With the spread of web-enabled desktop clients and web-server based applications, developers can no longer afford to treat security as an afterthought. It's one topic, in fact, that .NET forces you to address, since Microsoft has placed security-related features at the core of the .NET Framework. Yet, because a developer's carelessness or lack of experience can still allow a program to be used in an unintended way, Programming .NET Security shows you how the various tools will help you write secure applications.

The book works as both a comprehensive tutorial and reference to security issues for .NET application development, and contains numerous practical examples in both the C# and VB.NET languages. With Programming .NET Security, you will learn to apply sound security principles to your application designs, and to understand the concepts of identity, authentication and authorization and how they apply to .NET security. This guide also teaches you to:

• use the .NET run-time security features and .NET security namespaces and types to implement best-practices in your applications, including evidence, permissions, code identity and security policy, and role based and Code Access Security (CAS) use the .NET cryptographic APIs , from hashing and common encryption algorithms to digital signatures and cryptographic keys, to protect your data.
• use COM+ component services in a secure manner

If you program with ASP.NET will also learn how to apply security to your applications. And the book also shows you how to use the Windows Event Log Service to audit Windows security violations that may be a threat to your solution.

Authors Adam Freeman and Allen Jones, early .NET adopters and long-time proponents of an "end-to-end" security model, based this book on their years of experience in applying security policies and developing products for NASDAQ, Sun Microsystems, Netscape, Microsoft, and others. With the .NET platform placing security at center stage, the better informed you are, the more secure your project will be.

Average Customer Review: ( 7 customer reviews )
Write an online review and share your thoughts with other customers.

I get really excited about a book when it contains a lot of good information and I am able to actually use it to solve real-world problems. After reading this book, I was able to help solve a really tricky (and politically challenging) security issue quite quickly. If you have anything to do with your company's security systems or write any .NET code, I think this book deserves a place in your reference section. This is certainly the best book on .NET security I have read thus far.

10 of 11 found the following review helpful:

Required reading for .Net ProgrammersSep 30, 2003
By Stephen Northcutt
Some books are not going to be easy or approachable, one must already be familiar with either the C# and or Visual Basic language (the easy part) and the .NET programming enviornment to attempt this book. The authors are quick to jump from a discussion of the issues to meta code and sample code, but that is a feature, not a bug to the book's intended audience of very sharp, (as opposed to very basic), well educated coders. I would like to have seen more of an effort to discuss testing, validation and assessment, but at just under 700 pages this is a focused work and a serious coverage of the hooks that make it possible to secure .NET. (Of course that is assuming the underlying function calls are not riddled with buffer overflows and the like. Blaster on a .NET scale is a pretty scary prospect.)

The bottom line, we are awash in bad code and the vulnerabilities that result are the fundamental reason there are so many exploits. When you consider that in the scale of a federated system it is not a pretty thought. Someday there will be building codes for software, but in the meantime, if you are a responsible citizen of this planet and you are involved in .Net development, buy your coders this book. Invest the time to be able to quiz them and do so. Make sure they understand the issues, especially with Chapters 18 and 19, ASP.NET and COM+.

Suprising -- Great BookJan 20, 2007
By J. Carroll
When I first purchased this book, I was searching for material to shed light on the Win32 security model. After extracting what little information was available on the topic from this text, it made it's way to the book shelf.

Sometime later, I needed information on Code Access Security, and off the shelf it came. I later needed information on Assembly evidence, and down it came again. Next, was a need for .Net cryptographic and secure programing documentation -- it came down from the shelf and hasn't gone back again.

This is one of those books you need to live with for a time before you realize how great it is. I turn to it 2 or 3 times a week, and regularly carry it back and forth from the office. I've discovered embedded in it's pages are program perls, tips, and background information. It has become and invaluable refefence -- one I whole heartedly endorse.

Great .NET Security BookJan 26, 2006
By Nick Parker
Programming .NET Security does a great job of breaking down the various aspects of security in a well thought-out manner. In particular, they spend 7 chapters explaining how the .NET Framework has been built to provide a secure infrastructure and how applications can take advantage of this environment to become secured. This book provides one of the best examples I have seen to date covering Code Access Security (CAS). The inclusion of topics on both ASP.NET and Enterprise Services security make this book wholesome for any developer.

To follow, there are an additional 6 chapters that are devoted to cryptography, including sections on providing your own symmetric and asymmetric encryption algorithms. I would highly recommend this book to any developer working in the .NET Framework, regardless of skill; you will take something away from this book.

See all 7 customer reviews on Amazon.com