Complete .NET 2.0 Security (MOC 50031)

Inleiding

Een van de grote voordelen van het .NET Framework zijn de verbeteringen op het gebied van beveiliging van de applicaties die u ontwikkelt, toch blijft het vaak een onbekend en slecht begrepen onderwerp. In deze .NET training leert u omgaan met strong names, obfuscating, hashcodes, symmetrische en asymmetrische cryptografie. Role Based Security (RBS) en Code Access Security (CAS) worden praktisch behandeld, net als het beveiligen van Web Sites en Web Services.

Introductie

The Complete .NET 2.0 Security course ( MOC50031) provides a foundation of the various security APIs contained within the Microsoft .NET 2.0 base class libraries. The course begins by examining how strong naming, obfuscation, and digital certificates can prevent others from tampering with and modifying the content within a .NET assembly. The course then addresses the role of one-way encryption using hash algorithms as well as symmetrical and asymmetrical cryptographic services. This class will also examine the use of Role Based Security and Code Access Security to assign identities and permissions to users and executing assemblies. The course wraps up by examining numerous topics regarding securing ASP.NET web applications and XML web services.

Doelgroep

Developers with solid experience writing applications using .NET 2.0

Leerdoelen

• Understand the Windows File Protection (WFP) object model and the use of XAML.
• Use WPF developments tools.
• Control content model and layout managers. 
• Use data binding, styles, and graphics.
• Use Navigation Applications and XBAPsBuild WPF applications using XAML, code files, and Microsoft Visual Studio.

Voorkennis

• Experience with Visual Studio IDE
• Firm grounding in OOP
• Firm grounding in .NET 2.0 development
• Solid understanding of C# or Microsoft Visual Basic
• (MOC4994, MOC4995, MOC2124 or MOC2956)

Cursus inhoud

Module 1: The Assembly as a Security Boundary

This module covers ways to secure assemblies including use of strong names in passwords, publisher certificate validation, and understanding ways to overcome security.

Lessons

• Review the composition of .NET assemblies
• Understand the role of Application Domains
• Define ‘roundtrip engineering’
• Learn to protect assemblies from tampering using strong names
• Understand the role of obfuscation
• Understand the role of publisher certificates
• Understand the role of FxCop.exe

Module 2: Understanding the Role of Hash Algorithms

In this module, students will learn how to use hash algorithms and hash codes to create a secure environment.

Lessons

• Define the role of cryptographic services
• Understand the role of hash algorithms and hash codes
• Generate hashed data using the .NET framework
• Validate hash codes programmatically

Module 3: Understanding .NET Cryptographic Services

This module covers the use of hash codes and encrypting both symmetrically and asymmetrically.

Lessons

• Define the role of cryptographic services
• Understand the role of hash algorithms and hash codes
• Generate hashed data using the .NET framework
• Validate hash codes programmatically
• Understand the role of encryption and decryption
• Learn to encrypt data symmetrically
• Learn to encrypt data asymmetrically

Module 4: Understanding Role Based Security (RBS)

This module explains how to use roles to identify valid users and how to define access and restrictions using roles.

Lessons

• Understand the use of role based security
• Create and administer roles
• Distinguish between principals, identity and roles
• Programmatically determine role membership
• Restrict actions based on roles

Module 5: An Introduction to Code Access Security

In this module, students learn how to use Code Access Security (CAS).

Lessons

• Understand the motivation behind Code Access Security (CAS)
• Understand the building blocks of CAS
• Use CAS to secure ClickOnce Applications
• Programmatically interact with CAS

Module 6: Understanding Isolated Storage

This module covers the administration and manipulation of isolated storage.

Lessons

• Understand the role of Isolated Storage
• Understand the levels of isolated storage
• Investigate the System.IO.IsolatedStorage namespace
• Administer isolated storage using storeadm.exe
• Programmatically manipulate isolated storage

Module 7: Securing an ASP.NET Web Site

This module examines ASP.NET security architecture and compares Windows-based and Forms-based authentication. Students will learn how to configure ASP.NET and how to work with security controls.

Lessons

• Examine the Architecture of ASP.NET Security
• Contrast Windows based and Forms based authentication
• Configure ASP.NET authentication and authorization using a web.config file
• Work with the ASP.NET security controls

Module 8: Securing XML Web Services using WSE 3.0

In this module, students learn how to use XML Web Services to authenticate users.

Lessons

• Briefly review the construction of .NET XML Web Services
• Understand the role of Web Services Extensions (WSE) 3.0
• Walkthrough the process of obtaining and installing WSE 3.0
• Understand the scope of Microsoft.Web.Services3.dll
• Examine how to authenticate users using WS-Security