Expert Web Services Security in the .NET Platform [Paperback]

Brian Nantz (Author), Laurence Moroney (Author)

Book Description

ISBN-10: 1590591151 | ISBN-13: 978-1590591154 | Publication Date: October 29, 2004 | Edition: 1

Any company using .NET will eventually (if they haven’t already) be exposing part of their functionality as a .NET Web Service, and how to secure these features will become job number one. Web Services security in the .NET Platform will be the comprehensive treatment on how to secure Web Services on the .NET platform and is completely up-to-date for the latest version of Visual Studio .NET. This book specifically focuses on Web Services security, not general .NET security.

Editorial Reviews

About the Author

Laurence Moroney is the director of technology evangelism at Mainsoft, the cross-platform development company. He has over 10 years in software development and architecture, specializing in interoperability, security and performance in such diverse industries as casinos, jails, the U.S. Border Patrol, airports, professional soccer teams and financial services. He has written several books on computing, including some on Web Services Security, ASP.NET and Java/.NET interoperability, as well as dozens of articles on various technology issues. He lives in Sammamish, Washington with his wife, Rebecca, and children, Claudia and Christopher. His blog is at Philotic.com, where you can find lots of Atlas and other development resources.

Brian Nantz is employed with Security International, designing software for security equipment worldwide. He has developed Microsoft solutions for companies in both the medical and security industries. Brian lives with his wife and three children in the Milwaukee, Wisconsin area.

Product Details

• Paperback: 259 pages
• Publisher: Apress; 1 edition (October 29, 2004)
• Language: English
• ISBN-10: 1590591151
• ISBN-13: 978-1590591154
• Product Dimensions: 9.2 x 6.8 x 0.8 inches
• Shipping Weight: 1.2 pounds (View shipping rates and policies)
• Average Customer Review: 3.0 out of 5 stars  See all reviews (5 customer reviews)
• Amazon Best Sellers Rank: #888,995 in Books (See Top 100 in Books)

More About the Author

Discover books, learn about writers, read author blogs, and more.

Customer Reviews

Most Helpful Customer Reviews

2 of 2 people found the following review helpful:

4.0 out of 5 stars good discussion of crypto, November 13, 2004

By 

W Boudville (Terra, Sol 3) - See all my reviews
(VINE VOICE)    (TOP 1000 REVIEWER)    (HALL OF FAME REVIEWER)    (REAL NAME)   

This review is from: Expert Web Services Security in the .NET Platform (Paperback)

The book offers a good general description of Web Services. And specifically on how to make a simple Web Service using the .NET platform. But the thrust of the book is in showing how to incorporate cryptographic methods into the WS communications. The authors claim that perhaps the most important reason that WS have not taken off is security. Without a secure authentication and authorisation of messages, companies are leery about exposing their data via WS.

So the book devotes most of its space to the various cryptographic issues involved in .NET and WS. Some of this is not restricted to WS. For example, you may want to encrypt a channel, over which you will send sensitive data. That data might be a WS message, or something else. Hence, we get explanations of Active Directory, which handles a lot of these grubby details.

Later, they discuss public key cryptography. Which they term asynchronous encryption; not a widely used term. They contrast this to synchronous encryption, which most others call symmetric encryption.

But having said this, the book does offer a reasonable guide to using C# and .NET for WS. What is left for the reader is the much harder problem. That of designing a useful.

1 of 1 people found the following review helpful:

1.0 out of 5 stars Do not waste your money, March 23, 2005

By 

Mat Vee - See all my reviews

This review is from: Expert Web Services Security in the .NET Platform (Paperback)

Please do not waste your money.
I bought this book looking at the ratings.
No coverate of WS-Security.
It talks about IIS and other setup things, not really about
.Net code.
It looks rehash of one chapter of "Building Secure Microsoft ASP.Net applications".
The book had no code examples. It says it is expert level,
but it is not.

2.0 out of 5 stars Not enough depth, and the pieces aren't tied together, January 4, 2005

By 

Dan Crevier (Bellevue, WA United States) - See all my reviews
(REAL NAME)   

This review is from: Expert Web Services Security in the .NET Platform (Paperback)

I was excited by the prospect of this book. Many books on web services or ASP.Net offer only a short chapter on security that goes over the different authentication methods and not much more. I was looking forward to a broader end-to-end treatment of security.

Although this book did discuss a wide range of topics, it failed to tie them together. It describes a bunch of technologies but doesn't teach you how to choose between them or use them together. Some case studies or end-to-end diagrams would have really helped.

I also felt that there was not enough depth. Although the book is advertised as "advanced", it's really only an introduction to a bunch of topics. You need to go elsewhere to learn enough to really apply them. The book is quite thin.

I'm not sure who a good target audience for this book is. If you are trying to understand an overview web service security, it falls short because it doesn't do enough to help you understand the big picture. If you understand the big picture and are looking for an advanced treatment of how to implement security techniques, this book will only give you an introduction.