.NET Security [Paperback]

Jason Bock (Author), Pete Stromquist (Author), Tom Fischer (Author), Nathan Smith (Author)

Book Description

Series: Expert's Voice | Publication Date: July 9, 2002

When you use .NET to create client-and server-side applications, you have to address a new and large set of security issues. ".NET Security¿ shows you what you need to know by covering the different aspects of the .NET security model through detailed discussions about the key namespaces. The authors not only demonstrate how to write .NET code that can create secure systems within the .NET Framework, but also discuss ways that someone may try to break the security model in .NET, and how .NET prevents such intrusions. ¿.NET Security¿ is a tutorial about how to use the .NET security and cryptographic classes as well as a reference for any developer who wants to understand how security is implemented in the .NET Framework. The .NET Framework requires understanding in many new areas such as managed code, permissions, and evidence--and this book covers them all. About the Authors: Jason Bock is consultant and instructor for Intertech-Inc. (a company devoted to delivering hands-on workshops for enterprise web developers and whose focus is the professional Java¿, XML, and .NET enterprise developer). He has worked on a number of business applications using a diverse set of substrates and languages such as C#, .NET, and Java. He is also the author of ¿CIL Programming: Under the Hood of .NET¿ by Apress and ¿Visual Basic 6 Win32 API Tutorial¿, and has written numerous articles on technical development issues associated with both VB and Java. Jason holds both a B.A. and a Masters degree in Electrical Engineering from Marquette University. You can find out more about him at http://www.jasonbock.net Pete Stromquist is a consultant at Magenic Technologies (one of the nation's premiere Microsoft Gold Certified Partners), specializing in Web-enabled application development using Microsoft tools and technologies. He has spent the last several years architecting and developing the following types of applications: Intranet content management, Web-enabled training and testing software, B2B and B2C e-commerce, and Web-based telemetry and logistics. Pete has complimented his VB skills with several other technologies such as: XML, XSL, COM+, IIS, ASP, and, of course, .NET. He also enjoys teaching and presenting on .NET technologies. Pete has a Mechanical Engineering background, receiving his Bachelor of Science from the University of Minnesota. Tom Fischer's career spans a broad range of technologies with some of the most prestigious consulting firms in the Twin Cities. His certifications include the Sun Certified Java Programmer (SCJP), Microsoft Certified Solution Developer (MCSD), and Microsoft Certified Database Administrator (MCDBA). And as a Microsoft Certified Teacher (MCT), Tom also helps teach other developers about the latest Microsoft .NET tools and technologies. Nathan Smith is a consultant with Spherion in Scottsdale, AZ. He holds almost every Microsoft acronym possible (all but MCT) and specializes in the development of and conversion to Web enabled applications. Prior to the first beta release of C#, he focused primarily on Visual Basic development which he's been involved with for approximately six years.

Editorial Reviews

About the Author

Pete Stromquist is a consultant at Magenic Technologies (one of the nation's premiere Microsoft Gold Certified Partners), specializing in web-enabled application development using Microsoft tools and technologies. He has spent the last several years architecting and developing the following types of applications: intranet content management, web-enabled training and testing software, B2B and B2C e-commerce, and web-based telemetry and logistics. Pete has complemented his VB skills with several other technologies such as XML, XSL, COM+, IIS, ASP and, of course, .NET. He also enjoys teaching and presenting on .NET technologies. Pete has a mechanical engineering background and received his bachelor's degree from the University of Minnesota.

Tom Fischer's career spans a broad range of technologies with some of the most prestigious consulting firms in the Twin Cities, Minnesota. His certifications include the Sun Certified Java Programmer (SCJP), Microsoft Certified Solution Developer (MCSD), and Microsoft Certified Database Administrator (MCDBA). And as a Microsoft Certified Teacher (MCT), Tom helps teach other developers about the latest Microsoft .NET tools and technologies.

Nathan Smith is a goofy guy who enjoys practicing and preaching web standards. By day, he works as an information architect and interface designer at Geniant.com. By night, he is finishing a master of divinity degree via online classes from Asbury Theological Seminary. In 2005, he started Godbit.com as a resource to help the church better understand how to utilize web standards, and blogs about design semi-regularly at his site SonSpring.com. He has been described by family and friends as mildly amusing, but is really quite dull.

Jason Bock is a senior consultant for Magenic Technologies (http://www.magenic.com). He has worked on a number of business applications using a diverse set of substrates and languages such as C#, .NET, and Java. He is the author of CIL Programming: Under the Hood of .NET and .NET Security, both published by Apress, as well as Visual Basic 6 Win32 API Tutorial. He has also written numerous articles on technical development issues associated with both Visual Basic and Java. Jason holds both a bachelor's and a master's degree in electrical engineering from Marquette University. You can find out more about him at http://www.jasonbock.net.

Product Details

• Paperback: 310 pages
• Publisher: Apress; 1 edition (July 9, 2002)
• Language: English
• ISBN-10: 1590590538
• ISBN-13: 978-1590590539
• Product Dimensions: 9.1 x 7.3 x 0.8 inches
• Shipping Weight: 1.5 pounds (View shipping rates and policies)
• Average Customer Review: 3.8 out of 5 stars  See all reviews (4 customer reviews)
• Amazon Best Sellers Rank: #1,209,870 in Books (See Top 100 in Books)

Customer Reviews

Most Helpful Customer Reviews

5 of 5 people found the following review helpful:

5.0 out of 5 stars A Good Starting Book, November 16, 2002

By 

"umpiredan" (Fort Worth, TX USA) - See all my reviews

This review is from: .NET Security (Paperback)

This is a very good book for anyone new to .NET and or security. The .NET documentation is missing in several areaas and this book helps fill in the gaps that the docs have in security. But this book IS NOT a regurgitation of what I can find in the docs. It is new material

The first couple of chapters make it very clear how to do encryption with .NET. This is the first time I have seen an explanation for what the IV key is for in the encryption algorithms.

I was pleasantly surprised to see the discussion in chapter 3 about XML encryption. The standards for this are just coming into scope and this chapter does a nice job of describing what is happening in this space.

Code access security is a tught topic to cover in a short chaptyer but the authors do a good job. Again, there is a lot of hype about code access security but you have to look hard to find any real information about it. While I don't have to worry about this right now, this chapter gave me a good understanding of what is possible and how to do it.

I also found the last chapters on remoting and ASP.NET interesting and learned a few things in each chaptyer.

Is this book a 'cover everything including the kitchen sink' refernce? No. But it is a very good book for anyone who wants a good, solid introduction to the capabilities of .NET security and cryptography. And for me, that is important! Give me information that I can use and work with now. Not more reference material that I need to digest and sort through.

3 of 4 people found the following review helpful:

5.0 out of 5 stars A Comprehensive and Compact book, November 1, 2002

By 

Jehangir Abdulla - See all my reviews
(REAL NAME)   

This review is from: .NET Security (Paperback)

.NET Security( http://www.amazon.com/exec/obidos/ASIN/1590590538/ ), by
Jason Bock, Pete Stromquist, Tom Fischer, Nathan Smith, is a very good
Intermediate level book. They have touched upon all of the topics of
interest when it comes to security in the .NET Framework going into fair
amount of details whenever necessary.

First chapter starts off with a introduction to Cryptography, good for
someone who is just starting off learning about cryptography, a good
refresher for others who already know about the basics of cryptography.
Second chapter then goes on to talk about how the various cryptography
classes have been implemented in the .NET framework and how they can be
used. They talk about both symmetric and asymetric algorithms, Random Number
Generation, Hashing etc. They even mention Salting, something that's not
very well documented.
Third chapter talks about Xml Encryption and including Digital Signatures in
Xml Documents, this specification was so new when .NET came out that I was
surprised to see the Xml Signature implementation in the System.Security
namespace, the downside though as a result was very little documentation,
not any more though, the third chapter talks about everything one needs to
know about Xml Encryption and Signatures in detail.
The fourth chapters goes into a good amount of detail on Code Access
Security. The authors show a good mix of managing security using both code
and also using the Control Panel utilities. They go on to write and deploy
their
own permission class.
The rest of the book talks about Security when using Remoting and also Role
Based Security, in short they talk about
security considerations in every kind of scenario. The chapters on ASP.NET
security and MS Passport were not that useful to me though since those
topics have pretty much been beaten to death by every ASP.NET book out
there. Oh yes the last chapter on the risks of decompiling .NET assemblies
and suggestions on how to mitigate that was a good read.
APress seems to have developed a knack for publishing books that are thin
and to the point, this one is no exception, I'd give this book an 8 on 10. I
would've given it a higher rating if it would've talked about the
AllowPartiallyTrustedCallersAttribute, I think a discussion of CAS is
incomplete without the mention of this attribute.

Other books out there that cover Security in .NET are the following
1. .NET Framework Security(

http://www.amazon.com/exec/obidos/ASIN/067232184X/ ). I saw the table of
contents for this book, it pretty much covered everything this book covers,
this book was a whole lot thicker though, so I did thumb thru it at [a local store], thought the first 3 chapters or so were useless as they talked about
security risks, thought that was pointless since I know pretty much what the
risks are hence I am reading about security :), thought the .NET Security book by APress book
covered pretty much everything that this book has and in a more concise way...

0 of 2 people found the following review helpful:

2.0 out of 5 stars Unfortunately, only good for a solid overview, September 15, 2003

By A Customer

This review is from: .NET Security (Paperback)

It covered all the topics you would expect, but it is mostly a just a good overview of .NET security. I expected more in-depth coverage for a book titled as such. It has only a very brief overview of encryption algorithms without enough real world examples in my opinion, being an advanced .NET programmer but new to the issue of security.

The book is actually quite thin compared to its competition, so that should have tipped me off. You could go through it in a couple of days, but the price doesn't reflect that. I was really impressed with the .NET Programming with C# book from the same (small) publisher, so I was really hoping for a lot more. Consider the table of contents and decide for yourself whether this books warrants a purchase. It's a reasonably new topic of course so there are only a few other choices out there right now.