MSDN Magazine > Home > Authors >  Keith Brown: MSDN Magazine Articles
Keith Brown rss
Keith Brown ist Mitgründer von Pluralsight, einem wichtigen Microsoft .NET-Schulungsanbieter. Er ist Autor des Pluralsight-Kurses „Applied .NET Security“ sowie mehrerer Bücher, unter anderem „The .NET Developer's Guide to Windows Security“, das als Druckversion und im Internet erhältlich ist. Weitere Informationen finden Sie unter www.pluralsight.com/keith.

  • Security Briefs: Anspruchsbasierte Identität
    Keith Brown stellt Ihnen das neue Identitätsmodell in Microsoft .NET Framework 3.0 vor.
    Keith Brown - September 2007
  • Security Briefs: Active Directory-Cacheabhängigkeiten
    Wenn Sie Active Directory noch nicht nutzen, sollten Sie das jetzt tun. Keith Brown erklärt Ihnen die Vorteile.
    Keith Brown - July 2007
  • Security Briefs: Ereignisse in Windows Vista
    Keith Brown - May 2007
  • Security Briefs: Verbesserte Verwaltbarkeit durch Ereignisprotokollierung
    Wenn bei einer verwaltbaren Anwendung ein Fehler auftritt, wird dem Administrator angezeigt, wie das Problem behoben werden kann. Das Windows-Ereignisprotokoll kann dazu die notwendigen Informationen bereitstellen.
    Keith Brown - April 2007
  • Security Briefs: Verwenden des Protokollübergangs – Tipps aus der unmittelbaren Praxis
    Windows Server 2003 ist inzwischen weit verbreitet, und Keith Brown kann nun die Fragen von Lesern beantworten, die mithilfe des Protokollübergangs sichere Gateways in ihren Intranets erstellen möchten.
    Keith Brown - January 2007
  • Single Sign-On: Eine Entwicklereinführung in Active Directory-Verbunddienste
    Keith Brown - November 2006
  • Security Briefs: Probleme eingeschränkter Benutzer und geteiltes Wissen
    Keith Brown - November 2006
  • Security Briefs: CardSpace, SqlMembershipProvider, and More
    This month Keith Brown fields some reader questions on InfoCard turned CardSpace and passwords for SqlMembershipProvider.
    Keith Brown - October 2006
  • Security Briefs: Security in Windows Communication Foundation
    Windows Communication Foundation provides three major protections— confidentiality, integrity, and authentication. This month Keith Brown explains what they can do for you.
    Keith Brown - August 2006
  • Security Briefs: Step-by-Step Guide to InfoCard
    In my April 2006 column I began a discussion of InfoCard, the upcoming identity metasystem, which is being prepared for release in the Windows Vista™ timeframe. If you haven’t read that column, you should definitely start there because I’m going to assume you’re familiar with the basics I covered.
    Keith Brown - May 2006
  • Security Briefs: A First Look at InfoCard
    The Web can be annoying at times. I'm certain that I'm not alone in my frustration with filling out the same old forms on every Web site I visit. Like most other techies, I've acquired many tools over the years to help combat this repetition, and I even wrote my own password manager for my hundreds of different identities on the Web.
    Keith Brown - April 2006
  • Security Briefs: Encrypting Without Secrets
    Do you have a Web site or other system that deals in secrets of any sort? It seems like every time I give a security talk, people ask how to deal with the sticky problem of storing secrets. Connection strings with passwords are an obvious problem.
    Keith Brown - January 2006
  • Security Briefs: Sicherheitsverbesserungen in .NET Framework 2.0
    Das .NET Framework 2.0 enthält zahlreiche Sicherheitsverbesserungen. In diesem Monat führt Sie Keith rasant durch die enthaltenen Funktionen.
    Keith Brown - Visual Studio 2005 Guided Tour 2006
  • Security Briefs: Security Features in WSE 3.0
    I've been spending a lot of time lately building secure Web services with the Microsoft® . NET Framework 2. 0, and Web Services Enhancements (WSE) 3. 0 has been a lifesaver for me, so I thought it would be appropriate to dedicate a column to security features in this new product.
    Keith Brown - November 2005
  • Security Briefs: Anmeldeinformationen und Delegierung
    Ich erhalte häufig Fragen zum Thema Sicherheit von Freunden und ehemaligen Schulungsteilnehmern und habe kürzlich einige Fragen zum Erstellen von sicheren, datengesteuerten Websites für interne Unternehmenssysteme bekommen.
    Keith Brown - September 2005
  • Security Briefs: Customizing GINA, Part 2
    GINA, the Graphical Identification and Authentication component, is a part of WinLogon that you can customize or replace. Last month I introduced GINA customization; this month, I'm going to drill down to implement each of the GINA entry points.
    Keith Brown - June 2005
  • Security Briefs: Customizing GINA, Part 1
    Over the years I've had many people ask me to write about GINA, the Graphical Identification and Authentication component that serves as the gateway for interactive logons. This month I'll begin my coverage of this topic to help you get started if you're tasked to build such a beast.
    Keith Brown - May 2005
  • Security Briefs: Access Control List Editing in .NET
    Access control lists (ACLs) can be complex beasts, and user interfaces for editing them are incredibly tricky to implement properly. That's why I was really excited when Windows® 2000 shipped with a programmable ACL editor, shown in Figure 1.
    Keith Brown - March 2005
  • Security Briefs: Security Enhancements in the .NET Framework 2.0
    As I write this column, version 2. 0 of the Microsoft® . NET Framework is at Beta 1. When I got my bits, I hacked together a little program to dump all of the public members of all public types in the entire Framework and ran it on version 1.
    Keith Brown - January 2005
  • Security Briefs: Password Minder Internals
    In my last column I introduced Password Minder, the tool I use to manage all of my passwords. It generates a long, random password for each site I visit, and makes it possible for me to use the most complex passwords possible, without ever having to see the actual password material or type it in manually.
    Keith Brown - October 2004
  • Security Briefs: Mind Those Passwords!
    Keith Brown - July 2004
  • Security: Security Headaches? Take ASP.NET 2.0!
    ASP.NET 2.0 provides significant advantages with respect to security, especially for folks developing Web sites that use Forms authentication. By providing a user profile repository with support for roles, Forms authentication will move beyond the purview of the ASP.NET internals guru, and should become much more broadly accessible. This article introduces security in ASP.NET 2.0 to give you a head start with upcoming features.
    Keith Brown - June 2004
  • Security Briefs: Beware of Fully Trusted Code
    The vast majority of managed applications run with full trust, but based on my experience teaching . NET security to developers with a broad range of experience, most really don't understand the implications of fully trusted code.
    Keith Brown - April 2004
  • Authorize It: Use Role-Based Security in Your Middle Tier .NET Apps with Authorization Manager
    Authorization Manager in Windows Server 2003 represents a significant improvement in the administration of role-based security, making it more scalable, flexible, and easier to implement. Using Authorization Manager, you can define roles and the tasks those roles can perform. You can nest roles to inherit characteristics from other roles, and you can define application groups. In addition, Authorization Manager lets you use scripts to modify permissions dynamically, and it allows you to wrap your security logic in a security policy that can be stored in Active Directory. Authorization Manager also includes an easy-to-use API for running access checks. The author discusses all of these topics and demonstrates them with a working sample.
    Keith Brown - November 2003
  • Security Briefs: Hashing Passwords, The AllowPartiallyTrustedCallers Attribute
    Keith Brown describes how yo can hash passwords when you want to store them in your own custom database, and when to use the AllowPartiallyTrustedCallers attribure on your assembly.
    Keith Brown - August 2003
  • Security Briefs: Exploring S4U Kerberos Extensions in Windows Server 2003
    Building Web sites that provide services external to the corporate firewall is tricky. Usually it's not desirable to grant corporate domain accounts to external clients, and from a purely practical standpoint Kerberos does not work well over the Internet due to the typical configuration of client-side firewalls.
    Keith Brown - April 2003
  • Sicherheitstipps: Die zehn besten Sicherheitstipps für Entwickler zum Schützen Ihres Codes
    Wenn es um die Sicherheit geht, gibt es viele Möglichkeiten, in Schwierigkeiten zu geraten. Sie können sämtlichem Code vertrauen, der in Ihrem Netzwerk ausgeführt wird, jedem Benutzer Zugriff auf Ihre wichtige Dateien erteilen und sich einfach nicht darum kümmern, ob Code auf Ihrem Computer geändert wurde. Sie können auf Virenschutzsoftware verzichten, Ihren eigenen Code ungeschützt lassen und für zu viele Konten zu viele Berechtigungen erteilen. Sie können sogar eine Reihe integrierter Funktionen so unvorsichtig verwenden, dass Angriffe ermöglicht werden, und Sie können Ihre Serverports offen und unüberwacht lassen. Natürlich könnte diese Liste endlos fortgesetzt werden. Aber welches sind die wirklich wichtigen Probleme, die größten Fehler, auf die Sie jetzt gleich achten sollten, damit niemand Ihre Daten oder Ihr System beeinträchtigen kann? Die Sicherheitsexperten Michael Howard und Keith Brown geben Ihnen 10 Tipps, wie Sie die ärgsten Schwierigkeiten vermeiden können.
    Michael Howard and Keith Brown - September 2002
  • HTTP Pipelines: Securely Implement Request Processing, Filtering, and Content Redirection with HTTP Pipelines in ASP.NET
    ASP.NET is a flexible and extensible framework for server-side HTTP programming. While most people think of ASP.NET in terms of pages served, there is a lower-level infrastructure sitting beneath this page model. The underlying plumbing is based on a pipeline of app, module, and handler objects. Understanding how this pipeline works is key if you want to get the most out of ASP.NET as an HTTP server platform, while making your process more efficient, and keeping your server secure. This article introduces the architecture of the pipeline and shows how you can use it to add sophisticated functionality to an ASP.NET-based app.
    Tim Ewald and Keith Brown - September 2002
  • Security Briefs: Managed Security Context in ASP.NET
    Keith Brown - January 2002
  • Security Briefs: ASP.NET Security Issues
    Keith Brown - November 2001
  • Security Briefs: The Security Support Provider Interface Revisited
    Keith Brown - April 2001
  • Security in .NET: Enforce Code Access Rights with the Common Language Runtime
    Component-based software is vulnerable to attack. Large numbers of DLLs that are not tightly controlled are at the heart of the problem. Code access security in the Common Language Runtime of the Microsoft .NET Framework addresses this common security hole. In this model, the CLR acts as the traffic cop to assemblies, keeping track of where they came from and what security restraints should be placed on them. Another way the .NET Framework addresses security is by providing preexisting classes which have built-in security. These are the classes that are invoked in .NET when performing risky operations such as reading and writing files, displaying dialog boxes, and so on. Of course, if a component calls unmanaged code, it can bypass code access security measures. This article covers these and other security issues.
    Keith Brown - February 2001
  • Security Briefs: Explore the Security Support Provider Interface Using the SSPI Workbench Utility
    Keith Brown - August 2000
  • Web Security: Part 2: Introducing the Web Application Manager, Client Authentication Options, and Process Isolation
    This article, the second of two parts, continues coverage of Web security for Windows. It introduces the Web Application Manager in IIS that allows Web processes to be isolated, decreasing the security risk associated with running in a logon session. The article then picks up where Part One left off-it discusses authentication methods such as basic authentication, digest authentication, integrated Windows authentication, and anonymous logons, and the benefits and drawbacks of each.
    Keith Brown - July 2000
  • Web Security: Putting a Secure Front End on Your COM+ Distributed Applications
    The Internet requires that developers provide a different security model for clients than is used on a closed network. Because it would be too resource-intensive for both the client and server to prove their identity to each other, you need to look at other ways to ensure secure communications. This article covers the options, from digital certificates to public and private key encryption to Secure Sockets Layer and Web certificates. The discussion covers the installation of certificates in Microsoft Internet Information Services along with other options specific to IIS. This article was adapted from Keith Brown's Programming Windows Security (Addison-Wesley), due out in July 2000.
    Keith Brown - June 2000
  • Security Briefs: Understanding Kerberos Credential Delegation in Windows 2000 Using the TktView Utillity
    Keith Brown - May 2000
  • Security Briefs: Exploring Handle Security in Windows
    Keith Brown - March 2000
Page view tracker