How This Book Is Organized

Previous page
Table of content
Next page
for RuBoard

We have arranged the content of this book into five broad sections. Each section is aimed at answering questions and providing examples for one or more of our core constituencies ”developers, administrators, and end users. Because this book is intended to serve in part as a comprehensive reference guide to the .NET Framework security infrastructure, we recognize that each reader will be interested in different portions of the book and not everyone will need to read every chapter. We encourage everyone to begin by reading the three chapters that comprise Part I of the book (Chapters 1 “ 3); they provide an introduction to the .NET Developer Platform, common security problems on the Internet, and an overview of how the .NET Framework security system addresses those concerns. After completing Part I, you should feel free to jump around and explore this book as you explore the various security features of the .NET Framework. Each chapter of the book (with a few noted exceptions) is designed to stand alone, so it is not necessary to read the book straight through.

The following is a quick summary of the contents of each of the five parts of the book:

  • Part I: Introduction to the .NET Developer Platform Security ” The first part of the book, Chapters 1 through 3, introduces the Microsoft .NET Developer Platform, describes important general features of the platform, and provides an overview of the key security feature. We recommend that everyone read the chapters in this part first to provide common background material for the topic-specific discussions in the remainder of the book.

  • Part II: Code Access Security Fundamentals ” Part II of the book details the architecture of the .NET Framework's "evidence-based security" model. Chapter 4, " User - and Code-Identity “Based Security: Two Complementary Security Paradigms," describes how the Framework's security system, which is based on code identity , builds on and complements the Windows NT/2000/XP security model that is based on user identity. The core elements of the evidence-based security model ”evidence, permissions, stack-walking and policy objects-are detailed in Chapter 5 though 8. Chapter 9, "Understanding the Concepts of Strong Naming Assemblies," introduces strong names , a new technology that provides cryptographically secured unique namespaces for assemblies you author. Hosting the Common Language Runtime in your own programs is described in Chapter 10, "Hosting Managed Code." Type-safety verification, a key feature of MSIL and many languages that run on top of the .NET Developer Platform, is discussed in Chapter 11, "Verification and Validation: The Backbone of .NET Framework Security." Finally, Chapter 12, "Security Through the Lifetime of a Managed Process: Fitting It All Together," provides a " walk-through " of the security decisions and processes that occur while designing, developing, deploying, and running a .NET Framework application.

  • Part III: ASP.NET and Web Services Security Fundamentals ” Part III of this book concerns server-side security, specifically the security features of ASP.NET and Web Services. A brief introduction to the new features of ASP.NET is provided in Chapter 13, "Introduction to ASP.NET Security." Authentication and authorization in the ASP.NET model are discussed in Chapter 14, "Authentication: Know Who Is Accessing Your Site," and Chapter 15, "Authorization: Control Who Is Accessing Your Site." Channel integrity in ASP.NET, most commonly encountered on the Web through the use of the SSL/TLS family of encryption protocols, is covered in Chapter 16, "Data Transport Integrity: Keeping Data Uncorrupted."

  • Part IV: .NET Framework Security Administration ” The chapters in Part IV of this book provide a comprehensive guide to administering the .NET Framework security system and ASP.NET. Whether you administer a single machine or your enterprise's entire network, these chapters will show you how to make modifications to the default security policy that is installed by the .NET Framework to meet your particular needs. Chapter 17, "Introduction: .NET Framework Security and Operating System Security," introduces the major components of .NET Framework security policy ”code access security policy, ASP.NET configuration, Internet Explorer security settings, and Windows security configuration ”and how they interact with one another. Chapter 18, "Administering Security Policy Using the .NET Framework Configuration Tool,"provides a comprehensive tutorial on how to modify policy using the .NET Framework Security Configuration tool MMC snap-in. Scripting and programmatic interfaces to the security configuration system are discussed in Chapter 19, "Administering .NET Framework Security Policy Using Scripts and Security APIs." Chapter 20, "Administering an IIS Machine Using ASP.NET," covers ASP.NET configuration issues, and mobile code considerations are discussed in Chapter 21, "Administering Clients for .NET Framework Mobile Code." Configuration options for isolated storage and cryptography are contained in Chapter 22, "Administering Isolated Storage and Cryptography Settings in the .NET Framework."

  • Part V: .NET Framework Security for Developers ” The final section of this book, Part V, is a guide for developers who want to write secure assemblies, author secure Web sites, create semi-trusted applications, or use cryptography and XML digital signatures in their applications. All developers should read Chapter 23, "Creating Secure Code: What All .NET Framework Developers Need to Know," for an overview of security- related tasks incumbent on developers building on the .NET Framework. Chapters 24 through 26 detail the process of architecting, building, and testing a secure assembly (a component designed to be shared and called by semi-trusted code). Included in these chapters are detailed examples showing how to make declarative and imperative security checks in your own code, implement custom permissions, work with and leverage strong names, and test the security aspects of your implementation. Security issues relevant to ASP.NET developers are the subject of Chapter 27, "Writing a Secure Web Site Using ASP.NET," and Chapter 28, "Writing a Secure Web Application in the .NET Development Platform." Chapter 29, "Writing a Semi-Trusted Application," describes how to program defensively, including the proper use of assembly-level permission requests and isolated storage. Finally, Chapters 30 and 31 cover the cryptography features that are included in the .NET Framework, and Chapter 32, "Using Cryptography with the .NET Framework: Creating and Verifying XML Digital Signatures," discusses the classes that implement the XML digital signature standard.

for RuBoard

Previous page
Table of content
Next page
. NET Framework Security
.NET Framework Security
ISBN: 067232184X
EAN: 2147483647
Year: 2000
Pages: 235
Authors: Brian A. LaMacchia, Sebastian Lange, Matthew Lyons, Rudi Martin, Kevin T. Price
BUY ON AMAZON
CompTIA Project+ Study Guide: Exam PK0-003
Documenting Software Architectures: Views and Beyond
101 Microsoft Visual Basic .NET Applications
Mastering Delphi 7
Programming Microsoft ASP.NET 3.5
The Oracle Hackers Handbook: Hacking and Defending Oracle
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy