From the Preface:
This guide presents a practical, scenario driven approach to designing and building secure ASP.NET applications for Windows 2000 and version 1.0 of the .NET Framework. It focuses on the key elements of authentication, authorization, and secure communication within and across the tiers of distributed .NET Web applications.
Why authentication, authorization, and secure communication?
Security is a broad topic. Research has shown that early design of authentication and authorization eliminates a high percentage of application vulnerabilities. Secure communication is an integral part of securing your distributed application to protect sensitive data, including credentials, passed to and from your application, and between application tiers.
There are many technologies used to build .NET Web applications. To build effective application-level authentication and authorization strategies, you need to understand how to fine-tune the various security features within each product and technology area, and how to make them work together to provide an effective, defense-in-depth security strategy. This guide will help you do just that.
If you are a middleware developer or architect, who plans to build, or is currently building .NET Web applications using one or more of the following technologies, you should read this guide.
- Web services
- Enterprise Services
To most effectively use this guide to design and build secure .NET Web applications, you should already have some familiarity and experience with .NET development techniques and technologies. You should be familiar with distributed application architecture and if you have already implemented .NET Web application solutions, you should know your own application architecture and deployment pattern.
:) "Regardless of Microsoft's current/past practices (which have absolutely nothing to do with the credibility of THIS book), it gives a good background on security in many situations. The part I found most helpful were the 'How To's' sections. There are good real world examples that are straight to the point and easy to comprehend. I code in C# w/SQL Server and all examples in this book use that combination; PERFECT FIT!"
:) "While MS may not seem like the best source for security information, this really is a good book."
:) "This series, and ASP.NET Security specifically, give good prescriptive guidance for a large number of common application scenarios. The how-to sections are exceeding valuable."