50031 - Complete .NET 2.0 Security

This three-day instructor-led (Level 300) course provides a foundation of the various security APIs contained within the Microsoft .NET 2.0 base class libraries. The course begins by examining how strong naming, obfuscation, and digital certificates can prevent others from tampering with and modifying the content within a .NET assembly.

The course then addresses the role of one-way encryption using hash algorithms as well as symmetrical and asymmetrical cryptographic services. This class will also examine the use of Role Based Security and Code Access Security to assign identities and permissions to users and executing assemblies. The course wraps up by examining numerous topics regarding securing ASP.NET web applications and XML web services.

After completing this course, students will be able to:

• Understand the Windows File Protection (WFP) object model and the use of XAML.
• Use WPF developments tools.
• Control content model and layout managers.
• Use data binding, styles, and graphics.
• Use Navigation Applications and XBAPsBuild WPF applications using XAML, code files, and Microsoft Visual Studio.

Module 1: The Assembly as a Security Boundary
This module covers ways to secure assemblies including use of strong names in passwords, publisher certificate validation, and understanding ways to overcome security.

Lessons
• Review the composition of .NET assemblies
• Understand the role of Application Domains
• Define 'roundtrip engineering'
• Learn to protect assemblies from tampering using strong names
• Understand the role of obfuscation
• Understand the role of publisher certificates
• Understand the role of FxCop.exe

Module 2: Understanding the Role of Hash Algorithms
In this module, students will learn how to use hash algorithms and hash codes to create a secure environment.

Lessons
• Define the role of cryptographic services
• Understand the role of hash algorithms and hash codes
• Generate hashed data using the .NET framework
• Validate hash codes programmatically

Module 3: Understanding .NET Cryptographic Services
This module covers the use of hash codes and encrypting both symmetrically and asymmetrically.

Lessons
• Define the role of cryptographic services
• Understand the role of hash algorithms and hash codes
• Generate hashed data using the .NET framework
• Validate hash codes programmatically
• Understand the role of encryption and decryption
• Learn to encrypt data symmetrically
• Learn to encrypt data asymmetrically

Module 4: Understanding Role Based Security (RBS)
This module explains how to use roles to identify valid users and how to define access and restrictions using roles.

Lessons
• Understand the use of role based security
• Create and administer roles
• Distinguish between principals, identity and roles
• Programmatically determine role membership
• Restrict actions based on roles

Module 5: An Introduction to Code Access Security
In this module, students learn how to use Code Access Security (CAS).

Lessons
• Understand the motivation behind Code Access Security (CAS)
• Understand the building blocks of CAS
• Use CAS to secure ClickOnce Applications
• Programmatically interact with CAS

Module 6: Understanding Isolated Storage
This module covers the administration and manipulation of isolated storage.

Lessons
• Understand the role of Isolated Storage
• Understand the levels of isolated storage
• Investigate the System.IO.IsolatedStorage namespace
• Administer isolated storage using storeadm.exe
• Programmatically manipulate isolated storage

Module 7: Securing an ASP.NET Web Site
This module examines ASP.NET security architecture and compares Windows-based and Forms-based authentication. Students will learn how to configure ASP.NET and how to work with security controls.

Lessons
• Examine the Architecture of ASP.NET Security
• Contrast Windows based and Forms based authentication
• Configure ASP.NET authentication and authorization using a web.config file
• Work with the ASP.NET security controls

Module 8: Securing XML Web Services using WSE 3.0
In this module, students learn how to use XML Web Services to authenticate users.

Lessons
• Briefly review the construction of .NET XML Web Services
• Understand the role of Web Services Extensions (WSE) 3.0
• Walkthrough the process of obtaining and installing WSE 3.0
• Understand the scope of Microsoft.Web.Services3.dll
• Examine how to authenticate users using WS-Security

The target audience for this course includes the following:

• Developers with solid experience writing applications using .NET 2.0

Before attending this course, students must have:

• Experience with Visual Studio IDE
• Firm grounding in OOP
• Firm grounding in .NET 2.0 development
• Solid understanding of C# or Microsoft Visual Basic