By Adam Freeman, Allen Jones
Publisher : O'Reilly
Pub Date : June 2003
ISBN : 0-596-00442-7
Pages : 714
With the spread of web-enabled desktop clients and web-server based applications, developers can no longer afford to treat security as an afterthought. It's one topic, in fact, that .NET forces you to address, since Microsoft has placed security-related features at the core of the .NET Framework. Yet, because a developer's carelessness or lack of experience can still allow a program to be used in an unintended way, Programming .NET Security shows you how the various tools will help you write secure applications.
Copyright
Dedication
Preface
How This Book Is Organized
Who Should Read This Book
Assumptions This Book Makes
Conventions Used in This Book
How to Contact Us
Part I: Fundamentals
Chapter 1. Security Fundamentals
Section 1.1. The Need for Security
Section 1.2. Roles in Security
Section 1.3. Understanding Software Security
Section 1.4. End-to-End Security
Chapter 2. Assemblies
Section 2.1. Assemblies Explained
Section 2.2. Creating Assemblies
Section 2.3. Shared Assemblies
Section 2.4. Strong Names
Section 2.5. Publisher Certificates
Section 2.6. Decompiling Explained
Chapter 3. Application Domains
Section 3.1. Application Domains Explained
Chapter 4. The Lifetime of a Secure Application
Section 4.1. Designing a Secure .NET Application
Section 4.2. Developing a Secure .NET Application
Section 4.3. Security Testing a .NET Application
Section 4.4. Deploying a .NET Application
Section 4.5. Executing a .NET Application
Section 4.6. Monitoring a .NET Application
Part II: .NET Security
Chapter 5. Introduction to Runtime Security
Section 5.1. Runtime Security Explained
Section 5.2. Introducing Role-Based Security
Section 5.3. Introducing Code-Access Security
Section 5.4. Introducing Isolated Storage
Chapter 6. Evidence and Code Identity
Section 6.1. Evidence Explained
Section 6.2. Programming Evidence
Section 6.3. Extending the .NET Framework
Chapter 7. Permissions
Section 7.1. Permissions Explained
Section 7.2. Programming Code-Access Security
Section 7.3. Extending the .NET Framework
Chapter 8. Security Policy
Section 8.1. Security Policy Explained
Section 8.2. Programming Security Policy
Section 8.3. Extending the .NET Framework
Chapter 9. Administering Code-Access Security
Section 9.1. Default Security Policy
Section 9.2. Inspecting Declarative Security Statements
Section 9.3. Using the .NET Framework Configuration Tool
Section 9.4. Using the Code-Access Security Policy Tool
Chapter 10. Role-Based Security
Section 10.1. Role-Based Security Explained
Section 10.2. Programming Role-Based Security
Chapter 11. Isolated Storage
Section 11.1. Isolated Storage Explained
Section 11.2. Programming Isolated Storage
Section 11.3. Administering Isolated Storage
Part III: .NET Cryptography
Chapter 12. Introduction to Cryptography
Section 12.1. Cryptography Explained
Section 12.2. Cryptography Is Key Management
Section 12.3. Cryptographic Attacks
Chapter 13. Hashing Algorithms
Section 13.1. Hashing Algorithms Explained
Section 13.2. Programming Hashing Algorithms
Section 13.3. Keyed Hashing Algorithms Explained
Section 13.4. Programming Keyed Hashing Algorithms
Section 13.5. Extending the .NET Framework
Chapter 14. Symmetric Encryption
Section 14.1. Encryption Revisited
Section 14.2. Symmetric Encryption Explained
Section 14.3. Programming Symmetrical Encryption
Section 14.4. Extending the .NET Framework
Chapter 15. Asymmetric Encryption
Section 15.1. Asymmetric Encryption Explained
Section 15.2. Programming Asymmetrical Encryption
Section 15.3. Extending the .NET Framework
Chapter 16. Digital Signatures
Section 16.1. Digital Signatures Explained
Section 16.2. Programming Digital Signatures
Section 16.3. Programming XML Signatures
Section 16.4. Extending the .NET Framework
Chapter 17. Cryptographic Keys
Section 17.1. Cryptographic Keys Explained
Section 17.2. Programming Cryptographic Keys
Section 17.3. Extending the .NET Framework
Part IV: .NET Application Frameworks
Chapter 18. ASP.NET Application Security
Section 18.1. ASP.NET Security Explained
Section 18.2. Configuring the ASP.NET Worker Process Identity
Section 18.3. Authentication
Section 18.4. Authorization
Section 18.5. Impersonation
Section 18.6. ASP.NET and Code-Access Security
Chapter 19. COM+ Security
Section 19.1. COM+ Security Explained
Section 19.2. Programming COM+ Security
Section 19.3. Administering COM+ Security
Chapter 20. The Event Log Service
Section 20.1. The Event Log Service Explained
Section 20.2. Programming the Event Log Service
Part V: API Quick Reference
Chapter 21. How to Use This Quick Reference
Section 21.1. Finding a Quick-Reference Entry
Section 21.2. Reading a Quick-Reference Entry
Chapter 22. Converting from C# to VB Syntax
Section 22.1. General Considerations
Section 22.2. Classes
Section 22.3. Structures
Section 22.4. Interfaces
Section 22.5. Class, Structure, and Interface Members
Section 22.6. Delegates
Section 22.7. Enumerations
Chapter 23. The System.Security Namespace
AllowPartiallyTrustedCallersAttribute
CodeAccessPermission
IEvidenceFactory
IPermission
ISecurityEncodable
ISecurityPolicyEncodable
IStackWalk
NamedPermissionSet
PermissionSet
PolicyLevelType
SecurityElement
SecurityException
SecurityManager
SecurityZone
SuppressUnmanagedCodeSecurityAttribute
UnverifiableCodeAttribute
VerificationException
XmlSyntaxException
Chapter 24. The System.Security.Cryptography Namespace
AsymmetricAlgorithm
AsymmetricKeyExchangeDeformatter
AsymmetricKeyExchangeFormatter
AsymmetricSignatureDeformatter
AsymmetricSignatureFormatter
CipherMode
CryptoAPITransform
CryptoConfig
CryptographicException
CryptographicUnexpectedOperationException
CryptoStream
CryptoStreamMode
CspParameters
CspProviderFlags
DeriveBytes
DES
DESCryptoServiceProvider
DSA
DSACryptoServiceProvider
DSAParameters
DSASignatureDeformatter
DSASignatureFormatter
FromBase64Transform
FromBase64TransformMode
HashAlgorithm
HMACSHA1
ICryptoTransform
KeyedHashAlgorithm
KeySizes
MACTripleDES
MaskGenerationMethod
MD5
MD5CryptoServiceProvider
PaddingMode
PasswordDeriveBytes
PKCS1MaskGenerationMethod
RandomNumberGenerator
RC2
RC2CryptoServiceProvider
Rijndael
RijndaelManaged
RNGCryptoServiceProvider
RSA
RSACryptoServiceProvider
RSAOAEPKeyExchangeDeformatter
RSAOAEPKeyExchangeFormatter
RSAParameters
RSAPKCS1KeyExchangeDeformatter
RSAPKCS1KeyExchangeFormatter
RSAPKCS1SignatureDeformatter
RSAPKCS1SignatureFormatter
SHA1
SHA1CryptoServiceProvider
SHA1Managed
SHA256
SHA256Managed
SHA384
SHA384Managed
SHA512
SHA512Managed
SignatureDescription
SymmetricAlgorithm
ToBase64Transform
TripleDES
TripleDESCryptoServiceProvider
Chapter 25. The System.Security.Cryptography.X509Certificates Namespace
X509Certificate
X509CertificateCollection
X509CertificateCollection.X509CertificateEnumerator
Chapter 26. The System.Security.Cryptography.Xml Namespace
DataObject
DSAKeyValue
KeyInfo
KeyInfoClause
KeyInfoName
KeyInfoNode
KeyInfoRetrievalMethod
KeyInfoX509Data
Reference
RSAKeyValue
Signature
SignedInfo
SignedXml
Transform
TransformChain
XmlDsigBase64Transform
XmlDsigC14NTransform
XmlDsigC14NWithCommentsTransform
XmlDsigEnvelopedSignatureTransform
XmlDsigXPathTransform
XmlDsigXsltTransform
Chapter 27. The System.Security.Permissions Namespace
CodeAccessSecurityAttribute
EnvironmentPermission
EnvironmentPermissionAccess
EnvironmentPermissionAttribute
FileDialogPermission
FileDialogPermissionAccess
FileDialogPermissionAttribute
FileIOPermission
FileIOPermissionAccess
FileIOPermissionAttribute
IsolatedStorageContainment
IsolatedStorageFilePermission
IsolatedStorageFilePermissionAttribute
IsolatedStoragePermission
IsolatedStoragePermissionAttribute
IUnrestrictedPermission
PermissionSetAttribute
PermissionState
PrincipalPermission
PrincipalPermissionAttribute
PublisherIdentityPermission
PublisherIdentityPermissionAttribute
ReflectionPermission
ReflectionPermissionAttribute
ReflectionPermissionFlag
RegistryPermission
RegistryPermissionAccess
RegistryPermissionAttribute
ResourcePermissionBase
ResourcePermissionBaseEntry
SecurityAction
SecurityAttribute
SecurityPermission
SecurityPermissionAttribute
SecurityPermissionFlag
SiteIdentityPermission
SiteIdentityPermissionAttribute
StrongNameIdentityPermission
StrongNameIdentityPermissionAttribute
StrongNamePublicKeyBlob
UIPermission
UIPermissionAttribute
UIPermissionClipboard
UIPermissionWindow
UrlIdentityPermission
UrlIdentityPermissionAttribute
ZoneIdentityPermission
ZoneIdentityPermissionAttribute
Chapter 28. The System.Security.Policy Namespace
AllMembershipCondition
ApplicationDirectory
ApplicationDirectoryMembershipCondition
CodeGroup
Evidence
FileCodeGroup
FirstMatchCodeGroup
Hash
HashMembershipCondition
IIdentityPermissionFactory
IMembershipCondition
NetCodeGroup
PermissionRequestEvidence
PolicyException
PolicyLevel
PolicyStatement
PolicyStatementAttribute
Publisher
PublisherMembershipCondition
Site
SiteMembershipCondition
StrongName
StrongNameMembershipCondition
UnionCodeGroup
Url
UrlMembershipCondition
Zone
ZoneMembershipCondition
Chapter 29. The System.Security.Principal Namespace
GenericIdentity
GenericPrincipal
IIdentity
IPrincipal
PrincipalPolicy
WindowsAccountType
WindowsBuiltInRole
WindowsIdentity
WindowsImpersonationContext
WindowsPrincipal
Colophon
Index
Download
Another .NET Books
Another Computer Security Books
No comments:
Post a Comment