With the spread of web-enabled desktop clients and web-server based applications, developers can no longer afford to treat security as an afterthought. It's one topic, in fact, that .NET forces you to address, since Microsoft has placed security-related features at the core of the .NET Framework. Yet, because a developer's carelessness or lack of experience can still allow a program to be used in an unintended way, Programming .NET Security shows you how the various tools will help you write secure applications. The book works as both a comprehensive tutorial and reference to security issues…mehr
With the spread of web-enabled desktop clients and web-server based applications, developers can no longer afford to treat security as an afterthought. It's one topic, in fact, that .NET forces you to address, since Microsoft has placed security-related features at the core of the .NET Framework. Yet, because a developer's carelessness or lack of experience can still allow a program to be used in an unintended way, Programming .NET Security shows you how the various tools will help you write secure applications. The book works as both a comprehensive tutorial and reference to security issues for .NET application development, and contains numerous practical examples in both the C-sharp and VB.NET languages. With Programming .NET Security, you will learn to apply sound security principles to your application designs, and to understand the concepts of identity, authentication and authorization and how they apply to .NET security. This guide also teaches you to: use the .NET run-time security features and .NET security namespaces and types to implement best-practices in your applications, including evidence, permissions, code identity and security policy, and role based and Code Access. Security (CAS) use the .NET cryptographic APIs , from hashing and common encryption algorithms to digital signatures and cryptographic keys, to protect your data. use COM+ component services in a secure manner. If you program with ASP.NET will also learn how to apply security to your applications. And the book also shows you how to use the Windows Event Log Service to audit Windows security violations that may be a threat to your solution. Authors Adam Freeman and Allen Jones, early .NET adopters and long-time proponents of an "end-to-end" security model, based this book on their years of experience in applying security policies and developing products for NASDAQ, Sun Microsystems, Netscape, Microsoft, and others. With the .NET platform placing security at center stage, the better informed you are, the more secure your project will be.Hinweis: Dieser Artikel kann nur an eine deutsche Lieferadresse ausgeliefert werden.
Adam Freeman is a professional programmer and the author of two early Java books, Programming the Internet with Java and Active Java, both published by Addison Wesley, as well as Java course materials. His recent experience architecting a green-field e-commerce platform has given him an in-depth understanding of the current security challenges facing those developing large scale distributed systems. Adam has previously worked for Netscape, Sun Microsystems and the NASDAQ stock exchange. Allen Jones has been developing Windows solutions since 1990 and working with Windows NT and Win32 since 1993. He was one of the first MCSEs to qualify anywhere in the world. For the last 3 years, Allen has been developing e-commerce and security systems for large corporations and financial institutions. He is a former employee of Microsoft in both Australia and the UK and co-author, with Adam Freeman, of C# for Java Developers and .NET XML Web Services Step by Step, both from Microsoft Press.
Inhaltsangabe
Dedication Preface How This Book Is Organized Who Should Read This Book Assumptions This Book Makes Conventions Used in This Book How to Contact Us Part I: Fundamentals Chapter 1: Security Fundamentals 1.1 The Need for Security 1.2 Roles in Security 1.3 Understanding Software Security 1.4 End-to-End Security Chapter 2: Assemblies 2.1 Assemblies Explained 2.2 Creating Assemblies 2.3 Shared Assemblies 2.4 Strong Names 2.5 Publisher Certificates 2.6 Decompiling Explained Chapter 3: Application Domains 3.1 Application Domains Explained Chapter 4: The Lifetime of a Secure Application 4.1 Designing a Secure .NET Application 4.2 Developing a Secure .NET Application 4.3 Security Testing a .NET Application 4.4 Deploying a .NET Application 4.5 Executing a .NET Application 4.6 Monitoring a .NET Application Part II: .NET Security Chapter 5: Introduction to Runtime Security 5.1 Runtime Security Explained 5.2 Introducing Role-Based Security 5.3 Introducing Code-Access Security 5.4 Introducing Isolated Storage Chapter 6: Evidence and Code Identity 6.1 Evidence Explained 6.2 Programming Evidence 6.3 Extending the .NET Framework Chapter 7: Permissions 7.1 Permissions Explained 7.2 Programming Code-Access Security 7.3 Extending the .NET Framework Chapter 8: Security Policy 8.1 Security Policy Explained 8.2 Programming Security Policy 8.3 Extending the .NET Framework Chapter 9: Administering Code-Access Security 9.1 Default Security Policy 9.2 Inspecting Declarative Security Statements 9.3 Using the .NET Framework Configuration Tool 9.4 Using the Code-Access Security Policy Tool Chapter 10: Role-Based Security 10.1 Role-Based Security Explained 10.2 Programming Role-Based Security Chapter 11: Isolated Storage 11.1 Isolated Storage Explained 11.2 Programming Isolated Storage 11.3 Administering Isolated Storage Part III: .NET Cryptography Chapter 12: Introduction to Cryptography 12.1 Cryptography Explained 12.2 Cryptography Is Key Management 12.3 Cryptographic Attacks Chapter 13: Hashing Algorithms 13.1 Hashing Algorithms Explained 13.2 Programming Hashing Algorithms 13.3 Keyed Hashing Algorithms Explained 13.4 Programming Keyed Hashing Algorithms 13.5 Extending the .NET Framework Chapter 14: Symmetric Encryption 14.1 Encryption Revisited 14.2 Symmetric Encryption Explained 14.3 Programming Symmetrical Encryption 14.4 Extending the .NET Framework Chapter 15: Asymmetric Encryption 15.1 Asymmetric Encryption Explained 15.2 Programming Asymmetrical Encryption 15.3 Extending the .NET Framework Chapter 16: Digital Signatures 16.1 Digital Signatures Explained 16.2 Programming Digital Signatures 16.3 Programming XML Signatures 16.4 Extending the .NET Framework Chapter 17: Cryptographic Keys 17.1 Cryptographic Keys Explained 17.2 Programming Cryptographic Keys 17.3 Extending the .NET Framework Part IV: .NET Application Frameworks Chapter 18: ASP.NET Application Security 18.1 ASP.NET Security Explained 18.2 Configuring the ASP.NET Worker Process Identity 18.3 Authentication 18.4 Authorization 18.5 Impersonation 18.6 ASP.NET and Code-Access Security Chapter 19: COM+ Security 19.1 COM+ Security Explained 19.2 Programming COM+ Security 19.3 Administering COM+ Security Chapter 20: The Event Log Service 20.1 The Event Log Service Explained 20.2 Programming the Event Log Service Part V: API Quick Reference Chapter 21: How to Use This Quick Reference 21.1 Finding a Quick-Reference Entry 21.2 Reading a Quick-Reference Entry Chapter 22: Converting from C# to VB Syntax 22.1 General Considerations 22.2 Classes 22.3 Structures 22.4 Interfaces 22.5 Class, Structure, and Interface Members 22.6 Delegates 22.7 Enumerations Chapter 23: The System.Security Namespace Chapter 24: The System.Security.Cryptography Namespace Chapter 25: The System.Security.Cryptography.X509Certificates Namespace Chapter 26: The System.Security.Cryptography.Xml Namespace Chapter 27: The System.Security.Permissions Namespace Chapter 28: The System.Security.Policy Namespace Chapter 29: The System.Security.Principal Namespace Colophon
