Programming .NET Security



Price: $34.16


Programming .NET Security (O'Reilly Media, Inc.) - January 0001Publisher: O'Reilly Media, Inc. - January 01, 0001

ISBN-10: 0596004427, ISBN-13: 9780596004422

Author: Adam Freeman
 Allen Jones


704 pages




Book Description
With the spread of web-enabled desktop clients and web-server based applications, developers can no longer afford to treat security as an afterthought. It's one topic, in fact, that .NET forces you to address, since Microsoft has placed security-related features at the core of the .NET Framework. Yet, because a developer's carelessness or lack of experience can still allow a program to be used in an unintended way, Programming .NET Security shows you how the various tools will help you write secure applications. The book works as both a comprehensive tutorial and reference to security issues for .NET application development, and contains numerous practical examples in both the C# and VB.NET languages. With Programming .NET Security, you will learn to apply sound security principles to your application designs, and to understand the concepts of identity, authentication and authorization and how they apply to .NET security.


Table of Contents Summary

Part I: Fundamentals

Chapter 1. Security Fundamentals
Section 1.1. The Need for Security
Section 1.2. Roles in Security
Section 1.3. Understanding Software Security
Section 1.4. End-to-End Security

Chapter 2. Assemblies
Section 2.1. Assemblies Explained
Section 2.2. Creating Assemblies
Section 2.3. Shared Assemblies
Section 2.4. Strong Names
Section 2.5. Publisher Certificates
Section 2.6. Decompiling Explained

Chapter 3. Application Domains
Section 3.1. Application Domains Explained

Chapter 4. The Lifetime of a Secure Application
Section 4.1. Designing a Secure .NET Application
Section 4.2. Developing a Secure .NET Application
Section 4.3. Security Testing a .NET Application
Section 4.4. Deploying a .NET Application
Section 4.5. Executing a .NET Application
Section 4.6. Monitoring a .NET Application


Part II: .NET Security

Chapter 5. Introduction to Runtime Security
Section 5.1. Runtime Security Explained
Section 5.2. Introducing Role-Based Security
Section 5.3. Introducing Code-Access Security
Section 5.4. Introducing Isolated Storage

Chapter 6. Evidence and Code Identity
Section 6.1. Evidence Explained
Section 6.2. Programming Evidence
Section 6.3. Extending the .NET Framework

Chapter 7. Permissions
Section 7.1. Permissions Explained
Section 7.2. Programming Code-Access Security
Section 7.3. Extending the .NET Framework

Chapter 8. Security Policy
Section 8.1. Security Policy Explained
Section 8.2. Programming Security Policy
Section 8.3. Extending the .NET Framework

Chapter 9. Administering Code-Access Security
Section 9.1. Default Security Policy
Section 9.2. Inspecting Declarative Security Statements
Section 9.3. Using the .NET Framework Configuration Tool
Section 9.4. Using the Code-Access Security Policy Tool

Chapter 10. Role-Based Security
Section 10.1. Role-Based Security Explained
Section 10.2. Programming Role-Based Security

Chapter 11. Isolated Storage
Section 11.1. Isolated Storage Explained
Section 11.2. Programming Isolated Storage
Section 11.3. Administering Isolated Storage


Part III: .NET Cryptography
Chapter 12. Introduction to Cryptography
Section 12.1. Cryptography Explained
Section 12.2. Cryptography Is Key Management
Section 12.3. Cryptographic Attacks

Chapter 13. Hashing Algorithms
Section 13.1. Hashing Algorithms Explained
Section 13.2. Programming Hashing Algorithms
Section 13.3. Keyed Hashing Algorithms Explained
Section 13.4. Programming Keyed Hashing Algorithms
Section 13.5. Extending the .NET Framework

Chapter 14. Symmetric Encryption
Section 14.1. Encryption Revisited
Section 14.2. Symmetric Encryption Explained
Section 14.3. Programming Symmetrical Encryption
Section 14.4. Extending the .NET Framework

Chapter 15. Asymmetric Encryption
Section 15.1. Asymmetric Encryption Explained
Section 15.2. Programming Asymmetrical Encryption
Section 15.3. Extending the .NET Framework

Chapter 16. Digital Signatures
Section 16.1. Digital Signatures Explained
Section 16.2. Programming Digital Signatures
Section 16.3. Programming XML Signatures
Section 16.4. Extending the .NET Framework

Chapter 17. Cryptographic Keys
Section 17.1. Cryptographic Keys Explained
Section 17.2. Programming Cryptographic Keys
Section 17.3. Extending the .NET Framework


Part IV: .NET Application Frameworks

Chapter 18. ASP.NET Application Security
Section 18.1. ASP.NET Security Explained
Section 18.2. Configuring the ASP.NET Worker Process Identity
Section 18.3. Authentication
Section 18.4. Authorization
Section 18.5. Impersonation
Section 18.6. ASP.NET and Code-Access Security

Chapter 19. COM+ Security
Section 19.1. COM+ Security Explained
Section 19.2. Programming COM+ Security
Section 19.3. Administering COM+ Security

Chapter 20. The Event Log Service
Section 20.1. The Event Log Service Explained
Section 20.2. Programming the Event Log Service


Part V: API Quick Reference

Chapter 21. How to Use This Quick Reference
Section 21.1. Finding a Quick-Reference Entry
Section 21.2. Reading a Quick-Reference Entry

Chapter 22. Converting from C# to VB Syntax
Section 22.1. General Considerations
Section 22.2. Classes
Section 22.3. Structures
Section 22.4. Interfaces
Section 22.5. Class, Structure, and Interface Members
Section 22.6. Delegates
Section 22.7. Enumerations

Chapter 23. The System.Security Namespace
AllowPartiallyTrustedCallersAttribute
CodeAccessPermission
IEvidenceFactory
IPermission
ISecurityEncodable
ISecurityPolicyEncodable
IStackWalk
NamedPermissionSet
PermissionSet
PolicyLevelType
SecurityElement
SecurityException
SecurityManager
SecurityZone
SuppressUnmanagedCodeSecurityAttribute
UnverifiableCodeAttribute
VerificationException
XmlSyntaxException

Chapter 24. The System.Security.Cryptography Namespace
AsymmetricAlgorithm
AsymmetricKeyExchangeDeformatter
AsymmetricKeyExchangeFormatter
AsymmetricSignatureDeformatter
AsymmetricSignatureFormatter
CipherMode
CryptoAPITransform
CryptoConfig
CryptographicException
CryptographicUnexpectedOperationException
CryptoStream
CryptoStreamMode
CspParameters
CspProviderFlags
DeriveBytes
DES
DESCryptoServiceProvider
DSA
DSACryptoServiceProvider
DSAParameters
DSASignatureDeformatter
DSASignatureFormatter
FromBase64Transform
FromBase64TransformMode
HashAlgorithm
HMACSHA1
ICryptoTransform
KeyedHashAlgorithm
KeySizes
MACTripleDES
MaskGenerationMethod
MD5
MD5CryptoServiceProvider
PaddingMode
PasswordDeriveBytes
PKCS1MaskGenerationMethod
RandomNumberGenerator
RC2
RC2CryptoServiceProvider
Rijndael
RijndaelManaged
RNGCryptoServiceProvider
RSA
RSACryptoServiceProvider
RSAOAEPKeyExchangeDeformatter
RSAOAEPKeyExchangeFormatter
RSAParameters
RSAPKCS1KeyExchangeDeformatter
RSAPKCS1KeyExchangeFormatter
RSAPKCS1SignatureDeformatter
RSAPKCS1SignatureFormatter
SHA1
SHA1CryptoServiceProvider
SHA1Managed
SHA256
SHA256Managed
SHA384
SHA384Managed
SHA512
SHA512Managed
SignatureDescription
SymmetricAlgorithm
ToBase64Transform
TripleDES
TripleDESCryptoServiceProvider

Chapter 25. The System.Security.Cryptography.X509Certificates Namespace
X509Certificate
X509CertificateCollection
X509CertificateCollection.X509CertificateEnumerator

Chapter 26. The System.Security.Cryptography.Xml Namespace
DataObject
DSAKeyValue
KeyInfo
KeyInfoClause
KeyInfoName
KeyInfoNode
KeyInfoRetrievalMethod
KeyInfoX509Data
Reference
RSAKeyValue
Signature
SignedInfo
SignedXml
Transform
TransformChain
XmlDsigBase64Transform
XmlDsigC14NTransform
XmlDsigC14NWithCommentsTransform
XmlDsigEnvelopedSignatureTransform
XmlDsigXPathTransform
XmlDsigXsltTransform

Chapter 27. The System.Security.Permissions Namespace
CodeAccessSecurityAttribute
EnvironmentPermission
EnvironmentPermissionAccess
EnvironmentPermissionAttribute
FileDialogPermission
FileDialogPermissionAccess
FileDialogPermissionAttribute
FileIOPermission
FileIOPermissionAccess
FileIOPermissionAttribute
IsolatedStorageContainment
IsolatedStorageFilePermission
IsolatedStorageFilePermissionAttribute
IsolatedStoragePermission
IsolatedStoragePermissionAttribute
IUnrestrictedPermission
PermissionSetAttribute
PermissionState
PrincipalPermission
PrincipalPermissionAttribute
PublisherIdentityPermission
PublisherIdentityPermissionAttribute
ReflectionPermission
ReflectionPermissionAttribute
ReflectionPermissionFlag
RegistryPermission
RegistryPermissionAccess
RegistryPermissionAttribute
ResourcePermissionBase
ResourcePermissionBaseEntry
SecurityAction
SecurityAttribute
SecurityPermission
SecurityPermissionAttribute
SecurityPermissionFlag
SiteIdentityPermission
SiteIdentityPermissionAttribute
StrongNameIdentityPermission
StrongNameIdentityPermissionAttribute
StrongNamePublicKeyBlob
UIPermission
UIPermissionAttribute
UIPermissionClipboard
UIPermissionWindow
UrlIdentityPermission
UrlIdentityPermissionAttribute
ZoneIdentityPermission
ZoneIdentityPermissionAttribute

Chapter 28. The System.Security.Policy Namespace
AllMembershipCondition
ApplicationDirectory
ApplicationDirectoryMembershipCondition
CodeGroup
Evidence
FileCodeGroup
FirstMatchCodeGroup
Hash
HashMembershipCondition
IIdentityPermissionFactory
IMembershipCondition
NetCodeGroup
PermissionRequestEvidence
PolicyException
PolicyLevel
PolicyStatement
PolicyStatementAttribute
Publisher
PublisherMembershipCondition
Site
SiteMembershipCondition
StrongName
StrongNameMembershipCondition
UnionCodeGroup
Url
UrlMembershipCondition
Zone
ZoneMembershipCondition

Chapter 29. The System.Security.Principal Namespace
GenericIdentity
GenericPrincipal
IIdentity
IPrincipal
PrincipalPolicy
WindowsAccountType
WindowsBuiltInRole
WindowsIdentity
WindowsImpersonationContext
WindowsPrincipal