| | Copyright |
| | Dedication |
| | Preface |
| | | How This Book Is Organized |
| | | Who Should Read This Book |
| | | Assumptions This Book Makes |
| | | Conventions Used in This Book |
| | | How to Contact Us |
|
| | Part I: Fundamentals |
| | | Chapter 1. Security Fundamentals |
| | | Section 1.1. The Need for Security |
| | | Section 1.2. Roles in Security |
| | | Section 1.3. Understanding Software Security |
| | | Section 1.4. End-to-End Security |
|
| | | Chapter 2. Assemblies |
| | | Section 2.1. Assemblies Explained |
| | | Section 2.2. Creating Assemblies |
| | | Section 2.3. Shared Assemblies |
| | | Section 2.4. Strong Names |
| | | Section 2.5. Publisher Certificates |
| | | Section 2.6. Decompiling Explained |
|
| | | Chapter 3. Application Domains |
| | | Section 3.1. Application Domains Explained |
|
| | | Chapter 4. The Lifetime of a Secure Application |
| | | Section 4.1. Designing a Secure .NET Application |
| | | Section 4.2. Developing a Secure .NET Application |
| | | Section 4.3. Security Testing a .NET Application |
| | | Section 4.4. Deploying a .NET Application |
| | | Section 4.5. Executing a .NET Application |
| | | Section 4.6. Monitoring a .NET Application |
|
|
| | Part II: .NET Security |
| | | Chapter 5. Introduction to Runtime Security |
| | | Section 5.1. Runtime Security Explained |
| | | Section 5.2. Introducing Role-Based Security |
| | | Section 5.3. Introducing Code-Access Security |
| | | Section 5.4. Introducing Isolated Storage |
|
| | | Chapter 6. Evidence and Code Identity |
| | | Section 6.1. Evidence Explained |
| | | Section 6.2. Programming Evidence |
| | | Section 6.3. Extending the .NET Framework |
|
| | | Chapter 7. Permissions |
| | | Section 7.1. Permissions Explained |
| | | Section 7.2. Programming Code-Access Security |
| | | Section 7.3. Extending the .NET Framework |
|
| | | Chapter 8. Security Policy |
| | | Section 8.1. Security Policy Explained |
| | | Section 8.2. Programming Security Policy |
| | | Section 8.3. Extending the .NET Framework |
|
| | | Chapter 9. Administering Code-Access Security |
| | | Section 9.1. Default Security Policy |
| | | Section 9.2. Inspecting Declarative Security Statements |
| | | Section 9.3. Using the .NET Framework Configuration Tool |
| | | Section 9.4. Using the Code-Access Security Policy Tool |
|
| | | Chapter 10. Role-Based Security |
| | | Section 10.1. Role-Based Security Explained |
| | | Section 10.2. Programming Role-Based Security |
|
| | | Chapter 11. Isolated Storage |
| | | Section 11.1. Isolated Storage Explained |
| | | Section 11.2. Programming Isolated Storage |
| | | Section 11.3. Administering Isolated Storage |
|
|
| | Part III: .NET Cryptography |
| | | Chapter 12. Introduction to Cryptography |
| | | Section 12.1. Cryptography Explained |
| | | Section 12.2. Cryptography Is Key Management |
| | | Section 12.3. Cryptographic Attacks |
|
| | | Chapter 13. Hashing Algorithms |
| | | Section 13.1. Hashing Algorithms Explained |
| | | Section 13.2. Programming Hashing Algorithms |
| | | Section 13.3. Keyed Hashing Algorithms Explained |
| | | Section 13.4. Programming Keyed Hashing Algorithms |
| | | Section 13.5. Extending the .NET Framework |
|
| | | Chapter 14. Symmetric Encryption |
| | | Section 14.1. Encryption Revisited |
| | | Section 14.2. Symmetric Encryption Explained |
| | | Section 14.3. Programming Symmetrical Encryption |
| | | Section 14.4. Extending the .NET Framework |
|
| | | Chapter 15. Asymmetric Encryption |
| | | Section 15.1. Asymmetric Encryption Explained |
| | | Section 15.2. Programming Asymmetrical Encryption |
| | | Section 15.3. Extending the .NET Framework |
|
| | | Chapter 16. Digital Signatures |
| | | Section 16.1. Digital Signatures Explained |
| | | Section 16.2. Programming Digital Signatures |
| | | Section 16.3. Programming XML Signatures |
| | | Section 16.4. Extending the .NET Framework |
|
| | | Chapter 17. Cryptographic Keys |
| | | Section 17.1. Cryptographic Keys Explained |
| | | Section 17.2. Programming Cryptographic Keys |
| | | Section 17.3. Extending the .NET Framework |
|
|
| | Part IV: .NET Application Frameworks |
| | | Chapter 18. ASP.NET Application Security |
| | | Section 18.1. ASP.NET Security Explained |
| | | Section 18.2. Configuring the ASP.NET Worker Process Identity |
| | | Section 18.3. Authentication |
| | | Section 18.4. Authorization |
| | | Section 18.5. Impersonation |
| | | Section 18.6. ASP.NET and Code-Access Security |
|
| | | Chapter 19. COM+ Security |
| | | Section 19.1. COM+ Security Explained |
| | | Section 19.2. Programming COM+ Security |
| | | Section 19.3. Administering COM+ Security |
|
| | | Chapter 20. The Event Log Service |
| | | Section 20.1. The Event Log Service Explained |
| | | Section 20.2. Programming the Event Log Service |
|
|
| | Part V: API Quick Reference |
| | | Chapter 21. How to Use This Quick Reference |
| | | Section 21.1. Finding a Quick-Reference Entry |
| | | Section 21.2. Reading a Quick-Reference Entry |
|
| | | Chapter 22. Converting from C# to VB Syntax |
| | | Section 22.1. General Considerations |
| | | Section 22.2. Classes |
| | | Section 22.3. Structures |
| | | Section 22.4. Interfaces |
| | | Section 22.5. Class, Structure, and Interface Members |
| | | Section 22.6. Delegates |
| | | Section 22.7. Enumerations |
|
| | | Chapter 23. The System.Security Namespace |
| | | AllowPartiallyTrustedCallersAttribute |
| | | CodeAccessPermission |
| | | IEvidenceFactory |
| | | IPermission |
| | | ISecurityEncodable |
| | | ISecurityPolicyEncodable |
| | | IStackWalk |
| | | NamedPermissionSet |
| | | PermissionSet |
| | | PolicyLevelType |
| | | SecurityElement |
| | | SecurityException |
| | | SecurityManager |
| | | SecurityZone |
| | | SuppressUnmanagedCodeSecurityAttribute |
| | | UnverifiableCodeAttribute |
| | | VerificationException |
| | | XmlSyntaxException |
|
| | | Chapter 24. The System.Security.Cryptography Namespace |
| | | AsymmetricAlgorithm |
| | | AsymmetricKeyExchangeDeformatter |
| | | AsymmetricKeyExchangeFormatter |
| | | AsymmetricSignatureDeformatter |
| | | AsymmetricSignatureFormatter |
| | | CipherMode |
| | | CryptoAPITransform |
| | | CryptoConfig |
| | | CryptographicException |
| | | CryptographicUnexpectedOperationException |
| | | CryptoStream |
| | | CryptoStreamMode |
| | | CspParameters |
| | | CspProviderFlags |
| | | DeriveBytes |
| | | DES |
| | | DESCryptoServiceProvider |
| | | DSA |
| | | DSACryptoServiceProvider |
| | | DSAParameters |
| | | DSASignatureDeformatter |
| | | DSASignatureFormatter |
| | | FromBase64Transform |
| | | FromBase64TransformMode |
| | | HashAlgorithm |
| | | HMACSHA1 |
| | | ICryptoTransform |
| | | KeyedHashAlgorithm |
| | | KeySizes |
| | | MACTripleDES |
| | | MaskGenerationMethod |
| | | MD5 |
| | | MD5CryptoServiceProvider |
| | | PaddingMode |
| | | PasswordDeriveBytes |
| | | PKCS1MaskGenerationMethod |
| | | RandomNumberGenerator |
| | | RC2 |
| | | RC2CryptoServiceProvider |
| | | Rijndael |
| | | RijndaelManaged |
| | | RNGCryptoServiceProvider |
| | | RSA |
| | | RSACryptoServiceProvider |
| | | RSAOAEPKeyExchangeDeformatter |
| | | RSAOAEPKeyExchangeFormatter |
| | | RSAParameters |
| | | RSAPKCS1KeyExchangeDeformatter |
| | | RSAPKCS1KeyExchangeFormatter |
| | | RSAPKCS1SignatureDeformatter |
| | | RSAPKCS1SignatureFormatter |
| | | SHA1 |
| | | SHA1CryptoServiceProvider |
| | | SHA1Managed |
| | | SHA256 |
| | | SHA256Managed |
| | | SHA384 |
| | | SHA384Managed |
| | | SHA512 |
| | | SHA512Managed |
| | | SignatureDescription |
| | | SymmetricAlgorithm |
| | | ToBase64Transform |
| | | TripleDES |
| | | TripleDESCryptoServiceProvider |
|
| | | Chapter 25. The System.Security.Cryptography.X509Certificates Namespace |
| | | X509Certificate |
| | | X509CertificateCollection |
| | | X509CertificateCollection.X509CertificateEnumerator |
|
| | | Chapter 26. The System.Security.Cryptography.Xml Namespace |
| | | DataObject |
| | | DSAKeyValue |
| | | KeyInfo |
| | | KeyInfoClause |
| | | KeyInfoName |
| | | KeyInfoNode |
| | | KeyInfoRetrievalMethod |
| | | KeyInfoX509Data |
| | | Reference |
| | | RSAKeyValue |
| | | Signature |
| | | SignedInfo |
| | | SignedXml |
| | | Transform |
| | | TransformChain |
| | | XmlDsigBase64Transform |
| | | XmlDsigC14NTransform |
| | | XmlDsigC14NWithCommentsTransform |
| | | XmlDsigEnvelopedSignatureTransform |
| | | XmlDsigXPathTransform |
| | | XmlDsigXsltTransform |
|
| | | Chapter 27. The System.Security.Permissions Namespace |
| | | CodeAccessSecurityAttribute |
| | | EnvironmentPermission |
| | | EnvironmentPermissionAccess |
| | | EnvironmentPermissionAttribute |
| | | FileDialogPermission |
| | | FileDialogPermissionAccess |
| | | FileDialogPermissionAttribute |
| | | FileIOPermission |
| | | FileIOPermissionAccess |
| | | FileIOPermissionAttribute |
| | | IsolatedStorageContainment |
| | | IsolatedStorageFilePermission |
| | | IsolatedStorageFilePermissionAttribute |
| | | IsolatedStoragePermission |
| | | IsolatedStoragePermissionAttribute |
| | | IUnrestrictedPermission |
| | | PermissionSetAttribute |
| | | PermissionState |
| | | PrincipalPermission |
| | | PrincipalPermissionAttribute |
| | | PublisherIdentityPermission |
| | | PublisherIdentityPermissionAttribute |
| | | ReflectionPermission |
| | | ReflectionPermissionAttribute |
| | | ReflectionPermissionFlag |
| | | RegistryPermission |
| | | RegistryPermissionAccess |
| | | RegistryPermissionAttribute |
| | | ResourcePermissionBase |
| | | ResourcePermissionBaseEntry |
| | | SecurityAction |
| | | SecurityAttribute |
| | | SecurityPermission |
| | | SecurityPermissionAttribute |
| | | SecurityPermissionFlag |
| | | SiteIdentityPermission |
| | | SiteIdentityPermissionAttribute |
| | | StrongNameIdentityPermission |
| | | StrongNameIdentityPermissionAttribute |
| | | StrongNamePublicKeyBlob |
| | | UIPermission |
| | | UIPermissionAttribute |
| | | UIPermissionClipboard |
| | | UIPermissionWindow |
| | | UrlIdentityPermission |
| | | UrlIdentityPermissionAttribute |
| | | ZoneIdentityPermission |
| | | ZoneIdentityPermissionAttribute |
|
| | | Chapter 28. The System.Security.Policy Namespace |
| | | AllMembershipCondition |
| | | ApplicationDirectory |
| | | ApplicationDirectoryMembershipCondition |
| | | CodeGroup |
| | | Evidence |
| | | FileCodeGroup |
| | | FirstMatchCodeGroup |
| | | Hash |
| | | HashMembershipCondition |
| | | IIdentityPermissionFactory |
| | | IMembershipCondition |
| | | NetCodeGroup |
| | | PermissionRequestEvidence |
| | | PolicyException |
| | | PolicyLevel |
| | | PolicyStatement |
| | | PolicyStatementAttribute |
| | | Publisher |
| | | PublisherMembershipCondition |
| | | Site |
| | | SiteMembershipCondition |
| | | StrongName |
| | | StrongNameMembershipCondition |
| | | UnionCodeGroup |
| | | Url |
| | | UrlMembershipCondition |
| | | Zone |
| | | ZoneMembershipCondition |
|
| | | Chapter 29. The System.Security.Principal Namespace |
| | | GenericIdentity |
| | | GenericPrincipal |
| | | IIdentity |
| | | IPrincipal |
| | | PrincipalPolicy |
| | | WindowsAccountType |
| | | WindowsBuiltInRole |
| | | WindowsIdentity |
| | | WindowsImpersonationContext |
| | | WindowsPrincipal |
|
|
| | Colophon |
| | Index |