This chapter covers the following Microsoft-specified objective for the "Creating and Managing Microsoft Windows Services, Serviced Components, .NET Remoting Objects, and XML Web Services" section of the "Developing XML Web Services and Server Components with Microsoft Visual Basic .NET and the Microsoft .NET Framework" exam:
Implement security for a Windows service, a serviced component, a .NET Remoting object, and an XML Web service.
This chapter also covers the following Microsoft-specified objectives for the Deploying Microsoft Windows Services, Serviced Components, .NET Remoting Objects, and XML Web Services section of the Developing XML Web Services and Server Components with Microsoft Visual Basic .NET and the Microsoft .NET Framework exam:
Configure security for a Windows service, a serviced component, a .NET Remoting object, and an XML Web service.
Configure authentication type. Authentication types include Windows authentication, Microsoft .NET Passport, custom authentication, and none.
Configure and control authorization. Authorization methods include file-based authorization and URL-based authorization.
Configure and implement identity management.
These days, it's not enough to write correct code. You must also write secure code if you want your applications to be widely useful. Thanks to the increasing connectivity of computers over LANs and the Internet, your applications will often be visible to thousands or millions of potential attackers . Thus, it's necessary to secure these applications so that only authorized users can work with them. These objectives test your understanding of the basic security features of the .NET Framework and the ways in which you can apply those features to particular applications.
Understanding Code Access Security
Requesting Minimum Permissions
Code Groups and Permission Sets
Requesting Other Types of Permissions
Using Custom Security Attributes
IIS and ASP.NET Authentication
Configuring IIS Authentication
Identity and Principal Objects
Verifying Role Membership
Using the PrincipalPermission Class
Security for Windows Services
Security for Web Services
Platform and Application Security
Configuring Web Services for Security
Enterprise Services Security
Apply Your Knowledge
S TUDY S TRATEGIES
Use code access security to specify the permissions required by an assembly. Make sure that you understand the differences between minimum and optional permission requests .
Use the Microsoft .NET Framework Configuration Tool to specify security policies for an assembly and understand the effects of those policies on the assembly. Experiment with the interaction between multiple security policies for the same assembly.
Use authentication to control who can access an ASP.NET application and understand what happens when a user cannot be authenticated.
Configure a Web service for secure access and confirm that you cannot use the Web service without proper authentication and authorization.