List of Listings

Chapter 1: Understanding .NET Security

Listing 1.1 Using the IsInRole() Method

Listing 1.2 Relying on Imperative Security for File Security

Chapter 2: .NET Framework Security Overview

Listing 2.1 Three examples of the SynchronizationAttribute attribute

Listing 2.2 Obtaining information with the SecurityManager class

Listing 2.3 Encrypting and Decrypting a File Requires Similar Code

Listing 2.4 Accessing Active Directory

Listing 2.5 The Details Form Displays Individual User Information

Chapter 3: Avoiding Common Errors and Traps

Listing 3.1 Enumerating Discontinuous Data Ranges

Listing 3.2 Detecting and Handling Data Length Errors

Listing 3.3 Avoiding Unwanted Characters in Input

Chapter 4: .NET Role-Based Security Techniques

Listing 4.1 Discovering Code Group Membership

Listing 4.2 Getting a Permission List Using a Policy

Listing 4.3 Building Evidence to Obtain Permissions

Listing 4.4 Using Declarative Security Definitions

Listing 4.5 Implementing Code Access Security for the Registry

Listing 4.6 Signed Client Example Code

Listing 4.7 Using a Component Constructor to Check Credentials

Listing 4.8 Using Reflection to Obtain Evidence

Chapter 5: Policies and Code Groups in Detail

Listing 5.1 Permission XML File Example

Listing 5.2 Specialized Code Group Component

Listing 5.3 Alternative Code Group Component

Listing 5.4 Code Group Component Testing Example

Listing 5.5 A Typical Custom Permission Assembly

Listing 5.6 Declarative Security Addition

Listing 5.7 A Custom Permission Test Component

Listing 5.8 Custom Permission Test Application

Listing 5.9 XML Generator for a Custom Permission

Listing 5.10 Obtaining a Named Permission

Chapter 6: Validation and Verification Issues

Listing 6.1 Adding Security Checks to a Client

Listing 6.2 Using Multiple AppDomain Objects to Control Access

Listing 6.3 A Simple Test Application

Listing 6.4 Domain FriendlyName Detection Component

Listing 6.5 Creating a Component from an AppDomain Object

Listing 6.6 Calling External Functions

Listing 6.7 Accessing External Programs

Listing 6.8 Using the Process.Start() Method

Chapter 7: .NET Cryptographic Techniques

Listing 7.1: Mapping an Algorithm to a Class

Listing 7.2 Mapping an OID to a Class

Listing 7.3 Encrypting Data Using Symmetric Cryptography

Listing 7.4 Creating a Key Pair

Listing 7.5 Encrypting and Decrypting Data Using Asymmetric Cryptography

Listing 7.6 Generating a Key from a Password

Listing 7.7 Reading an X.509 Certificate

Chapter 8: LAN Security Requirements

Listing 8.1 Using the SocketPermission Class

Listing 8.2 Using the CredentialCache and NetworkCredential Classes

Listing 8.3 Using Attributes in a Managed Component

Listing 8.4 Safely Calling .NET Components from Unmanaged Code

Listing 8.5 Creating Math Function Methods for the COM+ Environment

Chapter 9: Web Server Security

Listing 9.1 Using the AuthenticationManager Class for Pre-Authentication

Listing 9.2 Accessing a Secured Web Source

Listing 9.3 Using a Performance Counter Approach for Detecting DDOS

Chapter 10: Web Data Security

Listing 10.1 Using Role-Based Security to Modify Page Rendering

Listing 10.2 Setting the SQL Server Password

Listing 10.3 Getting the Password

Listing 10.4 Simple Remoting Component Example

Listing 10.5 Simple Remoting Host Example

Listing 10.6 Typical Remoting Host Configuration File

Listing 10.7 Simple Remoting Client Example

Listing 10.8 Typical Remoting Host Configuration File

Listing 10.9 Obtaining Client Certificate Information

Chapter 11: Securing XML and Web Services

Listing 11.1 A Web Service Using Security Attributes

Listing 11.2 A Web Service Using Imperative Security

Listing 11.3 Using the DiscoveryClientProtocol Class

Listing 11.4 Signing and Verifying an XML File

Listing 11.5 Logging in with Passport

Listing 11.6 Displaying the Logged In Status

Listing 11.7 The SOAP Quick Test Application

Chapter 12: Active Directory Security

Listing 12.1 Using Win32 API Calls for the Domain Controller

Listing 12.2 Accessing Active Directory

Listing 12.3 The Details Form Displays Individual User Information

Chapter 13: Wireless Device Security

Listing 13.1 Application Security Technique

Listing 13.2 Tag Changes Based on Filter Settings

Listing 13.3 Using the DeviceSpecific Property

Listing 13.4 Accessing Web Services Using SOAP

Listing 13.5 Defining the Login Page

Listing 13.6 Modifying the Web.CONFIG File

Listing 13.7 Generating Forms Authentication Statistics

Chapter 14: Win32 API Overview

Listing 14.1 Using Unsafe Code in a C# Program

Listing 14.2 Converting a SID to Human Readable Form

Listing 14.3 Gaining Access to the ACEs Means Reading the ACL

Chapter 15: Win32 API Advanced Techniques

Listing 15.1 Obtaining Permission Information

Listing 15.2 Adding a SACL Entry to an Application

Listing 15.3 An Alternative Method for Setting Security

Listing 15.4 One Technique for Accessing File Security Information

Listing 15.5 Reading a Registry Entry