Experienced developers who are looking to create reliably secure sites with ASP.NET 2.0 will find that Professional ASP.NET 2.0 Security, Membership, and Role Management covers a broad range of security features including developing in partial trust, forms authentication, and securing configuration. The book offers detailed information on every major area of ASP.NET security you'll encounter when developing Web applications.
You'll see how ASP.NET 2.0 version contains many new built-in security functions compared to ASP.NET 1.x such as Membership and Role Manager, and you'll learn how you can extend or modify various features. The book begins with two chapters that walk you through the processing ASP.NET 2.0 performs during a web request and the security processing for each request, followed by a detailed explanation of ASP.NET Trust Levels.
With this understanding of security in place, you can then begin working through the following chapters on configuring system security, forms authentication, and integrating ASP.NET security with classic ASP including integrating Membership and Role Manager with classic ASP. The chapter on session state looks at the limitations of cookieless session identifiers, methods for heading off session denial of service attacks, and how session state is affected by trust level. After the chapter explaining the provider model architecture in ASP.NET 2.0 and how it is useful for writing custom security providers you go to the MembershipProvider class and configuring the two default providers in the Membership feature, SqlMembershipProvider and ActiveDirectoryMembershipProvider. You'll see how to use RoleManager to make it easy to associate users with roles and perform checks declaratively and in code and wrap up working with three providers for RoleProvider - WindowsTokenRoleProvider, SqlRoleProvider, and AuthorizationStoreRoleProvider (to work with Authorization Manager or AzMan).
This book is also available as part of the 5-book ASP.NET 2.0 Wrox Box (ISBN: 0-470-11757-5). This 5-book set includes:
Professional ASP.NET 2.0 Special Edition (ISBN: 0-470-04178-1)
ASP.NET 2.0 Website Programming: Problem - Design - Solution (ISBN: 0764584642 )
Professional ASP.NET 2.0 Security, Membership, and Role Management (ISBN: 0764596985)
Professional ASP.NET 2.0 Server Control and Component Development (ISBN: 0471793507)
ASP.NET 2.0 MVP Hacks and Tips (ISBN: 0764597663)
CD-ROM with more than 1000 pages of bonus chapters from 15 other .NET 2.0 and SQL Server(TM) 2005 Wrox books
DVD with 180-day trial version of Microsoft(r) Visual Studio(r) 2005 Professional Edition
Customer Reviews:
Avg. Customer Rating: 4.0 / 5.0
Thorough, excellent writing:
I bought this book because I needed the information for a project that I am currently engaged in. The information contained within was immediately relevant in shaping the solution design. It gave me the how and the why to architect a solid, yet flexible solution. This text is not a how-to for a beginner. It is also not light reading. It is a dense book; lots of information crammed into it. You have to bring your experience to this book for the full weight of the teaching to come to bear. I highly... more info
Not useful:
This book is like those instruction you will want to give to your team members if you are the leader, but having to keep reading that for close to 600 pages!
Yes, the target is clearly not defined and if you want to get a work done by reading this book, please forget it.
If you implemented membership and roles, and seeking some extra advice may be you might find it useful. It does not really explain the various systems, illustrating each well enough.
I opened Forms Authetication, hoping to... more info
It's about how things work under the covers:
I bought this book for help with over-riding the membership providers and possible the profile providers. What I got was a full on introduction to how things really work under the covers. Didn't really help me with my original intention, but certainly improved my understanding of security in ASP.Net 2.0.
Excellent resource:
I am using ASP.NET 2.0 with forms-based security and wanted to authenticate and authorize using Active Directory users and groups as ASP.NET users and roles. After many hours and much research, I had authentication working. After more hours and research, I was looking at doing authorization using ADAM and not getting it to work. I was reading posts, blogs, MSDN articles, everything I could find. I purchased this e-book and downloaded it. Within hours I had authorization working in Active Directory like I... more info
