|
|
This book is not an introduction to security, nor is it a security reference for the Microsoft .NET Framework — for that you have the .NET Framework Software Development Kit (SDK) available from MSDN. This book picks up where the documentation leaves off and presents a scenario-based approach to sharing recommendations and proven techniques. We wanted the book to be as real world as possible and as a result it is packed full of insight, recommendations and best practices obtained from field experience, customer experience, and insight from the product teams at Microsoft.
There are many technologies used to build .NET Web applications. To build effective application-level authentication and authorization strategies, you need to understand how to fine-tune the various security features within each product and technology area, and how to make them work together to provide an effective, defense-in-depth security strategy. The focus of the book is on security and identity management across the tiers of distributed ASP.NET applications.
Specifically we have chosen to focus on authentication, authorization, and secure communication. Security is a broad topic but research has shown that early design of authentication and authorization eliminates a high percentage of application vulnerabilities. Secure communication is an integral part of securing your distributed application to protect sensitive data, including credentials, passed to and from your application, and between application tiers.
|
|