|
This
book is divided into five sections:
1. Introduction to the .NET
Developer Platform Security:
This section provides an introduction to the .NET Framework
platform and all of the new security features available. Although this
section describes only brief information, I still recommend that every one
should read it first before jumping to the others. The first section
"provides common background material for the topic-specific discussions
in the remainder of the book."
2. Code Access Security
Fundamentals:
This section provides an
extensive introduction to Code Access Security, a powerful and surprising
code-based security feature shipping in .NET Framework. Many new
terminologies are explained: Evidence, Permissions, Stack Walk, Code Groups,
Policy Levels, etc.
This section is really
difficult. I felt overwhelmed with too many new concepts and skipped it.
However, after reading some chapters of the next section, I realized that the
code-based security concept is the keystone for the entire security system. I
had to come back to section two and read it carefully. Learn from my lesson,
you should try to understand it at the first time you read it.
3. ASP.NET and Web Services
Security Fundamentals:
This section provides brief
information about server-side security features of ASP.NET and Web Services.
4. .NET Framework Security
Administration:
This section provides a
comprehensive guide to administer .NET Framework security. It shows you when
and how to make modifications. Some topics are presented as tutorials. It is
very to easy to capture and follow the steps.
5. .NET Framework Security for
Developers
The final section is devoted to
developers. It provides all needed information to build secure assemblies,
web sites, applications, and web services. It also provides an in-depth
introduction to the cryptography library shipping in the .NET Framework and
to XML digital signatures. For developers who don’t have enough time to read
the whole book, this is the section that you should spend your time on.
|