Home    |    Instructor-led Training    |    Online Training     
         
 
Courses
ADA
Adobe
Agile
AJAX
Android
Apache
AutoCAD
Big Data
BlockChain
Business Analysis
Business Intelligence
Business Objects
Business Skills
C/C++/Go programming
Cisco
Citrix
Cloud Computing
COBOL
Cognos
ColdFusion
COM/COM+
CompTIA
CORBA
CRM
Crystal Reports
Data Science
Datawarehousing
DB2
Desktop Application Software
DevOps
DNS
Embedded Systems
Google Web Toolkit (GWT)
IPhone
ITIL
Java
JBoss
LDAP
Leadership Development
Lotus
Machine learning/AI
Macintosh
Mainframe programming
Mobile
MultiMedia and design
.NET
NetApp
Networking
New Manager Development
Object oriented analysis and design
OpenVMS
Oracle
Oracle VM
Perl
PHP
PostgreSQL
PowerBuilder
Professional Soft Skills Workshops
Project Management
Rational
Ruby
Sales Performance
SAP
SAS
Security
SharePoint
SOA
Software quality and tools
SQL Server
Sybase
Symantec
Telecommunications
Teradata
Tivoli
Tomcat
Unix/Linux/Solaris/AIX/
HP-UX
Unisys Mainframe
Visual Basic
Visual Foxpro
VMware
Web Development
WebLogic
WebSphere
Websphere MQ (MQSeries)
Windows programming
XML
XML Web Services
Other
COMPLETE .NET SECURITY
.NET Training Overview

This three-day course provides a foundation of the various security APIs contained within the .NET 2.0 base class libraries. The course begins by examining how strong naming, obfuscation and digital certificates can prevent others from tampering with and modifying the content within a .NET assembly. The course then addresses the role of one-way encryption using hash algorithms as well as symmetrical and asymmetrical cryptographic services. This class will also examine the use of Role Based Security and Code Access Security to assign identities and permissions to users and executing assemblies. The course wraps up by examining numerous topics regarding securing ASP .NET web applications and XML web services.

.NET Training Audience:

Programmers interested in learning about .NET security features and options.

.NET Training Prerequisites

Programming experience in .NET is required.

.NET Training Course duration

3 days

.NET Training Course outline

Assemblies as a Security Boundary

  • Reviewing the .NET Assembly Format
  • Single File versus Multi-File Assemblies
  • Understanding .NET Application Domains
  • Assembly Security Threats and Various Countermeasures
  • Understanding ‘Roundtrip Engineering’
  • Disassembling an Assembly using Idlasm.exe
  • Compiling CIL Code using Ilasm.exe
  • Securing an Assembly using Strong Naming
  • Strong names as a .NET Identity
  • The Role of Publisher Certificates
  • The Role of Obfuscation
  • The Role of the FxCop.exe utility
Understanding the Role of Hash Algorithms
  • Understanding the Role of Cryptography
  • Getting to Know Bob, Alice and Eve
  • Defining Hashing Algorithms and hash Codes
  • A High Level Examination of Hash Code Theory
  • The .NET Hash Code Algorithms
  • The HashAlgorithm Base Class Functionality
  • HashAlgorithm Derived Types
  • Creating a Hash Algorithm Type
  • Hashing Data Programmatically
  • Generating Hash Codes from Streamed Data
  • Validating Hash Codes Programmatically
  • Understanding Keyed Hashing Algorithms
Understanding .NET Cryptographic Services
  • The Role of Encryption
  • Plaintext, Ciphertext and Cipher Functions
  • Modes of Cipher Operation
  • Understanding the Electronic Codebook (ECB) Mode
  • Understanding the Cipher Block Chaining (CBC) Mode
  • Understanding the Cipher Feedback (CFB) Mode
  • Block Padding
  • The .NET Symmetrical Encryption Algorithms
  • The SymmetricalAlgorithm Base Class Functionality
  • SymmetricalAlgorithm Derived Types
  • Creating an Algorithm Type
  • The ICryptoTransformer and CryptoStream Types
  • Symmetrically Encrypting Data to Memory
  • Decrypting Data Symmetrically
  • Symmetrically Encrypting Data to file
  • Understanding Asymmetric Encryption
  • An Overview of .NET’s Asymmetrical Encryption Services
  • Asymmetrically Encrypting and Decrypting Data
  • Importing and Exporting Parameters
  • Expressing key Data via XML
Understanding Role Based Security (RBS)
  • Defining Role Based Security
  • Establishing Users, Groups and Roles
  • Understanding the Role of Principals
  • The System.Security.Principal.WindowsPrincipal Type
  • The System.Security.Principal.WindowsIdentity Type
  • Obtaining the Current Principal
  • Programming Choices with RBS
  • The PrincipalPermission Type
  • Declarative RBS
An Introduction to Code Access Security
  • The Role of Code Access Security
  • The Building Blocks of CAS
  • Administration of CAS
  • Investigating the Core Default Code Groups
  • Investigating the Core Named Permission Sets
  • Common Applications of CAS
  • The Role of Evidence
  • The System.Security.Policy.Evidence Type
  • Programmatically Evaluating Evidence
  • Working with Evidence Programmatically
  • Understanding CAS Permission Objects
  • Requesting permission Preferences
  • Viewing Advertised Permissions
  • Working with Permission Sets
  • Programmatic Code Access Security (CAS)
Understanding Isolated Storage
  • The Role of Isolated Storage
  • Locating Isolated Storage
  • Isolation Levels
  • The System.IO.IsolatedStorage Namespace
  • The IsolatedStorageFile Type
  • Gaining Access to a User’s Store
  • Writing Data Files to a store
  • Reading Data from Files
  • Administering Isolated Storage Using storeadm.exe
  • Programmatically Manipulating Isolated Storage
  • Enumerating Existing Storage
  • Deleting Existing Stores
  • Creating New Directories and Files
  • Finding Existing Files and Directories
  • Deleting Directories and Files
Securing an ASP.NET Web Site
  • Security Options for ASP.NET Web Applications
  • The Architecture of ASP.NET Security
  • Configuring IIS Authentication
  • Configuring SSL under IIS
  • The ASPNET User Account
  • Understanding the ASP.NET Pipeline
  • The Role of the machine.config File
  • The Role of the web.config File
  • Configuration Inheritance
  • ASP.NET Authentication Options
  • Understanding Windows Based Authentication
  • Configuring Windows Authentication
  • Understanding ASP.NET Forms Based Authentication
  • ASP.NET Authorization Syntax
  • A Complete Forms Authentication Walkthrough
  • Defining Known Users in a <credential> Element
  • Establishing Custom Forms Authentication
  • The FormsAuthentication Type
  • ASP.NET Cookieless Authentication
  • ASP.NET 2.0 Authentication Enhancements
  • The Role of the ASPNETDB.MDF Database
  • Configuring the provider via the web.config File
  • Working with the Membership Provider API
  • Adding New Members
  • The MembershipUser Type
  • The ASP.NET Security Controls
  • Working with the Login Control
  • The LoginStatus Control
  • The LoginName Control
  • The PasswordRecovery Control
  • The ChangePassword Control
  • The CreateUserWixard Control
Securing XML Web Services Using WSE 3.0
  • Reviewing the Atoms of XML Web Services
  • An Overview of Web Service Enhancement (WSE) 3.0
  • Obtaining and Installing WSE 3.0
  • Investigating the Microsoft.Web.Services3.dll Assembly
  • The WSE 3.0 Runtime
  • Interacting with WSE within an XML Web Service
  • Interacting with WSE on the Client
  • The Microsoft.Web.Service3.SoapContext Type
  • Understanding the Role of WS-Security
  • Caller Authentication Using WSE 3.0
  • Authentication: Building the XML Web Service
  • Authentication: Building the Client

Please contact your training representative for more details on having this course delivered onsite or online

Training Outlines - the one stop shopping center for IT training.
© Training Outlines All rights reserved