Skip to main content

Windows Security

Windows security underlies all of the security considerations in applications that run on Windows, and Microsoft Active Directory provides authentication for network resources. Security is enforced on Windows systems through a number different mechanisms. In this section, find information that will show you how to program Windows security features.

Essential

Security Changes in Windows XP Service Pack 2
With Windows XP Service Pack 2 (SP2), Microsoft is introducing a set of security technologies that will help improve Windows XP-based computers' ability to withstand malicious attacks from viruses and worms.
Windows Server 2003: Discover Improved System Info, New Kernel, Debugging, Security, and UI APIs
Examine the additions to Windows Server 2003 from the point of view of operating system internals expert Matt Pietrek. Get his advice on where to focus your attention when you begin using the product.
Windows Data Protection
Learn how to use Data Protection application programming interface (DPAPI) and how DPAPI operates in Windows XP.
Introducing CAPICOM
Read about CAPICOM, a new security technology from Microsoft that allows Microsoft Visual Basic, Visual Basic Script, ASP, and C++ programmers to easily incorporate digital signing and encryption into their applications.

Articles

Applying Cryptography Using The CNG API In Windows Vista

Windows Vista introduces a new cryptography API to replace the old CryptoAPI, which has its roots in the early versions of Windows NT and Windows 95. Cryptography Next Generation (CNG) is meant to be a long-term replacement for the CryptoAPI, providing substitutes for all of the cryptographic primitives it offered. CNG supports all of the algorithms provided by the CryptoAPI, but goes much further and includes many new algorithms and a much more flexible design, providing developers with greater control over how cryptographic operations are performed and how algorithms work together to perform various operations.

Windows Vista ISV Security

Windows Vista incorporates numerous defensive strategies to protect customers from exploits. Some of these defenses are in the core operating system, and others are offered by the Microsoft Visual C++ compiler. This article briefly explores each of these defenses and offers deployment and test guidance.

Inspect Your Gadget

Today, the Windows Vista Sidebar hosts Gadgets built from HTML, JavaScript, and potentially ActiveX controls, and because Gadgets are HTML, they are subject to Cross-site Scripting style bugs. These bugs are extremely serious because script in the Sidebar is capable of running arbitrary code in the context of the locally logged-on user. This arcticle outlines some of the secure programming best practices that should be considered when building Windows Vista Sidebar Gadgets.

Teach Your Apps To Play Nicely With Windows Vista User Account Control

Learn how to modify your applications to ensure they work seamlessly with the new User Account Control feature of Windows Vista.

Security Briefs: Using Protocol Transition—Tips from the Trenches

Now that Windows Server 2003 is widely deployed, Keith Brown addresses questions from readers who are trying to use protocol transition to build secure gateways into their intranets.

Secure Your ASP.NET Apps And WCF Services With Windows CardSpace

Windows CardSpace replaces traditional username/password authentication with a tool that helps users better manage their digital identities and helps shield users from various forms of identity attack such as phishing. Michèle Leroux Bustamante explains.

Desktop Security: Create Custom Login Experiences With Credential Providers For Windows Vista

Credential providers in Windows Vista allow you to customize the logon experience and integrate the authentication methods that best meet your organization's needs. With this article, learn how to write your own.

Creating Certificate Requests Using Certificate Enrollment and CryptoAPI
Use the Certificate Enrollment control and CryptoAPI to create certificate requests, and then use them to enroll with a Microsoft Certificate Server in Windows 2000, Windows Server 2003, or even a third-party certificate authority.
A Great Step Forward in Application Security: Documenting Security Implications of C Runtime and Windows APIs
Explore the mistakes that are commonly made using function calls with C and C++ and the security ramifications. Learn how to use these calls properly.
The Windows Server 2003 Application Environment
Read how Windows Server 2003 builds on the core strengths of the Windows family of operating systems in the areas of security, manageability, reliability, availability, and scalability.
Introduction to Developing Applications for the 64-bit Version of Windows
Learn how to build applications for the 64-bit version of Windows Server 2003.
Securing the Windows Server 2003 Application Platform
Discover the security concepts, practices, and technologies found in the .NET Framework and in Windows Server 2003, that, when combined, can help provide outstanding enterprise-wide security configurations.
The Windows Server 2003 Family Encrypting File System
Learn how to use the Encrypting File System (EFS), a transparent file encryption service provided by Windows Server 2003.
The Smart Card Cryptographic Service Provider Cookbook
Consult a collection of information for Cryptographic Service Provider (CSP) developers, on topics such as smart cards, cryptography, and CSPs, the calls that are made to the CSPs in typical scenarios, important design considerations, and smart card-specific error codes.
Designing Secure ActiveX Controls
Each Microsoft ActiveX control should be conceived and designed with security in mind. Learn how to judge control security and how to prevent repurposing.
How Long Until My Password Expires?
While work on Windows Management Instrumentation (WMI) Scripting Primer: Part 3 continues, follow the Scripting Guys as they turn their attention to an important task that can be accomplished with an Active Directory Services Interface (ADSI) script: determining password expiration in an Active Directory network.
Secure an ASP.NET Application by Using Windows Security
Use ASP.NET together with Microsoft Internet Information Services (IIS) to authenticate Web users based on their Microsoft Windows 2000 user account credentials.
Use MSMQ 3.0 to Perform Secure Internet Messaging over HTTPS in IIS
Get step-by-step instructions on how to use Microsoft Message Queue Server (MSMQ) 3.0 to use HTTPS to encrypt messages that must be secure and to send these messages to Information Services (IIS) servers.
Security Features in Windows CE .NET
Learn about the various security mechanisms and features that device manufacturers and developers can use to build secure Windows CE .NET-based applications and devices.

Kerberos

Part I - Network Infrastructure
Read the first of a series of articles on the infrastructure and code required to implement Kerberos-based authentication using HTTP in a cross-platform environment.
Part II - SPNEGO Tokens and the Negotiate Protocol
In the second article in a series on the infrastructure and code required to implement Kerberos-based authentication using HTTP in a cross-platform environment, learn about the negotiate protocol and binary layouts of information sent over the wire.
Part III - SPNEGO Token Handler API
Get the C source code for an application programming interface (API) that will parse and create SPNEGO Tokens, in this third article in a series on the infrastructure and code required to implement Kerberos-based authentication using HTTP in a cross-platform environment.
Understanding Kerberos Credential Delegation in Windows 2000 Using the TktView Utility
Read Keith Brown's Security Brief on how Windows implements the delegation of credentials using Kerberos.