Willkommen Anmelden
MSDN Magazin
Per Mausklick bewerten und Feedback geben
Autoren
 Keith Brown: MSDN Magazine Articles
Popular Articles

Writing a Web application with ASP.NET is unbelievably easy. So many developers don't take the time to structure their applications for great performance. In this article, the author presents 10 tips for writing high-performance Web apps. The discussion is not limited to ASP.NET applications because they are just one subset of Web applications.

Rob Howard

MSDN Magazine January 2005

...

Read more!

Wir zeigen Ihnen die Vorteile der Erstellung zusammengesetzter Anwendungen mithilfe der Composite Application Guidance for WPF von Microsoft patterns & practices.

Glenn Block

MSDN Magazine September 2008

...

Read more!

Chris Tavares erläutert, wie das Model View Controller-Muster von ASP.NET MVC Framework das Erstellen flexibler, leicht zu testender Webanwendungen unterstützt.

Chris Tavares

MSDN Magazine March 2008

...

Read more!

ADO.NET Data Services bietet über das Web zugängliche Endpunkte, mit denen Sie Daten filtern, sortieren, formen und auslagern können, ohne diese Funktionalität selbst erstellen zu müssen.

Shawn Wildermuth

MSDN Magazine September 2008

...

Read more!

When incorporating the ASP.NET DataGrid control into your Web apps, common operations such as paging, sorting, editing, and deleting data require more effort than you might like to expend. But all that is about to change. The GridView control--the successor to the DataGrid-- extends the DataGrid's functionality it in a number of ways. First, it fully supports data source components and can automatically handle data operations, such as paging, sorting, and editing, as long as its bound data source object supports these capabilities. In addition, ...

Read more!

Our Blog

So many factors can affect the performance of a Web page—the distance between server and client, the size of the elements on the page, how the browser loads these elements, available bandwidth. Finding those bottlenecks and identifying the culprits is no easy task.

In the November 2008 issue of MSDN Magazine, Jim Pierson introduces ...

Read more!

One stumbling block that developers encounter with asynchronous programming is that they become so concerned with getting concurrency right that they forget the core simplicity of the program.

F# lets you separate simple programs from the concurrent control flow and reveal the simplicity and readability of your core program.

In the October 2008 issue of MSDN Magazine, Chance Coble demonstrates ...

Read more!

The concept of Agile security does not have to be a contradiction in terms. The Microsoft SDL team has defined a set of process improvements that increase security focus while respecting the need to release new code on an ultra-short timeline.

In the November 2008 issue of MSDN Magazine, Bryan Sullivan explains how Microsoft has adapted ...

Read more!

It’s helpful to think about secure design from a more holistic perspective by using threat models to drive your security engineering process.

In the November 2008 issue of MSDN Magazine, Michael Howard proposes using the threat model to help drive other SDL security requirements, primarily code review priority, fuzz testing priority, ...

Read more!

Once you start adopting service-oriented principles for your distributed applications, you are crossing a security boundary for every service call you make. Windows Communication Foundation (WCF) provides powerful facilities for implementing authorization in your services.

In the October 2008 issue of MSDN Magazine, Dominick Baier and Christian Weyer explain how to use ...

Read more!
Keith Brown rss
Keith Brown ist Mitgründer von Pluralsight, einem wichtigen Microsoft .NET-Schulungsanbieter. Er ist Autor des Pluralsight-Kurses „Applied .NET Security“ sowie mehrerer Bücher, unter anderem „The .NET Developer's Guide to Windows Security“, das als Druckversion und im Internet erhältlich ist. Weitere Informationen finden Sie unter www.pluralsight.com/keith.

  • Security Briefs: Anspruchsbasierte Identität
    Keith Brown stellt Ihnen das neue Identitätsmodell in Microsoft .NET Framework 3.0 vor.
    Keith Brown - September 2007
  • Security Briefs: Active Directory-Cacheabhängigkeiten
    Wenn Sie Active Directory noch nicht nutzen, sollten Sie das jetzt tun. Keith Brown erklärt Ihnen die Vorteile.
    Keith Brown - July 2007
  • Security Briefs: Ereignisse in Windows Vista
    Keith Brown - May 2007
  • Security Briefs: Verbesserte Verwaltbarkeit durch Ereignisprotokollierung
    Wenn bei einer verwaltbaren Anwendung ein Fehler auftritt, wird dem Administrator angezeigt, wie das Problem behoben werden kann. Das Windows-Ereignisprotokoll kann dazu die notwendigen Informationen bereitstellen.
    Keith Brown - April 2007
  • Security Briefs: Verwenden des Protokollübergangs – Tipps aus der unmittelbaren Praxis
    Windows Server 2003 ist inzwischen weit verbreitet, und Keith Brown kann nun die Fragen von Lesern beantworten, die mithilfe des Protokollübergangs sichere Gateways in ihren Intranets erstellen möchten.
    Keith Brown - January 2007
  • Single Sign-On: Eine Entwicklereinführung in Active Directory-Verbunddienste
    Keith Brown - November 2006
  • Security Briefs: Probleme eingeschränkter Benutzer und geteiltes Wissen
    Keith Brown - November 2006
  • Security Briefs: CardSpace, SqlMembershipProvider, and More
    This month Keith Brown fields some reader questions on InfoCard turned CardSpace and passwords for SqlMembershipProvider.
    Keith Brown - October 2006
  • Security Briefs: Security in Windows Communication Foundation
    Windows Communication Foundation provides three major protections— confidentiality, integrity, and authentication. This month Keith Brown explains what they can do for you.
    Keith Brown - August 2006
  • Security Briefs: Step-by-Step Guide to InfoCard
    In my April 2006 column I began a discussion of InfoCard, the upcoming identity metasystem, which is being prepared for release in the Windows Vista™ timeframe. If you haven’t read that column, you should definitely start there because I’m going to assume you’re familiar with the basics I covered.
    Keith Brown - May 2006
  • Security Briefs: A First Look at InfoCard
    The Web can be annoying at times. I'm certain that I'm not alone in my frustration with filling out the same old forms on every Web site I visit. Like most other techies, I've acquired many tools over the years to help combat this repetition, and I even wrote my own password manager for my hundreds of different identities on the Web.
    Keith Brown - April 2006
  • Security Briefs: Encrypting Without Secrets
    Do you have a Web site or other system that deals in secrets of any sort? It seems like every time I give a security talk, people ask how to deal with the sticky problem of storing secrets. Connection strings with passwords are an obvious problem.
    Keith Brown - January 2006
  • Security Briefs: Sicherheitsverbesserungen in .NET Framework 2.0
    Das .NET Framework 2.0 enthält zahlreiche Sicherheitsverbesserungen. In diesem Monat führt Sie Keith rasant durch die enthaltenen Funktionen.
    Keith Brown - Visual Studio 2005 Guided Tour 2006
  • Security Briefs: Security Features in WSE 3.0
    I've been spending a lot of time lately building secure Web services with the Microsoft® . NET Framework 2. 0, and Web Services Enhancements (WSE) 3. 0 has been a lifesaver for me, so I thought it would be appropriate to dedicate a column to security features in this new product.
    Keith Brown - November 2005
  • Security Briefs: Anmeldeinformationen und Delegierung
    Ich erhalte häufig Fragen zum Thema Sicherheit von Freunden und ehemaligen Schulungsteilnehmern und habe kürzlich einige Fragen zum Erstellen von sicheren, datengesteuerten Websites für interne Unternehmenssysteme bekommen.
    Keith Brown - September 2005
  • Security Briefs: Customizing GINA, Part 2
    GINA, the Graphical Identification and Authentication component, is a part of WinLogon that you can customize or replace. Last month I introduced GINA customization; this month, I'm going to drill down to implement each of the GINA entry points.
    Keith Brown - June 2005
  • Security Briefs: Customizing GINA, Part 1
    Over the years I've had many people ask me to write about GINA, the Graphical Identification and Authentication component that serves as the gateway for interactive logons. This month I'll begin my coverage of this topic to help you get started if you're tasked to build such a beast.
    Keith Brown - May 2005
  • Security Briefs: Access Control List Editing in .NET
    Access control lists (ACLs) can be complex beasts, and user interfaces for editing them are incredibly tricky to implement properly. That's why I was really excited when Windows® 2000 shipped with a programmable ACL editor, shown in Figure 1.
    Keith Brown - March 2005
  • Security Briefs: Security Enhancements in the .NET Framework 2.0
    As I write this column, version 2. 0 of the Microsoft® . NET Framework is at Beta 1. When I got my bits, I hacked together a little program to dump all of the public members of all public types in the entire Framework and ran it on version 1.
    Keith Brown - January 2005
  • Security Briefs: Password Minder Internals
    In my last column I introduced Password Minder, the tool I use to manage all of my passwords. It generates a long, random password for each site I visit, and makes it possible for me to use the most complex passwords possible, without ever having to see the actual password material or type it in manually.
    Keith Brown - October 2004
  • Security Briefs: Mind Those Passwords!
    Keith Brown - July 2004
  • Security: Security Headaches? Take ASP.NET 2.0!
    ASP.NET 2.0 provides significant advantages with respect to security, especially for folks developing Web sites that use Forms authentication. By providing a user profile repository with support for roles, Forms authentication will move beyond the purview of the ASP.NET internals guru, and should become much more broadly accessible. This article introduces security in ASP.NET 2.0 to give you a head start with upcoming features.
    Keith Brown - June 2004
  • Security Briefs: Beware of Fully Trusted Code
    The vast majority of managed applications run with full trust, but based on my experience teaching . NET security to developers with a broad range of experience, most really don't understand the implications of fully trusted code.
    Keith Brown - April 2004
  • Authorize It: Use Role-Based Security in Your Middle Tier .NET Apps with Authorization Manager
    Authorization Manager in Windows Server 2003 represents a significant improvement in the administration of role-based security, making it more scalable, flexible, and easier to implement. Using Authorization Manager, you can define roles and the tasks those roles can perform. You can nest roles to inherit characteristics from other roles, and you can define application groups. In addition, Authorization Manager lets you use scripts to modify permissions dynamically, and it allows you to wrap your security logic in a security policy that can be stored in Active Directory. Authorization Manager also includes an easy-to-use API for running access checks. The author discusses all of these topics and demonstrates them with a working sample.
    Keith Brown - November 2003
  • Security Briefs: Hashing Passwords, The AllowPartiallyTrustedCallers Attribute
    Keith Brown describes how yo can hash passwords when you want to store them in your own custom database, and when to use the AllowPartiallyTrustedCallers attribure on your assembly.
    Keith Brown - August 2003
  • Security Briefs: Exploring S4U Kerberos Extensions in Windows Server 2003
    Building Web sites that provide services external to the corporate firewall is tricky. Usually it's not desirable to grant corporate domain accounts to external clients, and from a purely practical standpoint Kerberos does not work well over the Internet due to the typical configuration of client-side firewalls.
    Keith Brown - April 2003
  • Sicherheitstipps: Die zehn besten Sicherheitstipps für Entwickler zum Schützen Ihres Codes
    Wenn es um die Sicherheit geht, gibt es viele Möglichkeiten, in Schwierigkeiten zu geraten. Sie können sämtlichem Code vertrauen, der in Ihrem Netzwerk ausgeführt wird, jedem Benutzer Zugriff auf Ihre wichtige Dateien erteilen und sich einfach nicht darum kümmern, ob Code auf Ihrem Computer geändert wurde. Sie können auf Virenschutzsoftware verzichten, Ihren eigenen Code ungeschützt lassen und für zu viele Konten zu viele Berechtigungen erteilen. Sie können sogar eine Reihe integrierter Funktionen so unvorsichtig verwenden, dass Angriffe ermöglicht werden, und Sie können Ihre Serverports offen und unüberwacht lassen. Natürlich könnte diese Liste endlos fortgesetzt werden. Aber welches sind die wirklich wichtigen Probleme, die größten Fehler, auf die Sie jetzt gleich achten sollten, damit niemand Ihre Daten oder Ihr System beeinträchtigen kann? Die Sicherheitsexperten Michael Howard und Keith Brown geben Ihnen 10 Tipps, wie Sie die ärgsten Schwierigkeiten vermeiden können.
    Michael Howard and Keith Brown - September 2002
  • HTTP Pipelines: Securely Implement Request Processing, Filtering, and Content Redirection with HTTP Pipelines in ASP.NET
    ASP.NET is a flexible and extensible framework for server-side HTTP programming. While most people think of ASP.NET in terms of pages served, there is a lower-level infrastructure sitting beneath this page model. The underlying plumbing is based on a pipeline of app, module, and handler objects. Understanding how this pipeline works is key if you want to get the most out of ASP.NET as an HTTP server platform, while making your process more efficient, and keeping your server secure. This article introduces the architecture of the pipeline and shows how you can use it to add sophisticated functionality to an ASP.NET-based app.
    Tim Ewald and Keith Brown - September 2002
  • Security Briefs: Managed Security Context in ASP.NET
    Keith Brown - January 2002
  • Security Briefs: ASP.NET Security Issues
    Keith Brown - November 2001
  • Security Briefs: The Security Support Provider Interface Revisited
    Keith Brown - April 2001
  • Security in .NET: Enforce Code Access Rights with the Common Language Runtime