This book is intended for developers who are already familiar with and have a solid understanding of ASP.NET 1.1 and ASP.NET 2.0 security concepts, especially in the areas of forms authentication, page security, and website authorization. It assumes that you have a good understanding of the general functionality of Membership and Role Manager. It is also assumes that you have some familiarity working with ASP.NET AJAX 3.5. The book aims to “peel back the covers” of various ASP.NET security features so you can gain a deeper understanding of the security options available to you. Explaining the new IIS 7.0 and its Integrated mode of execution is also included in the book.
This book was written using the .NET 3.5 Framework along with the .NET Framework SPI on both Windows Sever 2008 and Windows Vista. The sample code in the book has been verified to work with .NET 3.5 Framework and .NET 3.5 Framework SPI on Windows Vista. To run all of the samples in the book you will need the following:
This book covers many topics and areas in ASP.NET 2.0 and ASP.NET 3.5. It first introduces Internet Information Services 7.0 (IIS 7.0). It goes on to explain in detail the new IIS 7.0 Integrated mode of execution. Next, detailed coverage of how security is applied when the ASP.NET application starts up and when a request is processed in the newly introduced integrated request-processing pipeline is discussed. After this, the book branches out and begins to cover security information for features such as trust levels, forms authentication, page security, and session state. This will show you how you can benefit from the IIS 7.0 Integrated mode to make better use of ASP.NET features. You will also gain an understanding of the lesser known security features in ASP.NET 2.0 and ASP.NET 3.5.
The book closes with a chapter about the best practices ASP.Net developers should follow to protect their applications from attack.
Chapter 1 starts by refreshing ideas on application pools and worker processes. It later gets into the major components that make up IIS 7.0. Chapter 2 begins by introducing the advantages of the IIS 7.0 and ASP.NET integrated mode. Chapter 3 gives you a walkthrough of the security processing that both IIS 7.0 and ASP.NET perform in the integrated/unified request-processing pipeline. Chapter 4 defines what an ASP.NET trust level is and how ASP.NET trust levels work to provide secure environments for running web applications. Chapter 5 covers the security features in the 2.0 and 3.5 Frameworks’ configuration systems. Chapter 6 explains ASP.NET 2.0 and ASP.NET 3.5 features for forms authentication. Chapter 7 demonstrates using IIS 7.0 wildcard mappings and ASP.NET 2.0 and ASP.NET 3.5 support for wildcard mappings to share authentication and authorization information with Classic ASP applications. Chapter 8 covers security features and guidance for session state. Chapter 9 describes some lesser known page security features from ASP.NET 1.1 and describes how ASP.NET 2.0 and ASP.NET 3.5 options for securing viewstate and postback events. Chapter 10 gives you an architectural overview of the provider model in both ASP.NET 2.0 and ASP.NET 3.5. Chapter 11 talks about the Membership feature in ASP.NET 2.0 and ASP.NET 3.5 Chapter 12 delves into both the SqlMembershipProvider as well as general database design assumptions that are included in all of ASP.NET 2.0’s and ASP.NET 3.5’s SQL-based features. Chapter 13 covers other membership provider that ships in ASP.NET 2.0 and ASP.NET 3.5-ActiveDirectoryMembershipProvider. Chapter 14 describes the Role Manager feature that provides built-in authorization support for ASP.NET 2.0 and ASP.NET 3.5. Chapter 15 discusses the SqlRoleProvider and its underlying SQL schema. Chapter 16 covers the AuthorizationStoreRoleProvider, which is a provider that maps Role Manager functionality to the Authorization Manager. Chapter 17 discusses how ASP.NET AJAX 3.5 integrates with ASP.NET 3.5 Membership and Role management features through newly introduced web services. Chapter 18 covers the best practices that can be followed to secure ASP.NET applications.
Bilal Haidar has authored several online articles for www.aspalliance.com, www.code-magazine.com, and www.aspnetpro.com. He is one of the top posters at the ASP.NET forums. He has been a Microsoft MVP in ASP.NET since 2004 and is also a Microsoft certified trainer. Currently, Bilal works as a senior developer for Consolidated Contractors Company (CCC), whose headquarters are based in Athens, Greece.
Stefan Schackow, the previous author of this book, is a Program Manager on the Web Platform and Tools Team at Microsoft. He worked on the new application services stack in Visual Studio 2005 and owned the Membership, Role Manager, Profile, Personalization, and Site Navigation features in ASP.NET 2.0. Currently he is working on Silverlight for Microsoft. Stefan is a frequent speaker at Microsoft developer conferences.
Le informazioni nella sezione "Riassunto" possono far riferimento a edizioni diverse di questo titolo.
Professional ASP.NET 3.5 Security, Membership, andRole Management with C# and VB
ASP.NET security covers concepts such as Web security, developing in partial trust, forms authentication, and securing configuration—just to name a few—all integral components to helping developers ensure reliable security. Addressing the ASP.NET developer's security view, this book offers detailed information on every major area of ASP.NET security that you'll encounter when developing Web applications. The book covers security in ASP.NET in general and includes the new additions and changes in ASP.NET 3.5.
Microsoft MVP Bilal Haidar covers the security highlights and new features of Internet Information Services (IIS) 7.0, and offers a detailed look at the request lifecycle, as well as clear explanations of AJAX authentication and authorization. You'll explore ASP.NET Session State, Membership, and Role Management so you will have a solid ability to develop secure and robust Web sites with ASP.NET 3.5 in VB or C# code.
What you will learn from this book
Best practices for developing secure ASP.NET Web applications, including protecting against AJAX threats
How to securely access ASP.NET configuration files for reading and editing purposes
Techniques for integrating security between ASP.NET and classic ASP
Various ASP.NET trust levels in both development and hosting stages
The security context associated with the processing of the request by the different modules of ASP.NET
The security features for forms authentication and session state
How to use Active Directory with the Membership and Role Manager features
Who this book is for
This book is for ASP.NET developers who have experience with developing ASP.NET Web applications in either VB or C#.
Wrox Professional guides are planned and written by working programmers to meet the real-world needs of programmers, developers, and IT professionals. Focused and relevant, they address the issues technology professionals face every day. They provide examples, practical solutions, and expert education in new technologies, all designed to help programmers do a better job.
Le informazioni nella sezione "Su questo libro" possono far riferimento a edizioni diverse di questo titolo.
Descrizione libro Paperback. Condizione libro: New. Softcover Book, New Condition, Fast Shipping. Ready in Stock. 1st Edition. [Please Read Carefully Before Buying], This Is An International Edition. Printed In Black and White. , Book Cover And ISBN No May Be Different From US Edition. Restricted Sales Disclaimer Wordings Not For Sales In USA And Canada May Be Printed On The Cover Of The Book. Standard Shipping 7-14 Business Days. Expedited Shiping 4-8 Business Days. ***WE DO NOT ENTERTAIN BULK ORDERS.*** The Books May Be Ship From Overseas For Inventory Purpose. Codice libro della libreria 436045
Descrizione libro Paperback. Condizione libro: New. New, Softcover International Edition, Printed in Black and White, Only USPS Media mail Shipping ONLY, Different ISBN, Same Content As US edition, Book Cover may be Different, in English Language. Codice libro della libreria 4596
Descrizione libro Wrox, 2008. Paperback. Condizione libro: New. Codice libro della libreria P110470379308
Descrizione libro Wrox, 2008. Paperback. Condizione libro: New. book. Codice libro della libreria 0470379308
Descrizione libro Wrox, 2008. Paperback. Condizione libro: New. 1. Codice libro della libreria DADAX0470379308