.NET Framework Security - Softcover

About the Author

Brian A. LaMacchia is the Development Lead for .NET Framework Security at Microsoft Corporation in Redmond, WA, a position he has held since April 1999. Previously, Dr. LaMacchia was the Program Manager for core cryptography in Windows 2000 and, prior to joining Microsoft in 1997, he was a Senior Member of Technical Staff in the Public Policy Research Group at AT&T LabsÑResearch in Florham Park, NJ. He received S.B., S.M., and Ph.D. degrees in Electrical Engineering and Computer Science from MIT in 1990, 1991, and 1996, respectively.

Sebastian Lange has been working at Microsoft as Program Manager on the .NET Framework Common Language Runtime security team for over two years. He focuses on security configuration, administration, type safety verification, and secure hosting of the CLR. Prior to his work on security, Sebastian has done research and design in artificial intelligence, both in industry as well as in university. He holds a B.A. in Computer Science and a B.A. in Philosophy from Macalester College. In his spare time, Sebastian practices a variety of musical instruments, and can be seen playing the electric viola for his band Elysian up and down the west coast.

Matthew Lyons is the QA lead for security features of the Common Language Runtime at Microsoft Corporation. He has been testing and developing against the internal workings of .NET Framework security for over two years. Before that, he spent two years testing public key cryptography and the certificate services in Windows 2000. Matt received a B.S. in Applied Physics from Purdue University in 1997 and is currently working on an M.S. in Computer Science at the University of Washington.

Rudi Martin graduated from Glasgow University (Scotland, U.K.) in 1991 with a B.S.C. in Computing Science. He spent seven years working for Digital Equipment Corporation in the operating systems group, covering areas such as file systems, interprocess communications, and transaction processing. Rudi joined the NDP group at Microsoft in 1999, where he worked in the core execution engine and the security subsystem. He worked on the OpenVMS platform, transitioned to Windows NT, and has been very busy with the Common Language Runtime security group.

Kevin T. Price has been a software architect for over seven years specializing in Web-based applications. He is presently a Senior Software Architect for CMS Information Services in Vienna, VA. Kevin has edited books on .NET as well as authored chapters in BizTalk Unleashed. The material and code samples found in his chapters reflect real-world experience. Focusing on the securing of information and platform scalability. Mr. Price has both architecture and hands-on experience using technologies including ASP, Crypto API, JSP, Java, COM/DCOM, VB, C++, .NET, and numerous other technologies related to the Internet and/or the Microsoft-based toolset.

From the Back Cover

In 1997, Microsoft embarked on a "bet the company" strategy that was to reinvent the way the company did business. Even before its release, .NET made major strides in reinventing the way that software developers viewed the software they wrote.

Now that it is released, .NET and the .NET Framework will change the software development process for good.

.NET Framework Security provides the ultimate high-end comprehensive reference to all of the new security features available in .NET. Through extensive code samples and step-by-step walkthroughs of configuration techniques, the reader is taken deep into the world of secure applications. Demonstrations of creating custom procedures and a full explanation of each aspect separate this book from many other "lecture books." Many of the concepts expressed in this book are not only viable in .NET, but on the Internet in general. These factors combined make this the one reference that every developer and system administrator should have.

.NET Framework Security provides

• An extensive introduction to explanation of Code Access Security, the powerful new security system shipping in the .NET Framework
• Information on how to write and test safe applications using the .NET Framework
• Extensive coverage on how to effectively administer .NET Framework security
• In-depth introduction to the cryptography library shipping in the .NET Framework, including an introduction to XML digital signatures
• An overview of all of the new security features available in .NET
• Code samples that can be used to implement security on your own Web site or application
• Step-by-step guidelines for modifying the various configuration files associated with .NET, and an explanation of the elements involved
• Instructions for all of the aspects of security in the CLR and what it means
• How to use ASP.NET to create a secure application
• Explanations for using the CryptoAPI libraries to create your own custom functionality
• Guidelines on how to create secure network applications as well as applications that exist on the Internet
• Detailed examples of how to establish security parameters in IIS that relate to ASP.NET
• Instructions for administering .NET applications hosted in IE