Programming .Net Security

Mehr lesen

Provides an overview of the security facilities of the .NET Framework, covering such topics as assemblies, application domains, runtime security, cryptography, and ASP.NET application security.

Inhaltsverzeichnis

Dedication;
Preface;
How This Book Is Organized;
Who Should Read This Book;
Assumptions This Book Makes;
Conventions Used in This Book;
How to Contact Us;
Part I: Fundamentals;
Chapter 1: Security Fundamentals;
1.1 The Need for Security;
1.2 Roles in Security;
1.3 Understanding Software Security;
1.4 End-to-End Security;
Chapter 2: Assemblies;
2.1 Assemblies Explained;
2.2 Creating Assemblies;
2.3 Shared Assemblies;
2.4 Strong Names;
2.5 Publisher Certificates;
2.6 Decompiling Explained;
Chapter 3: Application Domains;
3.1 Application Domains Explained;
Chapter 4: The Lifetime of a Secure Application;
4.1 Designing a Secure .NET Application;
4.2 Developing a Secure .NET Application;
4.3 Security Testing a .NET Application;
4.4 Deploying a .NET Application;
4.5 Executing a .NET Application;
4.6 Monitoring a .NET Application;
Part II: .NET Security;
Chapter 5: Introduction to Runtime Security;
5.1 Runtime Security Explained;
5.2 Introducing Role-Based Security;
5.3 Introducing Code-Access Security;
5.4 Introducing Isolated Storage;
Chapter 6: Evidence and Code Identity;
6.1 Evidence Explained;
6.2 Programming Evidence;
6.3 Extending the .NET Framework;
Chapter 7: Permissions;
7.1 Permissions Explained;
7.2 Programming Code-Access Security;
7.3 Extending the .NET Framework;
Chapter 8: Security Policy;
8.1 Security Policy Explained;
8.2 Programming Security Policy;
8.3 Extending the .NET Framework;
Chapter 9: Administering Code-Access Security;
9.1 Default Security Policy;
9.2 Inspecting Declarative Security Statements;
9.3 Using the .NET Framework Configuration Tool;
9.4 Using the Code-Access Security Policy Tool;
Chapter 10: Role-Based Security;
10.1 Role-Based Security Explained;
10.2 Programming Role-Based Security;
Chapter 11: Isolated Storage;
11.1 Isolated Storage Explained;
11.2 Programming Isolated Storage;
11.3 Administering Isolated Storage;
Part III: .NET Cryptography;
Chapter 12: Introduction to Cryptography;
12.1 Cryptography Explained;
12.2 Cryptography Is Key Management;
12.3 Cryptographic Attacks;
Chapter 13: Hashing Algorithms;
13.1 Hashing Algorithms Explained;
13.2 Programming Hashing Algorithms;
13.3 Keyed Hashing Algorithms Explained;
13.4 Programming Keyed Hashing Algorithms;
13.5 Extending the .NET Framework;
Chapter 14: Symmetric Encryption;
14.1 Encryption Revisited;
14.2 Symmetric Encryption Explained;
14.3 Programming Symmetrical Encryption;
14.4 Extending the .NET Framework;
Chapter 15: Asymmetric Encryption;
15.1 Asymmetric Encryption Explained;
15.2 Programming Asymmetrical Encryption;
15.3 Extending the .NET Framework;
Chapter 16: Digital Signatures;
16.1 Digital Signatures Explained;
16.2 Programming Digital Signatures;
16.3 Programming XML Signatures;
16.4 Extending the .NET Framework;
Chapter 17: Cryptographic Keys;
17.1 Cryptographic Keys Explained;
17.2 Programming Cryptographic Keys;
17.3 Extending the .NET Framework;
Part IV: .NET Application Frameworks;
Chapter 18: ASP.NET Application Security;
18.1 ASP.NET Security Explained;
18.2 Configuring the ASP.NET Worker Process Identity;
18.3 Authentication;
18.4 Authorization;
18.5 Impersonation;
18.6 ASP.NET and Code-Access Security;
Chapter 19: COM+ Security;
19.1 COM+ Security Explained;
19.2 Programming COM+ Security;
19.3 Administering COM+ Security;
Chapter 20: The Event Log Service;
20.1 The Event Log Service Explained;
20.2 Programming the Event Log Service;
Part V: API Quick Reference;
Chapter 21: How to Use This Quick Reference;
21.1 Finding a Quick-Reference Entry;
21.2 Reading a Quick-Reference Entry;
Chapter 22: Converting from C# to VB Syntax;
22.1 General Considerations;
22.2 Classes;
22.3 Structures;
22.4 Interfaces;
22.5 Class, Structure, and Interface Members;
22.6 Delegates;
22.7 Enumerations;
Chapter 23: The System.Security Namespace;
Chapter 24: The System.Security.Cryptography Namespace;
Chapter 25: The System.Security.Cryptography.X509Certificates Namespace;
Chapter 26: The System.Security.Cryptography.Xml Namespace;
Chapter 27: The System.Security.Permissions Namespace;
Chapter 28: The System.Security.Policy Namespace;
Chapter 29: The System.Security.Principal Namespace;
Colophon;

Über den Autor / die Autorin

Adam Freeman is an experienced IT professional who has held senior positions in a range of companies, most recently serving as chief technology officer and chief operating officer of a global bank. Now retired, he spends his time writing and long-distance running.

Allen Jones is a Director of Principal Objective Ltd., a UK-based consultancy that provides independent IT strategy and solutions architecture services. Allen has more than 15 years of commercial experience, covering almost every aspect of IT; however, his true passion has been and always will be software development. In his spare time, Allen works writing books and training material or studies in an effort to find some form of enlightenment that has so far eluded him.

Zusammenfassung

This is a comprehensive tutorial and reference that contains numerous practical examples using C# and VB.NET.