.NET news » Security Security Rss Feed

.NET Security and Cryptography
Authors: Peter Thorsteinson, G. Gnana Arun Ganesh
Average rating: 4.5 / 2
(2 reviews)
More .NET Security books
download

Never Write an Insecure ASP.NET Application Ever Again

One of the most important security principles for software development is least privilege. Simply put, least privilege means that an application, process, or user should have the least access to resources required to accomplish a task and no more. By following this principle, even if your application is attacked or a user goes on the payroll of your nastiest competitor, you'll have limited the potential damage. Bottom line: implementing partial trust in ASP.NET is the single biggest thing you can do to make your applications secure.
27 Dec 2007, 18:00:00   Source: Never Write an Insecure ASP.NET Application Ever Again   Tags: ASP.NET Security

Office Space: Security Programming in SharePoint 2007

This month Ted Pattison presents an overview of programming security and permissions for Windows SharePoint Services 3.0.

Authenticate Users Across Organizations Using ADFS

Active Directory Federation Services (ADFS) was introduced in Windows Server 2003 for organizations that need to participate in standards-based identity federation. With ADFS, you can more easily validate identity data from other organizations, leading to greater interoperability with your partners. In this article, I'll take you on a guided tour of ADFS in action, using the experiences of a fictitious online service provider (A. Datum Corporation) that uses ADFS to interact with a real online service provider (UnderMyControl.com) and a fictitious customer (Tailspin Toys).
23 Oct 2007, 19:00:00   Source: Authenticate Users Across Organizations Using ADFS   Tags: Security

Using RSA Public Key Encryption in a Shared Webhosting Environment

This article provides a way to use RSA public key encryption in scripts running on a webserver hosted by a shared hosting company. It also demonstrates how to use RSA in .Net to solve the 'real world' problem of signing license codes so that they cannot be forged.
20 Oct 2007, 10:26:00   Source: Using RSA Public Key Encryption in a Shared Webhosting...   Tags: Security

SQL Trusted Connections with ASP.NET

Hard coding passwords into your application or your web site is a bad thing. Barry looks at how we can use trusted connections to provide the authentication we need, without the need for these potential security hazards.
9 Oct 2007, 21:03:00   Source: SQL Trusted Connections with ASP.NET   Tags: Database Security

Apply Visual Studio Code Analysis to Beef Up Security

Visual Studio's code analysis feature offers hidden extensibility opportunities for writing custom security code review rules.
20 Sep 2007, 23:55:01   Source: Apply Visual Studio Code Analysis to Beef Up Security   Tags: Security

Public/Private Key Encrypted Messenger

An article about creating a public/private key encrypted internet messenger
17 Sep 2007, 06:47:00   Source: Public/Private Key Encrypted Messenger   Tags: Examples Security

Parallel LINQ: Running Queries On Multi-Core Processors

PLINQ is a query execution engine that accepts any LINQ-to-Objects or LINQ-to-XML query and automatically utilizes multiple processors or cores for execution when they are available. The change in programming model is tiny, meaning you don't need to be a concurrency guru to use it. In fact, threads and locks won't even come up unless you really want to dive under the hood to understand how it all works. PLINQ is a key component of Parallel FX, the next generation of concurrency support in the Microsoft .NET Framework.

In this article, we review the goals of the PLINQ technology, where it fits into the broader .NET Framework and other concurrency offerings, and what it looks like from the perspective of LINQ developers. We conclude with some example scenarios where PLINQ has already shown tremendous value...

21 Aug 2007, 19:00:00   Source: Parallel LINQ: Running Queries On Multi-Core Processors   Tags: Security

Tales from the CryptoRandom

I'm using the System.Random class to generate some random numbers in my application. A coworker reviewed my code and suggested that I use RNGCryptoServiceProvider instead. I'd like to follow her suggestion, but I'd also like not to have to modify all of my code that uses Random, and RNGCryptoServiceProvider looks nothing like Random in terms of the methods it exposes. Do you have any suggestions for making this easier?..
16 Jul 2007, 19:00:00   Source: Tales from the CryptoRandom   Tags: Security

Exploring Claims-Based Identity

Most enterprise applications need some basic user security features. At a minimum, they need to authenticate their users, and many also need to authorize access to certain features so that only privileged users can get to them. Some apps must go further and audit what the user does. On Windows®, these features are built into the operating system and are usually quite easy to integrate into an application. By taking advantage of Windows integrated authentication, you don't have to invent your own authentication protocol or manage a user database. By using access control lists (ACLs), impersonation, and features such as groups, you can implement authorization with very little code. Indeed, this advice applies no matter which OS you are using. It's almost always a better idea to integrate closely with the security features in your OS rather than reinventing those features yourself.

But what happens when you want to extend reach to users who don't happen to have Windows accounts? What about users who aren't running Windows at all? More and more applications need this type of reach, which seems to fly in the face of traditional advice. This column will introduce you to the new identity model in the Microsoft .NET Framework 3.0, which is designed to help address these and other problems.

16 Jul 2007, 19:00:00   Source: Exploring Claims-Based Identity   Tags: Security