- Shopping Bag ( 0 items )
Now that it is released, .NET and the .NET Framework will change the software development process for good.
.NET Framework Security provides the ultimate high-end comprehensive reference to all of the new security features available in .NET. Through extensive code samples and step-by-step walkthroughs of configuration techniques, the reader is taken deep into the world of secure applications. Demonstrations of creating custom procedures and a full explanation of each aspect separate this book from many other "lecture books." Many of the concepts expressed in this book are not only viable in .NET, but on the Internet in general. These factors combined make this the one reference that every developer and system administrator should have.
.NET Framework Security provides
|Pt. I||Introduction to the .NET Developer Platform Security||7|
|1||Common Security Problems on the Internet||9|
|2||Introduction to the Microsoft .NET Developer Platform||23|
|3||.NET Developer Platform Security Solutions||33|
|Pt. II||Code Access Security Fundamentals||43|
|4||User- and Code-Identity-Based Security: Two Complementary Security Paradigms||45|
|5||Evidence: Knowing Where Code Comes From||57|
|6||Permissions: The Workhorse of Code Access Security||69|
|7||Walking the Stack||81|
|8||Membership Conditions, Code Groups, and Policy Levels: The Brick and Mortar of Security Policy||99|
|9||Understanding the Concepts of Strong Naming Assemblies||121|
|10||Hosting Managed Code||135|
|11||Verification and Validation: The Backbone of .NET Framework Security||149|
|12||Security Through the Lifetime of a Managed Process: Fitting It All Together||165|
|Pt. III||ASP.NET and Web Services Security Fundamentals||179|
|13||Introduction to ASP.NET Security||181|
|14||Authentication: Know Who Is Accessing Your Site||197|
|15||Authorization: Control Who Is Accessing Your Site||221|
|16||Data Transport Integrity: Keeping Data Uncorrupted||229|
|Pt. IV||.NET Framework Security Administration||241|
|17||Introduction: .NET Framework Security and Operating System Security||243|
|18||Administering Security Policy Using the .NET Framework Configuration Tool||265|
|19||Administering .NET Framework Security Policy Using Scripts and Security APIs||331|
|20||Administering an IIS Machine Using ASP.NET||373|
|21||Administering Clients for .NET Framework Mobile Code||405|
|22||Administering Isolated Storage and Cryptography Settings in the .NET Framework||413|
|Pt. V||.NET Framework Security for Developers||437|
|23||Creating Secure Code: What All .NET Framework Developers Need to Know||439|
|24||Architecting a Secure Assembly||449|
|25||Implementing a Secure Assembly||463|
|26||Testing a Secured Assembly||529|
|27||Writing a Secure Web Site Using ASP.NET||553|
|28||Writing a Secure Web Application in the .NET Development Platform||571|
|29||Writing a Semi-Trusted Application||591|
|30||Using Cryptography with the .NET Framework: The Basics||609|
|31||Using Cryptography with the .NET Framework: Advanced Topics||669|
|32||Using Cryptography with the .NET Framework: Creating and Verifying XML Digital Signatures||699|
Whether you are a developer, administrator, or end user, this book will help you make the most of the .NET Framework security system and create, control, deploy, and use secure .NET applications.
Our primary goal in writing this book is to explain the .NET Framework securitysystem in detail and make it easy to understand. As a group, the authors have over 10 years of combined experience as members of the .NET Framework securityproduct team at Microsoft. We have gathered together in this book our combinedadvice, experience, and wisdom to help you make the .NET Framework securitysystem best serve your needs. We hope that you will find this book useful not only as an introduction to the fundamental security features of the .NET Framework but also as a frequent desktop reference as you author or administer applications.
This book is designed to serve the security needs of .NET developers, administrators, and end users. Developers who are currently writing code in one or more .NET languages (or planning to start a coding project) will find detailed instructions on how to perform security checks, how to write code conforming to the "principle of leastprivilege," and how to include security in your software architectures from the outset. For example, we will teach you how to use cryptographic strong names to protect your programs from outside modification and guarantee that they run with the same shared libraries with which you intended for them to run. We will also demonstrate how to create "semipublic" application programming interfaces (APIs) that can only be called by identities you specify. Debugging security exceptions and interpreting the data returned by the Common Language Runtime when your code is denied access to some protected operation are also covered in this book. Everything you need to know to develop secure components and applications iscontained herein.
If you are an administrator, you will find in the following chapters detailed examples showing how to modify security policy to tighten or loosen it as needed for your particular environment. We will walk you through all the common policy modification scenarios and show you how you can configure an entire enterprise from one location through the use of the .NET Framework's security configuration tool and the Windows Active Directory. We will also explain ASP.NET configuration for deploying secure Web Services with authentication and authorization customized to fit your needs.
For end users, our primary task in this book is to demonstrate how you can control the security behavior of .NET Framework applications running on your machine. Depending on your particular situation, you may need to administer portions of your security configuration to allow or refuse rights to particular applications. You may have encountered a security exception while executing an application and want to know why that exception occurred. You might also be trying to use a Web Service and need to understand its security requirements. All of these topics are covered in this book.
We assume that if you are reading .NET Framework Security that you are already familiar with the .NET Framework, the Common Language Runtime, and one or more.NET programming languages (C++, C#, Visual Basic .NET, and so on). Nearly all of the examples in this book are written in the C# programming language, so some basic familiarity with C# will help you learn the most from the sample code. Every sample in this book could just as easily been written in Visual Basic .NET, or any of the other languages that compile to MSIL and run on top of the Common Language Runtime, so what you learn from the samples will be immediately applicable in your particular programming environment.
Some specific chapters in this book assume additional topic-specific knowledge. For example, the two chapters that discuss the cryptography classes in the .NETFramework (Chapter 30, "Using Cryptography with the .NET Framework: The Basicsand Chapter 31, "Using Cryptography with the .NET Framework: Advanced Topics")assume that you already have a basic understanding of cryptography. The chapters describing the security features of ASP.NET (Chapters 13 through 16) assume that the reader has previous exposure to the core features of ASP and/or ASP.NET. Chapter 18 ("Administering Security Policy Using the .NET Framework Configuration Tool") assumes basic familiarity with the Microsoft Management Console (MMC), because the .NET Framework Configuration tool is an MMC "snap-in" that works alongside other MMC-based configuration tools, such as the Device Manager.
At a minimum, you will need to have the .NET Framework Software DevelopmentKit (SDK) installed on your computer to compile and run the samples shownthroughout this book. The .NET Framework SDK includes the Common LanguageRuntime, the .NET Framework class libraries, command-line compilers, and administration tools. You can install the .NET Framework SDK on any of the following versions of the Windows operating system: Windows NT 4.0 (with Service Pack 6a), Windows 2000 (at least Service Pack 2 recommended) or Windows XP Professional. The .NET Framework SDK can be downloaded for free from the Microsoft Developer Network Web site at http://msdn.microsoft.com/net/.Some of the examples in this book demonstrate solutions using Visual Studio .NET. Visual Studio .NET is Microsoft's premier integrated development environment (IDE) for writing programs on top of the .NET Framework. Visual Studio .NET includes the Visual Basic .NET, Visual C# .NET, and Visual C++ .NET compilers, an integrated editor, graphical debugger, design-time wizards, and other supporting tools. Visual Studio .NET is available in three product flavors—Professional, Enterprise Developer, and Enterprise Architect. (Note that if you are a member of the Microsoft Developer Network (MSDN), your subscription may already include Visual Studio .NET.) Complete product information for Visual Studio .NET may be found on the Web at http://msdn.microsoft.com/vstudio/.
Although the .NET Framework SDK is only available for Windows NT 4.0, Windows 2000, and Windows XP Professional, the .NET Framework Redistributable is available for Windows 98, Windows Millennium Edition, and Windows XP Home Edition in addition to the platforms supported by the SDK. Programs written on top of the .NET Framework require only that the Redistributable be present to run. Thus, while you need to run Windows NT 4.0, Windows 2000, or Windows XP Professional to develop .NET Framework programs, those programs can run on any of the platforms supported by the Redistributable.
Visual Studio .NET is currently available on the same platforms as the .NET Framework SDK—Windows NT 4.0 (Workstation and Server), Windows 2000 (Professional and Server), and Windows XP Professional.
We have arranged the content of this book into five broad sections. Each section is aimed at answering questions and providing examples for one or more of our core constituencies—developers, administrators, and end users. Because this book is intended to serve in part as a comprehensive reference guide to the .NET Framework security infrastructure, we recognize that each reader will be interested in different portions of the book and not everyone will need to read every chapter. We encourage everyone to begin by reading the three chapters that comprise Part I of the book (Chapters 1-3); they provide an introduction to the .NET Developer Platform, common security problems on the Internet, and an overview of how the .NET Framework security system addresses those concerns. After completing Part I, you should feel free to jump around and explore this book as you explore the various security features of the .NET Framework. Each chapter of the book (with a few noted exceptions) is designed to stand alone, so it is not necessary to read the book straight through.
The following is a quick summary of the contents of each of the five parts of the book:
Posted May 1, 2002
This is the best book to buy on .Net. Like all things digital, .Net has recently spawned a few other books of largely shoddy quality. This book, however, written by those who ought to know (Sebastian Lange & company) is the standout. It's clearly written, well- organized, and full of the right information. It's the best place to start, and until they update it, it'll be the place to stay.Was this review helpful? Yes NoThank you for your feedback. Report this reviewThank you, this review has been flagged.