|
namespaces, 28–50
online information on, 24
overview of, 50
System.DirectoryServices
accessing Active Directory, 43–44, 45
examples, 42–50, 45, 50
getting AD user information, 45–49, 50
overview of, 41
path types and, 44, 45
Web site on, 42
System.Runtime.Remoting.Contexts
defined, 28
security benefits, 29
SynchronizationAttribute class, 29–31, 30
System.Security
AllowPartiallyTrustedCallersAttribute, 31–32, 281
overview of, 31–32
SecurityException exception, 32
SecurityManager class, 32–35, 35
Web site on, 32
System.Security.Cryptography
class structure, 36
example, 37–39, 38–39
overview of, 35
System.Security.Cryptography.X509Certificates, 196–199, 197
System.Security.Cryptography.Xml namespace, 313–317, 316–317
System.Security.Permissions, 39
System.Security.Policy, 39–40
System.Security.Principal, 40–41
System.Web.Security
FileAuthorizationModule class, 383–384
FormsAuthentication class, 384–386
overview of, 41, 365, 382–383
Passport support in, 41, 382
UrlAuthorizationModule class, 383–384
Web site on, 41
native code access, 19–20
.NET 247 site, 27
.NET Compact Framework, See also wireless device security
checking application safety, 370–374, 372–373
classes, vs. in .NET Framework, 367–369, 368
defined, 364, 365
IrDA support, 369
limitations, 365–367
Microsoft.WindowsCE.Forms classes, 369
overview of, 365
SQL Server CE support, 369
.NET Framework Class Browser, 29
.NET Framework Configuration tool, See also code access security
adding configured applications, 92
creating permission sets, 90–91, 91, 141–142, 141–142
creating policy deployment packages, 159–160
creating/editing code groups, 88–90, 89–90
defining policy assemblies, 91
installing code group components, 124–125, 125
overview of, 74, 87–88, 88
.NET Framework namespaces. See namespaces
.NET Framework security, 4–21, See also security risks
architecture issues
garbage collection, 18–19
native code access, 19–20
object-oriented programming, 19
overview of, 18
securing binary output, 18
enhancements, See also individual items
code access security, 5, 9–11, 12
cryptography, 6
defined verification process, 5–6
evidence-based security, 5
overview of, 5–6
role-based security, 6, 7–9, 9
separate application domains, 6
locating information on
general tips, 26–27
overview of, 24–25
patches, 25–26
specific to .NET, 27–28
overview of, 4–5, 21
unstoppable problems
external forces, 13–14, 16–17
inept enterprise policies, 15–17
overview of, 11–12
poorly patched systems, 14–15
stupid user tricks, 12–13
in Windows File Protection, 17, 17
value types, 53–54
versus Win32 API security, 9, 70–71, 82–83, 391–392
.NET Framework Solutions: In Search of the Lost Win32 API (Mueller), 20, 390
.NET Passport. See Passport
.NET Web Services Solutions (Jamsa), 301
.NET Wizards, 118, 118
NetDiag tool, 346
New Object dialog box, 339–340, 340
New operator, 179–180
non-verifiable code, 75, 76
NoZone, 74–75
|