MSDN Magazine > Issues and Downloads > 2005 >  MSDN Magazine November 2005
November2005 November 2005
Are You in the Know?: Find Out What's New with Code Access Security in the .NET Framework 2.0
Unlike role-based security measures, code access security is not based on user identity. Instead, it is based on the identity of the code that is running, including information such as where the code came from. Here Mike Downen discusses the role of code access security (CAS) in .NET and outlines some key new features and changes in CAS for the .NET Framework 2.0. Mike Downen
Do You Trust It?: Discover Techniques for Safely Hosting Untrusted Add-Ins with the .NET Framework 2.0
When you allow your application to run arbitrary code through an add-in, you may expose users to unknown code, running the risk that malicious code will use your application as an entry point into the user's data. There are several techniques you can use to reduce the attack surface of your application, which Shawn Farkas discusses here. Shawn Farkas
Are You Protected?: Design and Deploy Secure Web Apps with ASP.NET 2.0 and IIS 6.0
Ensuring the security of a Web application is critical and requires careful planning throughout the design, development, deployment, and operation phases. It is not something that can be slapped onto an existing application. In this article, Mike Volodarsky outlines best practices that allow you to take advantage of the security features of ASP.NET 2.0 and IIS 6.0 to build and deploy more secure Web applications. Mike Volodarsky
Who Goes There?: Upgrade Your Site's Authentication with the New ASP.NET 2.0 Membership API
Here Dino Esposito and Andrea Saltarello cover the plumbing of the Membership API and its inherently extensible nature, based on pluggable providers. To demonstrate the features, they take an existing ASP.NET 1.x authentication mechanism and port it to ASP.NET 2.0, exposing the legacy authentication mechanism through the new Membership API. Dino Esposito and Andrea Saltarello
What Gives You the Right?: Combine the Powers of AzMan and WSE 3.0 to Protect Your Web Services
In this article, Niels Flensted-Jensen demonstrates how you can combine new and existing Microsoft technologies with minimal new code to provide flexible authorization for individual Web service methods. Windows 2003 Authorization Manager, Web Service Enhancements 3.0, and Enterprise Library all play a part. Niels Flensted-Jensen
How Do They Do It?: A Look Inside the Security Development Lifecycle at Microsoft
In this article, Microsoft security expert Michael Howard outlines how to apply the Security Development Lifecycle to your own software development processes. He explains how you can take some of the lessons learned at Microsoft when implementing SDL and use them in your own development process. Michael Howard
Code Download (355 KB)
.Chm Files

Columns
Editor's Note: Many Levels of Security
Every year at this time, we bring you our now-famous security issue. We recognize the vast importance of writing and deploying secure code—it affects so many areas of concern—which is why we devote an entire issue each year to the topic.
New Stuff: Resources for Your Developer Toolbox
Code refactoring is defined as the act of changing code without changing what it does. The actual work involved in refactoring—extracting methods from oversized modules, tidying up and unifying variable names, identifying unhandled exceptions, and all the other cleanup, simplification, and standardization chores—can be daunting, indeed, and risky too. Marnie Hutcheson
Web Q&A: ASP.NET Session State, Validation, DataGrids, and More
Edited by Nancy Michell
Data Points: DataSet and DataTable in ADO.NET 2.0
ADO. NET 2. 0 sports some exciting enhancements to the core classes found in ADO. NET 1. x and introduces a variety of new classes, all of which promise to improve performance, flexibility, and efficiency. John Papa
Basic Instincts: Programming I/O with Streams in Visual Basic .NET
If you are just now migrating from Visual Basic® 6. 0 to Visual Basic . NET, be prepared for a change, because the way you program file I/O is very different. The good news is that an idiosyncratic, proprietary approach has been replaced by an elegant and reusable one that has become an industry standard. Ted Pattison
Cutting Edge: A Quick Tour of Themes in ASP.NET 2.0
It's much easier to build a rich user interface into your Web application in ASP. NET 2. 0 than it was in previous versions. Master Pages let you build pages based on existing templates of markup and code. Dino Esposito
Service Station: An XML Guru's Guide to BizTalk Server 2004, Part I
Who would have believed that XML, such a seemingly trivial technology, could revolutionize an industry? It may have seemed like a long shot in the beginning, but the XML aficionados saw something special and pragmatic right away—a sort of duct tape for the world's information systems. Aaron Skonnard
Bugslayer: SUPERASSERT Goes .NET
Those of you who have been reading this old Bugslayer column over the last nine years have branded into your frontal lobe a single word: ASSERT! Anytime you can have the code tell you about a problem instead of having to find it by slaving away with a debugger is a huge timesaver. John Robbins
Security Briefs: Security Features in WSE 3.0
I've been spending a lot of time lately building secure Web services with the Microsoft® . NET Framework 2. 0, and Web Services Enhancements (WSE) 3. 0 has been a lifesaver for me, so I thought it would be appropriate to dedicate a column to security features in this new product. Keith Brown
C++ at Work: Disabling Print Screen, Calling Derived Destructors, and More
Paul DiLascia
{End Bracket}: Phoenix Rising
Phoenix is neither a compiler nor a JITer, but will eventually transform both. It is the codename for an internal Microsoft project that provides an extensible framework for the analysis, optimization, and modification of code during compilation. Guy Eddon
Page view tracker