Programming .Net Security 1st edition

Programming .Net Security 1st edition

Programming .NET Security covers 2 major topics of .NET Security: Code Access Security (CAS) and Cryptography. (CAS) was highly advertised feature of .NET when first editions of framework were released. Main goal of CAS was to provide highly configurable way how to protect your applications against malicious code. CAS as it was designed became quite complex and the book did a great job to explain how it works and how can be configured. Part 2 is mostly devoted into this technology. Unfortunately complexity of CAS forced Microsoft to change it substantially. Form .NET version 4.0 many parts of CAS are deprecated now. Especially Security Policy which was completely removed from the framework. So chapters 8 and 9 dealing about Security Policy are obsolete now. Chapter 6 Evidence and Code Identity is partly valid (Evidences are still part of .NET but because of Security Policy removal their importance is lower). Chapter 7 dealing with Permissions is mostly valid - just few methods of Permission class became obsolete. Chapters 10 and 11 (Role-Based Security, Isolated Storage) are completely valid in .NET 4.5 and provide good intro into these technologies.

Part 3 is all about Cryptography. This is the most useful part of the book covering Hashing, Symmetric and Asymmetric algorithms, Key exchange and Digital signatures. All cryptography classes presented in the book are part of latest edition of framework just few more algorithms have been added. Cryptography chapters are not useful just for their API coverage, but also because they provide excellent introduction to cryptography itself. Algorithms are presented in understandable way with nice, clean figures.

Part 4 is about security aspects of ASP.NET, COM+ and Log service. Honestly just last chapter (Log service) is useful. Coverage of ASP.NET and COM+ is just on very basic level and COM+ is now in fact dead technology. Last part is reference to all security-related classes. These chapters are not much useful. MSDN documentation is sufficient.

The book uses similar pattern in most chapters. First few pages in each one give you theoretical introduction into technology. After that, there is a presentation of corresponding .NET API and most chapters are finished with complete solution how to customize presented technology. For instance the book contains implementation of custom symmetric and asymmetric algorithms. This pattern is little bit 'dry' especially in Part 2 and 4 but very helpful in cryptography chapters where solid theoretical background is must before you can move to API.

So, I can say, that even 10 years after publication some parts of Programming .NET Security are still valuable. Especially part 3 Cryptography is perfectly valid in .NET 4.5. If you need to use cryptography in your projects, the book gives you great intro into it.