Return to Programming Book Reviews.
.NET Security
by Jason Bock, Pete Stromquist, Tom Fischer, Nathan Smith

Publisher: Apress Buy it Now! 

ISBN: 1590590538
Format: Paperback, 336pp
CD: NO

When you use .NET to create client-and server-side applications, you have to address a new and large set of security issues. .NET Security shows you what you need to know by covering the different aspects of the .NET security model through detailed discussions about the key namespaces. Find out how to leverage the full power of the .NET security model with this definitive, one-stop resource, written by a leading authority in this easy-to-follow, conversational style book.

.NET Security is a tutorial about how to use the .NET security and cryptographic classes as well as a reference for any developer who wants to understand how security is implemented in the .NET Framework. The .NET Framework requires understanding in many new areas such as managed code, permissions, and evidence--and this book covers them all.
The book is targeting the intermediate .NET developer who wants to understand how security works in .NET. The language of choice in this book is C#, the concepts are .NET-general and are not specific to any CIL compatible language.

One of the excellent ways to present a book is to have an excellent organization of the book that enables easy navigation and a good thought process flow. With that in mind, this book is organized into nine chapters.
First chapter brings an introduction to Cryptography, great resource for those who are just starting to learn about cryptography. "Using the .NET Cryptography Classes ", the second chapter, goes over the classes available in the .NET that deal with cryptography. Next chapter, "XML Encryption and Signatures", talks about XML and explains the process of using .NET classes to help you sign and encrypt XML documents. The following three chapters: "Code Access Security", "Role Access Security" and "Remoting and Security ", bring the discussion on what policy levels are and covers permissions and how they work in .NET. The authors also address the use of RAS to protect resources, and how to secure applications that use .NET remoting. Chapter 7, "ASP.NET Web Application Security", is al about security as it relates to Web applications. The last two chapters, "Passport" and "Protecting Code", present on of the more controversial topics related to .NET - Passport. The last chapter talks about the risks of decompiling .NET assemblies and suggestions on how to protect your code.

A number of small applications, mentioned through the code, are available for download.
This book is an attempt to help to facilitate the .NET learning process so you can get up to speed on .NET security programming - an attempt the authors successfully achieved.