CERTIFICATIONS

PROGRAMS

LEARN > Find a Class > Class Summary

ATNETSEC - Complete .NET Security

If you have any questions about registering for this class, please call (877) 832-0688 Ext. 1493 or email us at getsmart@LRS.com

This three-day course provides a foundation of the various security APIs contained within the .NET 2.0 base class libraries. The course begins by examining how strong naming, obfuscation and digital certificates can prevent others from tampering with and modifying the content within a .NET assembly. The course then addresses the role of one-way encryption using hash algorithms as well as symmetrical and asymmetrical cryptographic services. This class will also examine the use of Role Based Security and Code Access Security to assign identities and permissions to users and executing assemblies. The course wraps up by examining numerous topics regarding securing ASP .NET web applications and XML web services.

Click here for a printer-friendly version of this page

Prerequisites

Programming experience in .NET is required.

Detailed Class Syllabus

Reviewing the .NET Assembly Format

Reviewing the .NET Assembly Format

Single File versus Multi-File Assemblies

Understanding .NET Application Domains

Assembly Security Threats and Various Countermeasures

Understanding ‘Roundtrip Engineering’

Disassembling an Assembly using Idlasm.exe

Compiling CIL Code using Ilasm.exe

Securing an Assembly using Strong Naming

Strong names as a .NET Identity

The Role of Publisher Certificates

The Role of Obfuscation

The Role of the FxCop.exe utility

Understanding the Role of Hash Algorithms

Understanding the Role of Cryptography

Getting to Know Bob, Alice and Eve

Defining Hashing Algorithms and hash Codes

A High Level Examination of Hash Code Theory

The .NET Hash Code Algorithms

The HashAlgorithm Base Class Functionality

HashAlgorithm Derived Types

Creating a Hash Algorithm Type

Hashing Data Programmatically

Generating Hash Codes from Streamed Data

Validating Hash Codes Programmatically

Understanding Keyed Hashing Algorithms

Understanding .NET Cryptographic Services

The Role of Encryption Plaintext, Ciphertext and Cipher Functions

Modes of Cipher Operation

Understanding the Electronic Codebook (ECB) Mode

Understanding the Cipher Block Chaining (CBC) Mode

Understanding the Cipher Feedback (CFB) ModeBlock Padding

The .NET Symmetrical Encryption Algorithms

The SymmetricalAlgorithm Base Class Functionality

SymmetricalAlgorithm Derived Types

Creating an Algorithm Type

The ICryptoTransformer and CryptoStream Types

Symmetrically Encrypting Data to Memory

Decrypting Data Symmetrically

Symmetrically Encrypting Data to file

Understanding Asymmetric Encryption

An Overview of .NET’s Asymmetrical

Encryption Services

Asymmetrically Encrypting and Decrypting Data

Importing and Exporting Parameters

Expressing key Data via XML

Understanding Role Based Security (RBS)

Defining Role Based Security

Establishing Users, Groups and Roles

Understanding the Role of Principals

The System.Security.Principal.WindowsPrincipal Type

The System.Security.Principal.WindowsIdentity Type

Obtaining the Current Principal

Programming Choices with RBS

The PrincipalPermission Type

Declarative RBS

An Introduction to Code Access Security

The Role of Code Access Security

The Building Blocks of CAS

Administration of CAS

Investigating the Core Default Code Groups

Investigating the Core Named Permission Sets

Common Applications of CAS

The Role of Evidence

The System.Security.Policy.Evidence Type

Programmatically Evaluating Evidence

Working with Evidence Programmatically

Understanding CAS Permission Objects

Requesting permission Preferences

Viewing Advertised Permissions

Working with Permission Sets

Programmatic Code Access Security (CAS)

Understanding Isolated Storage

The Role of Isolated Storage

Locating Isolated Storage

Isolation Levels

The System.IO.IsolatedStorage Namespace

The IsolatedStorageFile Type

Gaining Access to a User’s Store

Writing Data Files to a store

Reading Data from Files

Administering Isolated Storage Using storeadm.exe

Programmatically Manipulating Isolated Storage

Enumerating Existing Storage

Deleting Existing Stores

Creating New Directories and Files

Finding Existing Files and Directories

Deleting Directories and Files

Securing an ASP.NET Web Site

Security Options for ASP.NET Web Applications

The Architecture of ASP.NET Security

Configuring IIS Authentication

Configuring SSL under IIS

The ASPNET User Account

Understanding the ASP.NET Pipeline

The Role of the machine.config File

The Role of the web.config File

Configuration Inheritance

ASP.NET Authentication Options

Understanding Windows Based Authentication

Configuring Windows Authentication

Understanding ASP.NET Forms Based Authentication

ASP.NET Authorization Syntax

A Complete Forms Authentication Walkthrough

Defining Known Users in a Element

Establishing Custom Forms Authentication

The FormsAuthentication Type

ASP.NET Cookieless Authentication

ASP.NET 2.0 Authentication Enhancements

The Role of the ASPNETDB.MDF Database

Configuring the provider via the web.config File

Working with the Membership Provider API

Adding New Members

The MembershipUser Type

The ASP.NET Security Controls

Working with the Login Control

The LoginStatus Control

The LoginName Control

The PasswordRecovery Control

The ChangePassword Control

The CreateUserWixard Control

Securing XML Web Services Using WSE 3.0

Reviewing the Atoms of XML Web Services

An Overview of Web Service Enhancement (WSE) 3.0

Obtaining and Installing WSE 3.0

Investigating the Microsoft.Web.Services3.dll Assembly

The WSE 3.0 Runtime

Interacting with WSE within an XML Web Service

Interacting with WSE on the Client

The Microsoft.Web.Service3.

SoapContext Type

Understanding the Role of WS-Security

Caller Authentication Using WSE 3.0

Authentication: Building the XML Web Service

Authentication: Building the Client