Main Page

  
Programming .NET Security
By Adam Freeman, Allen Jones
 
Publisher: O'Reilly
Pub Date: June 2003
ISBN: 0-596-00442-7
Pages: 714


With the spread of web-enabled desktop clients and web-server based applications, developers can no longer afford to treat security as an afterthought. It's one topic, in fact, that .NET forces you to address, since Microsoft has placed security-related features at the core of the .NET Framework. Yet, because a developer's carelessness or lack of experience can still allow a program to be used in an unintended way, Programming .NET Security shows you how the various tools will help you write secure applications.

  
• Table of Contents
• Index
• Reviews
• Reader Reviews
• Errata
Programming .NET Security
By Adam Freeman, Allen Jones
 
Publisher: O'Reilly
Pub Date: June 2003
ISBN: 0-596-00442-7
Pages: 714
   Copyright
   Dedication
   Preface
      How This Book Is Organized
      Who Should Read This Book
      Assumptions This Book Makes
      Conventions Used in This Book
      How to Contact Us
    Part I:  Fundamentals
      Chapter 1.  Security Fundamentals
      Section 1.1.  The Need for Security
      Section 1.2.  Roles in Security
      Section 1.3.  Understanding Software Security
      Section 1.4.  End-to-End Security
      Chapter 2.  Assemblies
      Section 2.1.  Assemblies Explained
      Section 2.2.  Creating Assemblies
      Section 2.3.  Shared Assemblies
      Section 2.4.  Strong Names
      Section 2.5.  Publisher Certificates
      Section 2.6.  Decompiling Explained
      Chapter 3.  Application Domains
      Section 3.1.  Application Domains Explained
      Chapter 4.  The Lifetime of a Secure Application
      Section 4.1.  Designing a Secure .NET Application
      Section 4.2.  Developing a Secure .NET Application
      Section 4.3.  Security Testing a .NET Application
      Section 4.4.  Deploying a .NET Application
      Section 4.5.  Executing a .NET Application
      Section 4.6.  Monitoring a .NET Application
    Part II:  .NET Security
      Chapter 5.  Introduction to Runtime Security
      Section 5.1.  Runtime Security Explained
      Section 5.2.  Introducing Role-Based Security
      Section 5.3.  Introducing Code-Access Security
      Section 5.4.  Introducing Isolated Storage
      Chapter 6.  Evidence and Code Identity
      Section 6.1.  Evidence Explained
      Section 6.2.  Programming Evidence
      Section 6.3.  Extending the .NET Framework
      Chapter 7.  Permissions
      Section 7.1.  Permissions Explained
      Section 7.2.  Programming Code-Access Security
      Section 7.3.  Extending the .NET Framework
      Chapter 8.  Security Policy
      Section 8.1.  Security Policy Explained
      Section 8.2.  Programming Security Policy
      Section 8.3.  Extending the .NET Framework
      Chapter 9.  Administering Code-Access Security
      Section 9.1.  Default Security Policy
      Section 9.2.  Inspecting Declarative Security Statements
      Section 9.3.  Using the .NET Framework Configuration Tool
      Section 9.4.  Using the Code-Access Security Policy Tool
      Chapter 10.  Role-Based Security
      Section 10.1.  Role-Based Security Explained
      Section 10.2.  Programming Role-Based Security
      Chapter 11.  Isolated Storage
      Section 11.1.  Isolated Storage Explained
      Section 11.2.  Programming Isolated Storage
      Section 11.3.  Administering Isolated Storage
    Part III:  .NET Cryptography
      Chapter 12.  Introduction to Cryptography
      Section 12.1.  Cryptography Explained
      Section 12.2.  Cryptography Is Key Management
      Section 12.3.  Cryptographic Attacks
      Chapter 13.  Hashing Algorithms
      Section 13.1.  Hashing Algorithms Explained
      Section 13.2.  Programming Hashing Algorithms
      Section 13.3.  Keyed Hashing Algorithms Explained
      Section 13.4.  Programming Keyed Hashing Algorithms
      Section 13.5.  Extending the .NET Framework
      Chapter 14.  Symmetric Encryption
      Section 14.1.  Encryption Revisited
      Section 14.2.  Symmetric Encryption Explained
      Section 14.3.  Programming Symmetrical Encryption
      Section 14.4.  Extending the .NET Framework
      Chapter 15.  Asymmetric Encryption
      Section 15.1.  Asymmetric Encryption Explained
      Section 15.2.  Programming Asymmetrical Encryption
      Section 15.3.  Extending the .NET Framework
      Chapter 16.  Digital Signatures
      Section 16.1.  Digital Signatures Explained
      Section 16.2.  Programming Digital Signatures
      Section 16.3.  Programming XML Signatures
      Section 16.4.  Extending the .NET Framework
      Chapter 17.  Cryptographic Keys
      Section 17.1.  Cryptographic Keys Explained
      Section 17.2.  Programming Cryptographic Keys
      Section 17.3.  Extending the .NET Framework
    Part IV:  .NET Application Frameworks
      Chapter 18.  ASP.NET Application Security
      Section 18.1.  ASP.NET Security Explained
      Section 18.2.  Configuring the ASP.NET Worker Process Identity
      Section 18.3.  Authentication
      Section 18.4.  Authorization
      Section 18.5.  Impersonation
      Section 18.6.  ASP.NET and Code-Access Security
      Chapter 19.  COM+ Security
      Section 19.1.  COM+ Security Explained
      Section 19.2.  Programming COM+ Security
      Section 19.3.  Administering COM+ Security
      Chapter 20.  The Event Log Service
      Section 20.1.  The Event Log Service Explained
      Section 20.2.  Programming the Event Log Service
    Part V:  API Quick Reference
      Chapter 21.  How to Use This Quick Reference
      Section 21.1.  Finding a Quick-Reference Entry
      Section 21.2.  Reading a Quick-Reference Entry
      Chapter 22.  Converting from C# to VB Syntax
      Section 22.1.  General Considerations
      Section 22.2.  Classes
      Section 22.3.  Structures
      Section 22.4.  Interfaces
      Section 22.5.  Class, Structure, and Interface Members
      Section 22.6.  Delegates
      Section 22.7.  Enumerations
      Chapter 23.  The System.Security Namespace
      AllowPartiallyTrustedCallersAttribute
      CodeAccessPermission
      IEvidenceFactory
      IPermission
      ISecurityEncodable
      ISecurityPolicyEncodable
      IStackWalk
      NamedPermissionSet
      PermissionSet
      PolicyLevelType
      SecurityElement
      SecurityException
      SecurityManager
      SecurityZone
      SuppressUnmanagedCodeSecurityAttribute
      UnverifiableCodeAttribute
      VerificationException
      XmlSyntaxException
      Chapter 24.  The System.Security.Cryptography Namespace
      AsymmetricAlgorithm
      AsymmetricKeyExchangeDeformatter
      AsymmetricKeyExchangeFormatter
      AsymmetricSignatureDeformatter
      AsymmetricSignatureFormatter
      CipherMode
      CryptoAPITransform
      CryptoConfig
      CryptographicException
      CryptographicUnexpectedOperationException
      CryptoStream
      CryptoStreamMode
      CspParameters
      CspProviderFlags
      DeriveBytes
      DES
      DESCryptoServiceProvider
      DSA
      DSACryptoServiceProvider
      DSAParameters
      DSASignatureDeformatter
      DSASignatureFormatter
      FromBase64Transform
      FromBase64TransformMode
      HashAlgorithm
      HMACSHA1
      ICryptoTransform
      KeyedHashAlgorithm
      KeySizes
      MACTripleDES
      MaskGenerationMethod
      MD5
      MD5CryptoServiceProvider
      PaddingMode
      PasswordDeriveBytes
      PKCS1MaskGenerationMethod
      RandomNumberGenerator
      RC2
      RC2CryptoServiceProvider
      Rijndael
      RijndaelManaged
      RNGCryptoServiceProvider
      RSA
      RSACryptoServiceProvider
      RSAOAEPKeyExchangeDeformatter
      RSAOAEPKeyExchangeFormatter
      RSAParameters
      RSAPKCS1KeyExchangeDeformatter
      RSAPKCS1KeyExchangeFormatter
      RSAPKCS1SignatureDeformatter
      RSAPKCS1SignatureFormatter
      SHA1
      SHA1CryptoServiceProvider
      SHA1Managed
      SHA256
      SHA256Managed
      SHA384
      SHA384Managed
      SHA512
      SHA512Managed
      SignatureDescription
      SymmetricAlgorithm
      ToBase64Transform
      TripleDES
      TripleDESCryptoServiceProvider
      Chapter 25.  The System.Security.Cryptography.X509Certificates Namespace
      X509Certificate
      X509CertificateCollection
      X509CertificateCollection.X509CertificateEnumerator
      Chapter 26.  The System.Security.Cryptography.Xml Namespace
      DataObject
      DSAKeyValue
      KeyInfo
      KeyInfoClause
      KeyInfoName
      KeyInfoNode
      KeyInfoRetrievalMethod
      KeyInfoX509Data
      Reference
      RSAKeyValue
      Signature
      SignedInfo
      SignedXml
      Transform
      TransformChain
      XmlDsigBase64Transform
      XmlDsigC14NTransform
      XmlDsigC14NWithCommentsTransform
      XmlDsigEnvelopedSignatureTransform
      XmlDsigXPathTransform
      XmlDsigXsltTransform
      Chapter 27.  The System.Security.Permissions Namespace
      CodeAccessSecurityAttribute
      EnvironmentPermission
      EnvironmentPermissionAccess
      EnvironmentPermissionAttribute
      FileDialogPermission
      FileDialogPermissionAccess
      FileDialogPermissionAttribute
      FileIOPermission
      FileIOPermissionAccess
      FileIOPermissionAttribute
      IsolatedStorageContainment
      IsolatedStorageFilePermission
      IsolatedStorageFilePermissionAttribute
      IsolatedStoragePermission
      IsolatedStoragePermissionAttribute
      IUnrestrictedPermission
      PermissionSetAttribute
      PermissionState
      PrincipalPermission
      PrincipalPermissionAttribute
      PublisherIdentityPermission
      PublisherIdentityPermissionAttribute
      ReflectionPermission
      ReflectionPermissionAttribute
      ReflectionPermissionFlag
      RegistryPermission
      RegistryPermissionAccess
      RegistryPermissionAttribute
      ResourcePermissionBase
      ResourcePermissionBaseEntry
      SecurityAction
      SecurityAttribute
      SecurityPermission
      SecurityPermissionAttribute
      SecurityPermissionFlag
      SiteIdentityPermission
      SiteIdentityPermissionAttribute
      StrongNameIdentityPermission
      StrongNameIdentityPermissionAttribute
      StrongNamePublicKeyBlob
      UIPermission
      UIPermissionAttribute
      UIPermissionClipboard
      UIPermissionWindow
      UrlIdentityPermission
      UrlIdentityPermissionAttribute
      ZoneIdentityPermission
      ZoneIdentityPermissionAttribute
      Chapter 28.  The System.Security.Policy Namespace
      AllMembershipCondition
      ApplicationDirectory
      ApplicationDirectoryMembershipCondition
      CodeGroup
      Evidence
      FileCodeGroup
      FirstMatchCodeGroup
      Hash
      HashMembershipCondition
      IIdentityPermissionFactory
      IMembershipCondition
      NetCodeGroup
      PermissionRequestEvidence
      PolicyException
      PolicyLevel
      PolicyStatement
      PolicyStatementAttribute
      Publisher
      PublisherMembershipCondition
      Site
      SiteMembershipCondition
      StrongName
      StrongNameMembershipCondition
      UnionCodeGroup
      Url
      UrlMembershipCondition
      Zone
      ZoneMembershipCondition
      Chapter 29.  The System.Security.Principal Namespace
      GenericIdentity
      GenericPrincipal
      IIdentity
      IPrincipal
      PrincipalPolicy
      WindowsAccountType
      WindowsBuiltInRole
      WindowsIdentity
      WindowsImpersonationContext
      WindowsPrincipal
   Colophon
   Index