Building secure distributed Web applications can be challenging. It usually involves integrating several different technologies and products—yet your complete application will only be as secure as its weakest link. This guide presents a practical, scenario-driven approach to designing and building security-enhanced ASP.NET applications for Microsoft® Windows® 2000 and version 1.1 of the Microsoft .NET Framework. It focuses on the key elements of authentication, authorization, and secure communication within and across the tiers of distributed .NET Web applications.

This guide focuses on:

• Authentication—to identify the clients of your application
• Authorization—to provide access controls for those clients
• Secure communication—to help ensure that messages remain private and are not altered by unauthorized parties

Who should read this guide:

Middleware developers and architects who build or plan to build .NET Web applications using ASP.NET, XML Web Services, Enterprise Services (COM+), .NET Remoting, or Microsoft ADO.NET

About “Patterns and Practices”:

Patterns & Practices contain specific recommendations illustrating how to design, build, deploy, and operate architecturally sound solutions to challenging business and technical scenarios. The technical guidance is reviewed and approved by Microsoft engineering teams, consultants, and Product Support Services, and by partners and customers.

Note: Includes complete sample on the Web.

Average Customer Review: ( 3 customer reviews )
Write an online review and share your thoughts with other customers.

While MS may not seem like the best source for security information, this really is a good book. Unlike the person ranting in another review, I personally don't care whether Bill Gates and MS is good or evil, or whether the security initiative at MS is a hoax or an honest effort. I care if this book can help me create a better, more secure ASP.NET application. And in that is is a success.

4 stars rather than 5 because the book is a little dry, and not exactly a page turner. However, there are things in here (like the section on hashing passwords) that will really make a difference in the security of your application.

15 of 15 found the following review helpful:

Worthy PurchaseJan 07, 2004
By Matt Brown
I agree with most of the reviews on this page. Regardless of Microsoft's current/past practices (which have absolutely nothing to do with the credibility of THIS book), it gives a good background on security in many situations. The part I found most helpful were the 'How To's' sections. There are good real world examples that are straight to the point and easy to comprehend. I code in C# w/SQL Server and all examples in this book use that combination; PERFECT FIT!

I would of bought this book just for the 'How To's' on hashing passwords and implementing roles with IPrincipal.

11 of 11 found the following review helpful:

Good Prescriptive GuidanceDec 02, 2003

The Patterns and Practices Series represents the bridge between known best practices and applications. Busy application developers are frequently tasked with building complex and secure system, and at the same time, are required to operate with limited resources and time. This series, and ASP.NET Security specifically, give good prescriptive guidance for a large number of common application scenarios. The how-to sections are exceeding valuable. Check out other books in this series and you will find lots of good guidance to jump start development on the MS platform.