Hijacking .Net Vol 1: Role Based Security [DOWNLOAD: PDF] (Digital)

~ Dan Appleman (Author), Daniel Appleman (Author)

Editorial Reviews

Product Description

Hijacking .NET is today's equivalent of using undocumented Windows API functions. Except that not only are the functions under discussion undocumented, they are actually private - functions internal to the .NET framework that were never intended to be used from outside.

In this new eBook, Dan Appleman will teach you how to find these hidden functions, how to use disassembly and common sense to figure out what they do, and how to implement code that uses them (along with a straightforward explanation of the relative risks of doing so).

To demonstrate these techniques, Appleman demonstrates use of hidden functions to work with Windows role based security. In one example, you'll learn a few lines of .NET code can allow you to determine which roles (groups) an account belongs to. In another example, you'll learn how to extend a couple of .NET classes using hidden method calls and a few API calls to allow you to easily set the account and group security for a file or directory.

Whether you are interested in role based security, .NET internals, or just want the thrill of hacking into the framework, this unique eBook will prove a fascinating read.

Product Details

Do you have the free reader for this item?

• Format: Adobe Reader (PDF)
• Printable: Yes. This title is printable
• Mac OS Compatible: OS 9.x or later
• Windows Compatible: Yes
• Handheld Compatible: Yes. Adobe Reader is available for PalmOS, Pocket PC, and Symbian OS.
• File Size: 960 KB
• Digital: 39 pages
• Publisher: Daniel Appleman (April 12, 2003)
• Average Customer Review: 3.5 out of 5 stars  See all reviews (4 customer reviews)
• Amazon.com Sales Rank: #2,086,214 in Books (See Bestsellers in Books)

  Popular in these categories: (What's this?)

  #35 in	Books > eDocs > Formats > PDF (printable) > Computers & Internet > Programming
  #63 in	Books > eDocs > Subjects > Computers & Internet > Programming

• Required Free Software: Adobe Reader

Customer Reviews

Most Helpful Customer Reviews

15 of 15 people found the following review helpful:

1.0 out of 5 stars Contra Appleman Polishers, January 3, 2004

By A Customer

It's hard to see how other readers of this eBook
could regard it so highly. (One begins to wonder
whether or not they're some sort of Appleman
polishers.) About 25% of this tomelet consists
of advertisements for Appleman's other works and
a blighted index which lists every last one of them.
A further 10% of the book contains unnecessary MSIL
from mscorlib.dll. Yet more space is consumed by
VB.NET code which regurgitates that listed in C#.
By my estimate then at least 40% of this offering
should have been removed before release.

Turning now to the content, this book's overview of
role based security is simplistic to the point of
puerility. Reducing security to a slogan such as
"Can you do something [to some object]" is claptrap
for simpletons. The book's idea of hijacking .NET
is to call the Type.InvokeMember() method with
BindingFlags.NonPublic as one of its arguments and
to use P/Invoke to call native code. Since none of
this will violate Code Access Security, it's hard to
see how it qualifies as hijacking .NET. If you're
interested in seeing what Appleman does, you should
download the code for this book from his web site
instead of allowing him to hijack your wallet.

11 of 11 people found the following review helpful:

3.0 out of 5 stars well worth reading, August 28, 2003

By	"robbieharris" (United Kingdom) - See all my reviews

I had to read this - touted as the first volume in a series that could be for .NET what Appleman's books were for the Win32 API. But a fair bit of the ebook is just a guided tour of windows role based security, well written though.

The core of the 'hijacking' part could be boiled down to a couple of pages. Essentially it's this:

Marking a class or method as private in .NET impacts its visibility, but not its security boundary - i.e. it is possible to invoke private methods.
And vs.net provides all the means necessary to do so:

Step One - navigate to the library/class you want with ildasm and have a peek at the IL. From that its pretty straightforward to grok the private objects/methods you might be interested in.
Step Two - use the InvokeMember method of the Type class to make use of private class/method.

That's it. Classic Win32 API Appleman this is not, how useful the technique is - I'm not sure (not so much in in commercial work i suspect), but it's still well worth a read.

1 of 5 people found the following review helpful:

5.0 out of 5 stars Great writing and code in the Appleman tradition, September 1, 2003

By	Richard A. Lowe (Chicago, IL United States) - See all my reviews (REAL NAME)

The lessons of this PDF are twofold:
1) You get a great extension to .NET role-based security APIs via Dan's code writings and

2) In the teach-you-how-to-do-it-but-at-your-own-risk! tradition of Dan Appleman, you learn how to introspect the .NET Framework class libraries and work with their internals. Or more to the point, with the internals of *any* reflectable .NET assembly.

Bottom line: If you like knowing internals and haven't tackled the Reflection namespaces in .NET yet, this is a good start. (You'll probably need reflection skills at some point anyway).

It's a great read!