Introduction to .NET Security Concepts
- Understanding the scope of security
- Surveying the .NET security namespaces
- Understanding the role of hash codes
- Understanding the role of encryption / decryption
- Understanding the role of digital signatures
- Surveying .NET security technologies (CAS, RBS, isolated storage, et. al.)
Assemblies as a Security Boundary
- Assembly `strong names' and cryptographic key pairs
- Working with delayed signing
- Interacting with the Global Assembly Cache
- Working with Publisher Certificates
- Decompiling and obfuscation
Understanding Hashing Algorithms
- The role of hash codes and hashing algorithm
- .NET hashing algorithms (MD5, SHA-1, et. al.)
- The System.Security.Cryptography.HashAlgorithm base class
- Validating hash codes programmatically
- Programming with `keyed' hashing algorithms
Understanding Symmetric Encryption
- The plaintext / ciphertext relationship
- The System.Security.Cryptography.SymmetricAlgorithm base class
- .NET symmetric encryption algorithms (DES, RC2, et. al.)
- Keys and initialization vectors (IVs)
- The ICryptoTransform and CryptoStream types
- Encrypting and decrypting data symmetrically
Understanding Asymmetric Encryption
- The role of public and private keys
- The System.Security.Cryptography.AsymmetricAlgorithm base class
- The RSA and RSACryptoServiceProvider types
- Extracting key information using ExportParameters()
- Expressing key data as XML
- Encrypting and decrypting data asymmetrically
|
|
CAS: Permissions and Evidence
- The role of Code Access Security (CAS)
- The Process, AppDomain, assembly relationship
- Defining the role of `evidence'
- Creating and persisting custom evidence
- Programmatically viewing evidence
- Policies and its usage of evidence
- Using permissions for declarative and imperative request
- Unmanaged code access
- .NET security configuration tools
- Using strong names
RAS: Principles and Identities
- Identity and principle types
- Role membership
- Using .NET impersonation
- Integrating Windows impersonation in .NET
ASP.NET Security
- Configuration settings for security in ASP.NET applications
- The relationship between IIS and ASP.NET
- Impersonation in web applications
- Authentication in ASP.NET
- Securing state information
XML and Security
- Exploring the XML Signatures specification
- Exploring the XML Encryption specification
- Creating signed XML in .NET
- Creating encrypted XML in .NET
- Key management in XML
- Exploring the WS-Security specification
|