Programming .Net Security: Writing Secure Applications Using C# or Visual Basic .Net

When I first purchased this book, I was searching for material to shed light on the Win32 security model. After extracting what little information was available on the topic from this text, it made it's way to the book shelf. Sometime later, I needed information on Code Access Security, and off the shelf it came. I later needed information on Assembly evidence, and down it came again. Next, was a need for .Net cryptographic and secure programing documentation -- it came down from the shelf and hasn't gone back again. This is one of those books you need to live with for a time before you realize how great it is. I turn to it 2 or 3 times a week, and regularly carry it back and forth from the office. I've discovered embedded in it's pages are program perls, tips, and background information. It has become and invaluable refefence -- one I whole heartedly endorse.

Programming .NET Security does a great job of breaking down the various aspects of security in a well thought-out manner. In particular, they spend 7 chapters explaining how the .NET Framework has been built to provide a secure infrastructure and how applications can take advantage of this environment to become secured. This book provides one of the best examples I have seen to date covering Code Access Security (CAS). The inclusion of topics on both ASP.NET and Enterprise Services security make this book wholesome for any developer. To follow, there are an additional 6 chapters that are devoted to cryptography, including sections on providing your own symmetric and asymmetric encryption algorithms. I would highly recommend this book to any developer working in the .NET Framework, regardless of skill; you will take something away from this book.

One of the best book that I will strogly recommend for any one who wants to understand .NET security subject. I was grappling with CAS for some time and how hard I would try, still I could not explain code group, permission and evidence and how they are interlinked. Not only authors have done a tremendous job at explaining CAS but cryptography is yet another section they have done great justice to. The diagrams in this chapter very clearly explains the key concepts of cryptography. A great book that will not disappoint you.

While there is a lot of talk about .NET security, relatively little can be found in terms of documentation, which is one reason why this book is so refreshing. In addition to discussing some of the reasons behind certain security schemes, the theory is explained as well as the C# implementation. While there are some .NET specific security issues discussed (e.g. configuring worker processes), the section on cryptography should be required reading for everyone in the computer industry.I get really excited about a book when it contains a lot of good information and I am able to actually use it to solve real-world problems. After reading this book, I was able to help solve a really tricky (and politically challenging) security issue quite quickly. If you have anything to do with your company's security systems or write any .NET code, I think this book deserves a place in your reference section. This is certainly the best book on .NET security I have read thus far.

You really are not a true .NET Programmer until you understand the security mechanisms that are part and parcel with the framework. To program in .NET (or really any component-oriented technology) without security in mind is like parachuting without one strapped to your back.I was waiting for a book like this. Before this book I've had to scour over the internet to try to find out how to get the different areas of security in .NET to work. Now it's all here in one book. The theory, the explanations, the warnings, the samples. If you are a serious .NET programmer or .NET policy administrator then this is a must have book. If you don't know the difference between "host evidence" and "assembly evidence", then you need this book. If you don't know the difference between a "security demand" and a "permission request", then you are dangerous to the people you do work for. Also, make sure you know the basics already of the language and the framework since this book assumes you do. Good luck.