Table of Contents

.net development security solutions
.NET Development Security Solutions
byJohn Paul Mueller ISBN:0782142664
Sybex 2003 (471 pages)

This guide leads you through the differences in Studio in the .NET framework that didn't appear in older versions of Visual Studio, helps you understand the new rules for .NET security, and helps you fix problems created by holes in the .NET security.

has companion web siteCompanion Web Site

Table of Contents
.NET Development Security Solutions
Part I - Introduction to .NET Security
Chapter 1 - Understanding .NET Security
Chapter 2 - .NET Framework Security Overview
Chapter 3 - Avoiding Common Errors and Traps
Part II - Desktop and LAN Security
Chapter 4 - .NET Role-Based Security Techniques
Chapter 5 - Policies and Code Groups in Detail
Chapter 6 - Validation and Verification Issues
Chapter 7 - .NET Cryptographic Techniques
Chapter 8 - LAN Security Requirements
Part III - Web-based Security
Chapter 9 - Web Server Security
Chapter 10 - Web Data Security
Chapter 11 - Securing XML and Web Services
Part IV - Other Security Topics
Chapter 12 - Active Directory Security
Chapter 13 - Wireless Device Security
Chapter 14 - Win32 API Overview
Chapter 15 - Win32 API Advanced Techniques
List of Figures
List of Tables
List of Listings
List of Sidebars

Back Cover

The .NET Framework offers new, more effective ways to secure your Web and LAN-based applications. Sybex’s .NET Development Security Solutions uses detailed, code-intensive examples—lots of them—to teach you the right techniques for most scenarios you’re likely to encounter. This is not an introduction to security; it’s an advanced cookbook that shows experienced programmers how to meet tough security challenges:

  • Recognize and avoid dangerous traps—including holes in .NET
  • Work fluently with both role-based and code access security
  • Maximize the security advantages of policies and code groups
  • Promote security using Active Directory
  • Secure data with .NET cryptographic techniques
  • Meet the toughest LAN security requirements
  • Tackle special security issues associated with Web and wireless applications
  • Implement Win32 API security in managed applications

Uniting this instruction is a coherent, cohesive mindset that will help you take the human factor into account at every step. You’ll become technically proficient with all the tools at your disposal—and, at the same time, you’ll learn to make your solutions more powerful by crafting them in ways that dovetail with users’ needs—and foibles—and anticipate cracker exploits.

About the Author

John Paul Mueller is a freelance author and technical editor who has produced 60 books and over 200 articles. John has provided technical editing services to both Data Based Advisor and Coast Compute magazines. He has also contributed articles to magazines such as InformIT, SQL Server Professional, Visual C++ Developer and Visual Basic Developer. He is the editor of the .NET electronic newsletter for Pinnacle Publishing.

.NET Development Security Solutions

John Paul Mueller

San Francisco • London

Associate Publisher: Joel Fugazzotto
Acquisitions and Developmental Editor: Tom Cirtin
Production Editor: Leslie E.H. Light
Technical Editor: David M. Clark
Copyeditor: Cheryl Hauser
Compositor: Scott Benoit
Proofreaders: Emily Hsuan, Monique van den Berg, Eric Lach, Nancy Riddiough
Indexer: Lynnzee Elze
Cover Designer: Caryl Gorska/Gorska Design
Cover Illustrator/Photographer: Glen Allison/PhotoDisc

Copyright 2003 SYBEX Inc., 1151 Marina Village Parkway, Alameda, CA 94501. World rights reserved. No part of this publication may be stored in a retrieval system, transmitted, or reproduced in any way, including but not limited to photocopy, photograph, magnetic, or other record, without the prior agreement and written permission of the publisher.

Library of Congress Card Number: 2003107709

ISBN: 0-7821-4266-4

SYBEX and the SYBEX logo are either registered trademarks or trademarks of SYBEX Inc. in the United States and/or other countries.

Transcend Technique is a trademark of SYBEX Inc.

Screen reproductions produced with Paintshop Pro.

Internet screen shot(s) using Microsoft Internet Explorer reprinted by permission from Microsoft Corporation.

TRADEMARKS: SYBEX has attempted throughout this book to distinguish proprietary trademarks from descriptive terms by following the capitalization style used by the manufacturer.

The author and publisher have made their best efforts to prepare this book, and the content is based upon final release software whenever possible. Portions of the manuscript may be based upon pre-release versions supplied by software manufacturer(s). The author and the publisher make no representation or warranties of any kind with regard to the completeness or accuracy of the contents herein and accept no liability of any kind including but not limited to performance, merchantability, fitness for any particular purpose, or any losses or damages of any kind caused or alleged to be caused directly or indirectly from this book.

Manufactured in the United States of America

10 9 8 7 6 5 4 3 2 1

With loving thoughts of my wife of 23 years on the occasion of our anniversary.


Thanks to my wife, Rebecca, for working with me to get this book completed. I really don’t know what I would have done without her help in researching and compiling some of the information that appears in this book. She also did a fine job of proofreading my rough draft and the final result.

David Clark deserves thanks for his technical edit of this book. He greatly added to the accuracy and depth of the material you see here. David also contributed a number of great URLs and interesting ideas. His attention to detail is especially appreciated in a book of this type.

Matt Wagner, my agent, deserves credit for helping me get the contract in the first place and taking care of all the details that most authors don’t really consider. I always appreciate his help. It’s good to know that someone wants to help.

Finally, I would like to thank Tom Cirtin, Leslie Light, Cheryl Hauser, Scott Benoit, and the rest of the editorial and production staff at Sybex for their assistance in bringing this book to print. It’s always nice to work with such a great group of professionals.

About the Author

John Mueller is a freelance author and technical editor. He has writing in his blood, having produced 60 books and over 200 articles to date. The topics range from networking to artificial intelligence and from database management to heads down programming. Some of his current books include several C# developer guides, an accessible programming guide, a book on Web Matrix, and several Windows XP user guides. His technical editing skills have helped over 32 authors refine the content of their manuscripts. John has provided technical editing services to both Data Based Advisor and Coast Compute magazines. He’s also contributed articles to magazines like SQL Server Professional, Visual C++ Developer, and Visual Basic Developer. He’s currently the editor of the .NET electronic newsletter for Pinnacle Publishing (

When John isn’t working at the computer, you can find him in his workshop. He’s an avid woodworker and candle maker. On any given afternoon, you can find him working at a lathe or putting the finishing touches on a bookcase. One of his newest craft projects is glycerin soap making, which comes in pretty handy for gift baskets. You can reach John on the Internet at John is also setting up a Web site at: Feel free to take a look and make suggestions on how he can improve it. One of his current projects is creating book FAQ sheets that should help you find the book information you need much faster.