • All (18) from $1.99   
  • New (2) from $31.96   
  • Used (16) from $0.00   
Sort by
Page 1 of 1
Showing All
Note: Marketplace items are not eligible for any BN.com coupons and promotions
Seller since 2008

Feedback rating:



New — never opened or used in original packaging.

Like New — packaging may have been opened. A "Like New" item is suitable to give as a gift.

Very Good — may have minor signs of wear on packaging but item works perfectly and has no damage.

Good — item is in good condition but packaging may have signs of shelf wear/aging or torn packaging. All specific defects should be noted in the Comments section associated with each item.

Acceptable — item is in working order but may show signs of wear such as scratches or torn packaging. All specific defects should be noted in the Comments section associated with each item.

Used — An item that has been opened and may show signs of wear. All specific defects should be noted in the Comments section associated with each item.

Refurbished — A used item that has been renewed or updated and verified to be in proper working condition. Not necessarily completed by the original manufacturer.


Ships from: fallbrook, CA

Usually ships in 1-2 business days

  • Standard, 48 States
  • Standard (AK, HI)
Seller since 2008

Feedback rating:


Condition: New

Ships from: Chicago, IL

Usually ships in 1-2 business days

  • Standard, 48 States
  • Standard (AK, HI)
Page 1 of 1
Showing All
Sort by


In 1997, Microsoft embarked on a "bet the company" strategy that was to reinvent the way the company did business. Even before its release, .NET made major strides in reinventing the way that software developers viewed the software they wrote.

Now that it is released, .NET and the .NET Framework will change the software development process for good.

.NET Framework Security provides the ultimate high-end comprehensive reference to all of the new security features available in .NET. Through extensive code samples and step-by-step walkthroughs of configuration techniques, the reader is taken deep into the world of secure applications. Demonstrations of creating custom procedures and a full explanation of each aspect separate this book from many other "lecture books." Many of the concepts expressed in this book are not only viable in .NET, but on the Internet in general. These factors combined make this the one reference that every developer and system administrator should have.

.NET Framework Security provides

  • An extensive introduction to explanation of Code Access Security, the powerful new security system shipping in the .NET Framework
  • Information on how to write and test safe applications using the .NET Framework
  • Extensive coverage on how to effectively administer .NET Framework security
  • In-depth introduction to the cryptography library shipping in the .NET Framework, including an introduction to XML digital signatures
  • An overview of all of the new security features available in .NET
  • Code samples that can be used to implement security on your own Web site or application
  • Step-by-stemodifying the various configuration files associated with .NET, and an explanation of the elements involved
  • Instructions for all of the aspects of security in the CLR and what it means
  • How to use ASP.NET to create a secure application
  • Explanations for using the CryptoAPI libraries to create your own custom functionality
  • Guidelines on how to create secure network applications as well as applications that exist on the Internet
  • Detailed examples of how to establish security parameters in IIS that relate to ASP.NET
  • Instructions for administering .NET applications hosted in IE

Read More Show Less

Editorial Reviews

From The Critics
A reference guide to the use of the security features available in Microsoft's .NET framework. Code samples and configuration techniques are explained. Sixteen chapters discuss user- and code-identity-based security, membership conditions and code groups, strong naming assemblies, hosting managed code, verification and validation, data transport integrity. Further chapters cover material specific to administration and development concerns. Annotation c. Book News, Inc., Portland, OR
Read More Show Less

Product Details

  • ISBN-13: 9780672321849
  • Publisher: Pearson Education
  • Publication date: 4/24/2002
  • Pages: 816
  • Product dimensions: 7.30 (w) x 9.14 (h) x 1.79 (d)

Table of Contents

Introduction 1
Pt. I Introduction to the .NET Developer Platform Security 7
1 Common Security Problems on the Internet 9
2 Introduction to the Microsoft .NET Developer Platform 23
3 .NET Developer Platform Security Solutions 33
Pt. II Code Access Security Fundamentals 43
4 User- and Code-Identity-Based Security: Two Complementary Security Paradigms 45
5 Evidence: Knowing Where Code Comes From 57
6 Permissions: The Workhorse of Code Access Security 69
7 Walking the Stack 81
8 Membership Conditions, Code Groups, and Policy Levels: The Brick and Mortar of Security Policy 99
9 Understanding the Concepts of Strong Naming Assemblies 121
10 Hosting Managed Code 135
11 Verification and Validation: The Backbone of .NET Framework Security 149
12 Security Through the Lifetime of a Managed Process: Fitting It All Together 165
Pt. III ASP.NET and Web Services Security Fundamentals 179
13 Introduction to ASP.NET Security 181
14 Authentication: Know Who Is Accessing Your Site 197
15 Authorization: Control Who Is Accessing Your Site 221
16 Data Transport Integrity: Keeping Data Uncorrupted 229
Pt. IV .NET Framework Security Administration 241
17 Introduction: .NET Framework Security and Operating System Security 243
18 Administering Security Policy Using the .NET Framework Configuration Tool 265
19 Administering .NET Framework Security Policy Using Scripts and Security APIs 331
20 Administering an IIS Machine Using ASP.NET 373
21 Administering Clients for .NET Framework Mobile Code 405
22 Administering Isolated Storage and Cryptography Settings in the .NET Framework 413
Pt. V .NET Framework Security for Developers 437
23 Creating Secure Code: What All .NET Framework Developers Need to Know 439
24 Architecting a Secure Assembly 449
25 Implementing a Secure Assembly 463
26 Testing a Secured Assembly 529
27 Writing a Secure Web Site Using ASP.NET 553
28 Writing a Secure Web Application in the .NET Development Platform 571
29 Writing a Semi-Trusted Application 591
30 Using Cryptography with the .NET Framework: The Basics 609
31 Using Cryptography with the .NET Framework: Advanced Topics 669
32 Using Cryptography with the .NET Framework: Creating and Verifying XML Digital Signatures 699
Index 767
Read More Show Less


Welcome! The book you hold in your hands is a comprehensive guide androadmap to the security infrastructure of the Microsoft .NET Framework. The .NET Framework is Microsoft's new cross-language development environment for building rich client applications and XML Web Services. One of the key features of the .NET Framework is a robust security infrastructure that provides developers, administrators, and users with new levels of control over code that executes on their systems.

Whether you are a developer, administrator, or end user, this book will help you make the most of the .NET Framework security system and create, control, deploy, and use secure .NET applications.

Demystifying .NET Framework Security

Our primary goal in writing this book is to explain the .NET Framework securitysystem in detail and make it easy to understand. As a group, the authors have over 10 years of combined experience as members of the .NET Framework securityproduct team at Microsoft. We have gathered together in this book our combinedadvice, experience, and wisdom to help you make the .NET Framework securitysystem best serve your needs. We hope that you will find this book useful not only as an introduction to the fundamental security features of the .NET Framework but also as a frequent desktop reference as you author or administer applications.

This book is designed to serve the security needs of .NET developers, administrators, and end users. Developers who are currently writing code in one or more .NET languages (or planning to start a coding project) will find detailed instructions on how to perform security checks, how to write code conforming to the "principle of leastprivilege," and how to include security in your software architectures from the outset. For example, we will teach you how to use cryptographic strong names to protect your programs from outside modification and guarantee that they run with the same shared libraries with which you intended for them to run. We will also demonstrate how to create "semipublic" application programming interfaces (APIs) that can only be called by identities you specify. Debugging security exceptions and interpreting the data returned by the Common Language Runtime when your code is denied access to some protected operation are also covered in this book. Everything you need to know to develop secure components and applications iscontained herein.

If you are an administrator, you will find in the following chapters detailed examples showing how to modify security policy to tighten or loosen it as needed for your particular environment. We will walk you through all the common policy modification scenarios and show you how you can configure an entire enterprise from one location through the use of the .NET Framework's security configuration tool and the Windows Active Directory. We will also explain ASP.NET configuration for deploying secure Web Services with authentication and authorization customized to fit your needs.

For end users, our primary task in this book is to demonstrate how you can control the security behavior of .NET Framework applications running on your machine. Depending on your particular situation, you may need to administer portions of your security configuration to allow or refuse rights to particular applications. You may have encountered a security exception while executing an application and want to know why that exception occurred. You might also be trying to use a Web Service and need to understand its security requirements. All of these topics are covered in this book.

What Do You Need to Know Prior to Reading This Book?

We assume that if you are reading .NET Framework Security that you are already familiar with the .NET Framework, the Common Language Runtime, and one or more.NET programming languages (C++, C#, Visual Basic .NET, and so on). Nearly all of the examples in this book are written in the C# programming language, so some basic familiarity with C# will help you learn the most from the sample code. Every sample in this book could just as easily been written in Visual Basic .NET, or any of the other languages that compile to MSIL and run on top of the Common Language Runtime, so what you learn from the samples will be immediately applicable in your particular programming environment.

Some specific chapters in this book assume additional topic-specific knowledge. For example, the two chapters that discuss the cryptography classes in the .NETFramework (Chapter 30, "Using Cryptography with the .NET Framework: The Basicsand Chapter 31, "Using Cryptography with the .NET Framework: Advanced Topics")assume that you already have a basic understanding of cryptography. The chapters describing the security features of ASP.NET (Chapters 13 through 16) assume that the reader has previous exposure to the core features of ASP and/or ASP.NET. Chapter 18 ("Administering Security Policy Using the .NET Framework Configuration Tool") assumes basic familiarity with the Microsoft Management Console (MMC), because the .NET Framework Configuration tool is an MMC "snap-in" that works alongside other MMC-based configuration tools, such as the Device Manager.

What Software Will You Need to Complete the Examples Provided with This Book?

At a minimum, you will need to have the .NET Framework Software DevelopmentKit (SDK) installed on your computer to compile and run the samples shownthroughout this book. The .NET Framework SDK includes the Common LanguageRuntime, the .NET Framework class libraries, command-line compilers, and administration tools. You can install the .NET Framework SDK on any of the following versions of the Windows operating system: Windows NT 4.0 (with Service Pack 6a), Windows 2000 (at least Service Pack 2 recommended) or Windows XP Professional. The .NET Framework SDK can be downloaded for free from the Microsoft Developer Network Web site at http://msdn.microsoft.com/net/.Some of the examples in this book demonstrate solutions using Visual Studio .NET. Visual Studio .NET is Microsoft's premier integrated development environment (IDE) for writing programs on top of the .NET Framework. Visual Studio .NET includes the Visual Basic .NET, Visual C# .NET, and Visual C++ .NET compilers, an integrated editor, graphical debugger, design-time wizards, and other supporting tools. Visual Studio .NET is available in three product flavors—Professional, Enterprise Developer, and Enterprise Architect. (Note that if you are a member of the Microsoft Developer Network (MSDN), your subscription may already include Visual Studio .NET.) Complete product information for Visual Studio .NET may be found on the Web at http://msdn.microsoft.com/vstudio/.


Although the .NET Framework SDK is only available for Windows NT 4.0, Windows 2000, and Windows XP Professional, the .NET Framework Redistributable is available for Windows 98, Windows Millennium Edition, and Windows XP Home Edition in addition to the platforms supported by the SDK. Programs written on top of the .NET Framework require only that the Redistributable be present to run. Thus, while you need to run Windows NT 4.0, Windows 2000, or Windows XP Professional to develop .NET Framework programs, those programs can run on any of the platforms supported by the Redistributable.

Visual Studio .NET is currently available on the same platforms as the .NET Framework SDK—Windows NT 4.0 (Workstation and Server), Windows 2000 (Professional and Server), and Windows XP Professional.

How This Book Is Organized

We have arranged the content of this book into five broad sections. Each section is aimed at answering questions and providing examples for one or more of our core constituencies—developers, administrators, and end users. Because this book is intended to serve in part as a comprehensive reference guide to the .NET Framework security infrastructure, we recognize that each reader will be interested in different portions of the book and not everyone will need to read every chapter. We encourage everyone to begin by reading the three chapters that comprise Part I of the book (Chapters 1-3); they provide an introduction to the .NET Developer Platform, common security problems on the Internet, and an overview of how the .NET Framework security system addresses those concerns. After completing Part I, you should feel free to jump around and explore this book as you explore the various security features of the .NET Framework. Each chapter of the book (with a few noted exceptions) is designed to stand alone, so it is not necessary to read the book straight through.

The following is a quick summary of the contents of each of the five parts of the book:

  • Part I: Introduction to the .NET Developer Platform Security—The first part of the book, Chapters 1 through 3, introduces the Microsoft .NET Developer Platform, describes important general features of the platform, and provides an overview of the key security feature. We recommend that everyone read the chapters in this part first to provide common background material for the topic-specific discussions in the remainder of the book.
  • Part II: Code Access Security Fundamentals—Part II of the book details the architecture of the .NET Framework's "evidence-based security" model. Chapter 4, "User- and Code-Identity-Based Security: Two Complementary Security Paradigms," describes how the Framework's security system, which is based on code identity, builds on and complements the Windows NT/2000/XP security model that is based on user identity. The core elements of the evidence-based security model—evidence, permissions, stack-walking and policy objects—are detailed in Chapters 5 though 8. Chapter 9, "Understanding the Concepts of Strong Naming Assemblies," introduces strong names, a new technology that provides cryptographically secured unique namespaces for assemblies you author. Hosting the Common Language Runtime in your own programs is described in Chapter 10, "Hosting Managed Code." Type-safety verification, a key feature of MSIL and many languages that run on top of the .NET Developer Platform, is discussed in Chapter 11, "Verification and Validation: Backbone of .NET Framework Security." Finally, Chapter 12, "Security Through the Lifetime of a Managed Process: Fitting It All Together," provides a "walk-through" of the security decisions and processes that occur while designing, developing, deploying, and running a .NET Framework application.
  • Part III: ASP.NET and Web Services Security Fundamentals—Part III of this book concerns server-side security, specifically the security features of ASP.NET and Web Services. A brief introduction to the new features of ASP.NET is provided in Chapter 13, "Introduction to ASP.NET Security." Authentication and autho-rization in the ASP.NET model are discussed in Chapter 14, "Authentication: Know Who Is Accessing Your Site," and Chapter 15, "Authorization: Control Who Is Accessing Your Site." Channel integrity in ASP.NET, most commonly encountered on the Web through the use of the SSL/TLS family of encryption protocols, is covered in Chapter 16, "Data Transport Integrity: Keeping Data Uncorrupted."
  • Part IV: .NET Framework Security Administration—The chapters in Part IV of this book provide a comprehensive guide to administering the .NET Framework security system and ASP.NET. Whether you administer a single machine or your enterprise's entire network, these chapters will show you how to make modifications to the default security policy that is installed by the .NET Framework to meet your particular needs. Chapter 17, "Introduction: .NET Framework Security and Operating System Security," introduces the major components of .NET Framework security policy—code access security policy, ASP.NET configuration, Internet Explorer security settings, and Windows security configuration—and how they interact with one another. Chapter 18, "Administering Security Policy Using the .NET Framework Configuration Tool," provides a comprehensive tutorial on how to modify policy using the .NET Framework Security Configuration tool MMC snap-in. Scripting and programmatic interfaces to the security configuration system are discussed in Chapter 19, "Administering .NET Framework Security Policy Using Scripts and Security APIs." Chapter 20, "Administering an IIS Machine Using ASP.NET," covers ASP.NET configuration issues, and mobile code considerations are discussed in Chapter 21, "Administering Clients for .NET Framework Mobile Code." Configuration options for isolated storage and cryptography are contained in Chapter 22, "Administering Isolated Storage and Cryptography Settings in the .NET Framework."
  • Part V: .NET Framework Security for Developers—The final section of this book, Part V, is a guide for developers who want to write secure assemblies, author secure Web sites, create semi-trusted applications, or use cryptography and XML digital signatures in their applications. All developers should read Chapter 23, "Creating Secure Code: What All .NET Framework Developers Need to Know," for an overview of security-related tasks incumbent on developers building on the .NET Framework. Chapters 24 through 26 detail the process of architecting, building, and testing a secure assembly (a component designed to be shared and called by semi-trusted code). Included in these chapters are detailed examples showing how to make declarative and imperative security checks in your own code, implement custom permissions, work with and leverage strong names, and test the security aspects of your implementation. Security issues relevant to ASP.NET developers are the subject of Chapter 27, "Writing a Secure Web Site Using ASP.NET," and Chapter 28, "Writing a Secure Web Application in the .NET Development Platform." Chapter 29, "Writing a Semi-Trusted Application," describes how to program defensively, including the proper use of assembly-level permission requests and isolated storage. Finally, Chapters 30 and 31 cover the cryptography features that are included in the .NET Framework, and Chapter 32, "Using Cryptography with the .NET Framework: Creating and Verifying XML Digital Signatures," discusses the classes that implement the XML digital signature standard.

Read More Show Less

Customer Reviews

Average Rating 5
( 1 )
Rating Distribution

5 Star


4 Star


3 Star


2 Star


1 Star


Your Rating:

Your Name: Create a Pen Name or

Barnes & Noble.com Review Rules

Our reader reviews allow you to share your comments on titles you liked, or didn't, with others. By submitting an online review, you are representing to Barnes & Noble.com that all information contained in your review is original and accurate in all respects, and that the submission of such content by you and the posting of such content by Barnes & Noble.com does not and will not violate the rights of any third party. Please follow the rules below to help ensure that your review can be posted.

Reviews by Our Customers Under the Age of 13

We highly value and respect everyone's opinion concerning the titles we offer. However, we cannot allow persons under the age of 13 to have accounts at BN.com or to post customer reviews. Please see our Terms of Use for more details.

What to exclude from your review:

Please do not write about reviews, commentary, or information posted on the product page. If you see any errors in the information on the product page, please send us an email.

Reviews should not contain any of the following:

  • - HTML tags, profanity, obscenities, vulgarities, or comments that defame anyone
  • - Time-sensitive information such as tour dates, signings, lectures, etc.
  • - Single-word reviews. Other people will read your review to discover why you liked or didn't like the title. Be descriptive.
  • - Comments focusing on the author or that may ruin the ending for others
  • - Phone numbers, addresses, URLs
  • - Pricing and availability information or alternative ordering information
  • - Advertisements or commercial solicitation


  • - By submitting a review, you grant to Barnes & Noble.com and its sublicensees the royalty-free, perpetual, irrevocable right and license to use the review in accordance with the Barnes & Noble.com Terms of Use.
  • - Barnes & Noble.com reserves the right not to post any review -- particularly those that do not follow the terms and conditions of these Rules. Barnes & Noble.com also reserves the right to remove any review at any time without notice.
  • - See Terms of Use for other conditions and disclaimers.
Search for Products You'd Like to Recommend

Recommend other products that relate to your review. Just search for them below and share!

Create a Pen Name

Your Pen Name is your unique identity on BN.com. It will appear on the reviews you write and other website activities. Your Pen Name cannot be edited, changed or deleted once submitted.

Your Pen Name can be any combination of alphanumeric characters (plus - and _), and must be at least two characters long.

Continue Anonymously
Sort by: Showing 1 Customer Reviews
  • Anonymous

    Posted May 1, 2002

    This is the one.

    This is the best book to buy on .Net. Like all things digital, .Net has recently spawned a few other books of largely shoddy quality. This book, however, written by those who ought to know (Sebastian Lange & company) is the standout. It's clearly written, well- organized, and full of the right information. It's the best place to start, and until they update it, it'll be the place to stay.

    Was this review helpful? Yes  No   Report this review
Sort by: Showing 1 Customer Reviews

If you find inappropriate content, please report it to Barnes & Noble
Why is this product inappropriate?
Comments (optional)