35 Articles
found and displayed in this view.

• Log Users in to Your Web Application with OpenID or OAuth
  Magazine/Issue: CoDe Magazine, 2013 Jan/Feb
  Release Date: Monday, December 10, 2012
  Quick ID: 1301081
  Users already have many usernames and passwords for different popular online services, and with OpenID and OAuth, you can leverage those. Why burden users with yet another set of credentials for your site if they can use their Google or Facebook account, or any other OpenID or OAuth account? In this article, I will show you how to do this with ASP.NET 4.5, but more importantly help you understand what’s going on behind the scenes.
  
  
• Claims-Based Authentication and the Cloud
  
  Magazine/Issue: CoDe Magazine, 2012 Jan/Feb
  Release Date: Wednesday, December 21, 2011
  Quick ID: 1201021
  I give up! I can’t really explain how the cloud works unless I cover the topic of authentication in the cloud first. If I didn’t tackle this topic first, I could only explain boring unauthenticated applications. The issue is, for all practical purposes the authentication fit for the cloud is claims based. There is no worldwide active directory you can rely on. There is no single aspnetdb.mdf database. What’s more, there are many kinds of authentications already - Facebook, Twitter, Google, OpenID, Windows Live ID, etc.
  
  
• PART I Introduction
  
  Magazine/Issue: Online CoDe Magazine, Book Excerpts
  Release Date: Tuesday, May 17, 2011
  Quick ID: 1105053
  “From a drop of water . . . a logician could infer the possibility of an Atlantic or a Niagara without having seen or heard of one or the other. So all life is a great chain, the nature of which is known whenever we are shown a single link of it. Like all other arts, the Science of Deduction and Analysis is one which can only be acquired by long and patient study nor is life long enough to allow any mortal to attain the highest possible perfection in it. Before turning to those moral and mental aspects of the matter which present the greatest difficulties, let the enquirer begin by mastering more elementary problems.”-Sherlock Holmes in A Study in Scarlet
  
  
• Licensing and Obfuscation
  
  Magazine/Issue: CoDe Magazine, 2010 Nov/Dec
  Release Date: Friday, October 22, 2010
  Quick ID: 1011021
  Software piracy runs rampant these days! You need to protect your code using a good licensing scheme and obfuscation. If you develop software for a living (and since you are reading this magazine, I assume you are), at some point you will most likely figure out how to protect your investment in that software. Two things you will need to do to accomplish this are to add licensing to your software, and to obfuscate your code so others cannot reverse engineer your hard work. These two tools are absolutely essential in your efforts to protect your software. This article will provide you with an overview on how you can use these tools to protect yourself from piracy.
  
  
• Creating Self-Scaling Applications with Azure Services
  
  Magazine/Issue: CoDe Magazine, 2010 Mar/Apr
  Release Date: Friday, February 12, 2010
  Quick ID: 1003061
  Microsoft’s Azure platform has finally been released into production. This new entry into the cloud computing market provides .NET developers with a scalable, robust platform for developing applications.After over a year in CTP, Azure is finally ready for prime time. At PDC 2009, Microsoft announced the release of new components, such as the management API, that make Azure worth considering for use in production environments. In this article, I’ll demonstrate how to use the different components of Azure Services to build a self-scaling application.
  
  
• SharePoint Applied: To Kerberos or Not
  
  Magazine/Issue: CoDe Magazine, 2009 Sep/Oct
  Release Date: Sunday, August 16, 2009
  Quick ID: 0909031
  Whenever you create a new SharePoint website, one of the questions SharePoint asks you is to select an authentication mechanism. Should it be NTLM or should it be Kerberos?The first time I installed SharePoint, I picked Kerberos, because it sounded like a tropical fruit, only to be prompted that this will need more work! Given that I’m the laziest person you know, I changed my selection to NTLM, and went with the less naggy version instead!
  
  
• Performance Improvements in Internet Explorer 8 Beta 2
  
  Magazine/Issue: CoDe Focus Magazine, 2008 - Vol. 5 - Issue 3 - IE8
  Release Date: Tuesday, October 28, 2008
  Quick ID: 0811112
  Great performance is one of many things being delivered in Internet Explorer 8 Beta 2, the latest version of the popular browser. Beyond a much faster JScript engine, Internet Explorer 8 Beta 2 includes profound performance improvements and exciting new developer features that make it one of the most exciting browser releases in years.
  
  
• Reliability and Privacy with Internet Explorer 8 Beta 2
  
  Magazine/Issue: CoDe Focus Magazine, 2008 - Vol. 5 - Issue 3 - IE8
  Release Date: Tuesday, October 28, 2008
  Quick ID: 0811122
  Reliability and privacy are two must-have features for every Web user. To that end, Internet Explorer 8 Beta 2 introduces powerful and easy-to-use features that improve the dependability of your browsing experience and the security of your personally identifiable information. Read on for all the details.
  
  
• Secure Coding with Internet Explorer 8 Beta 2
  
  Magazine/Issue: CoDe Focus Magazine, 2008 - Vol. 5 - Issue 3 - IE8
  Release Date: Tuesday, October 28, 2008
  Quick ID: 0811132
  The Internet Explorer team has made significant investments to ensure that Internet Explorer 8 Beta 2 is the most secure version to date.Many of these improvements (like the SmartScreen anti-phishing/anti-malware filter) operate automatically and require no changes to Web pages or add-ons. However, other security improvements will impact Web applications and browser add-ons. This article describes how to take advantage of these new Internet Explorer security features to help protect Web users and applications.
  
  
• Windows Live Delegated APIs
  
  Magazine/Issue: CoDe Focus Magazine, 2008 - Vol. 5 - Issue 2 - Windows Live
  Release Date: Sunday, March 16, 2008
  Quick ID: 0804072
  The smart way to share data between computers and other people is to place it in an online Internet store, which the other parties can access, but you want to make sure only the right people can access your data. This article will help you understand how the Windows Live delegated authentication system is used to access certain Windows Live data stores and the technologies Microsoft is building to make this work easier for you.
  
  
• Never Write an Insecure ASP.NET Application Ever Again
  
  Magazine/Issue: CoDe Magazine, 2008 Jan/Feb
  Release Date: Friday, December 28, 2007
  Quick ID: 0801031
  One of the most important security principles for software development is least privilege.Simply put, least privilege means that an application, process, or user should have the least access to resources required to accomplish a task and no more. By following this principle, even if your application is attacked or a user goes on the payroll of your nastiest competitor, you’ll have limited the potential damage. Bottom line: implementing partial trust in ASP.NET is the single biggest thing you can do to make your applications secure.
  
  
• SQLCLR Security and Designing for Reuse
  
  Magazine/Issue: CoDe Magazine, 2007 - May/Jun
  Release Date: Thursday, April 26, 2007
  Quick ID: 0705051
  An important principal of software design is that of “least privilege.”Basically, in any given layer of a program, you should only grant minimal access such that the code has rights to only exactly the resources it needs to get its job done-and nothing more. Most SQL Server developers understand this concept: one of the main reasons to use stored procedures is to encapsulate permission to data behind controlled and auditable interfaces, thereby not giving the caller direct access.
  
  
• All Input Data is Evil-So Make Sure You Handle It Correctly and with Due Care
  
  Magazine/Issue: CoDe Magazine, 2007 - May/Jun
  Release Date: Thursday, April 26, 2007
  Quick ID: 0705061
  IT professionals agree that input is a big source of trouble. Input ultimately determines how applications work and wrong or malicious input may cause serious damage. It is extremely important that developers have this fact firmly in mind and consequently apply adequate countermeasures. Starting from the perspective that all input is evil is a good approach. Reasoning in terms of a whitelist instead of a blacklist is another excellent strategy. Working with strongly typed data is the third pillar of secure applications. This article discusses the role of input data and related attacks in the context of ASP.NET applications.
  
  
• Protect Your Downloadable Files Using HTTP Handlers
  
  Magazine/Issue: CoDe Magazine, 2007 - Mar/Apr
  Release Date: Saturday, March 03, 2007
  Quick ID: 0703031
  So you finally have a product to sell, and a site to sell it on. But wait; how do you prevent unauthorized users from downloading your products? Forms Authentication provides only part of the solution. In this article, I’ll show how to prevent specific users from accessing specific files on your site; even by browsing directly to them.
  
  
• Fundamentals of WCF Security
  
  Magazine/Issue: CoDe Magazine, 2006 - Nov/Dec
  Release Date: Friday, October 20, 2006
  Quick ID: 0611051
  Windows Communication Foundation (WCF) is a secure, reliable, and scalable messaging platform for the .NET Framework 3.0.With WCF, SOAP messages can be transmitted over a variety of supported protocols including IPC (named pipes), TCP, HTTP and MSMQ. Like any distributed messaging platform, you must establish security policies for protecting messages and for authenticating and authorizing calls. This article will discuss how WCF accomplishes this.
  
  
• Security in the CLR World Inside SQL Server
  
  Magazine/Issue: CoDe Magazine, 2006 - Mar/Apr
  Release Date: Friday, February 17, 2006
  Quick ID: 0603031
  One of the major benefits of writing .NET code to run in the Common Language Runtime (CLR) hosted in any environment is code access security (CAS).CAS provides a code-based-rather than user-based-authorization scheme to prevent various kinds of luring and other code attacks. But how does that security scheme coexist with SQL Server 2005’s own, newly enhanced security features? By default your .NET code is reasonably secure, but it’s all too easy for the two security schemes to butt heads and cause you grief. In this article I’ll look briefly at the concept behind CAS and a few new security features in SQL Server 2005, then explore how to make the two systems work for you instead of against you as you take advantage of these advanced programming features in SQL Server.
  
  
• Manage Custom Security Credentials the Smart (Client) Way
  
  Magazine/Issue: CoDe Magazine, 2005 - Nov/Dec
  Release Date: Friday, October 28, 2005
  Quick ID: 0511031
  Both Internet and intranet applications often require a custom store for user accounts and roles. ASP.NET 2.0 provides an out-of-the-box provider model as well as a SQL Sever database just for that propose. Unfortunately, the only way to administer the credentials databases is via Visual Studio 2005, and only for local Web applications. This article presents a full-blown custom security management application that administrators can use. The application wraps the ASP.NET 2.0 providers with a Web service and even adds missing features. This article presents the design approaches, challenges, and techniques involved in developing such an application. The article also walks you through some powerful yet useful techniques such as interface-based Web services, reflection-based Web service compatibility, advanced C# 2.0, Web services security, and Web services transactions.
  
  
• Security Is Job One!
  
  Magazine/Issue: CoDe Magazine, 2005 - Sep/Oct
  Release Date: Thursday, August 25, 2005
  Quick ID: 0509011
  Rod Paddock Editorial Article - September/October 2005 Issue
  
  
• SQL Server 2005 Secures Your Data Like Never Before
  
  Magazine/Issue: CoDe Magazine, 2005 - Sep/Oct
  Release Date: Thursday, August 25, 2005
  Quick ID: 0509021
  If you care about your data, you must upgrade to SQL Server 2005 the day it is released. There simply is no other option.An outrageous assertion? Perhaps. I tend to split my time equally between praising and bashing Microsoft, but the new security features and tools in SQL Server 2005 will be mandatory for protecting your data from today's increasingly sophisticated attacks. Most importantly, SQL Server 2005's many layers of security provide for defense in depth in which layer after layer of protection helps keep data safe.
  
  
• Using the New Security Controls in ASP.NET 2.0
  
  Magazine/Issue: CoDe Magazine, 2005 - Sep/Oct
  Release Date: Thursday, August 25, 2005
  Quick ID: 0509081
  ASP.NET 2.0 comes with several new security controls (located under the Login tab in the Toolbox; see Figure 1) that greatly simplify the life of a Web developer. Using the new security controls, you can now perform tasks such as user logins, registration, password changes, and more, with no more effort than dragging and dropping controls onto your Web form. In this article, I will show you how you can use these new controls to perform user authentication.
  
  
• .Finalize() - Making Sausages
  
  Magazine/Issue: CoDe Magazine, 2004 - November/December
  Release Date: Wednesday, October 20, 2004
  Quick ID: 0411121
  Ken Getz' .Finalize() column.
  
  
• Are You Insecure?
  
  Magazine/Issue: Online CoDe Magazine, Publisher's Point
  Release Date: Thursday, July 01, 2004
  Quick ID: 040063
  Markus Egger talks about developing secure applications.
  
  
• .Finalize() - Keeping Secrets
  
  Magazine/Issue: CoDe Magazine, 2004 - July/August
  Release Date: Sunday, June 20, 2004
  Quick ID: 0407111
  Ken Getz' .Finalize() column.
  
  
• Managing .NET Code Access Security (CAS) Policy
  
  Magazine/Issue: CoDe Magazine, 2004 - May/June
  Release Date: Tuesday, April 20, 2004
  Quick ID: 0405031
  Code Access Security (CAS) is the .NET Common Language Runtime (CLR) mechanism for maintaining security based on the identity of code.Most developers don't have to work with CAS on a daily basis because the .NET Framework libraries take care of much of the work involved in securing code. However, when you do need to work with CAS, having a good understanding of CAS policy management is essential. Waiting until the eleventh hour in the project lifecycle and realizing that you need to configure security policy is painful. For example, if you have a Smart Client application that runs over Internet Explorer, you will need to consider what permissions your application requires and how you are going to configure policy so that your code will run on a client machine. Or, suppose that your application defined a custom permission for a scenario not already covered by the permissions that ship with .NET. Here again you need to understand CAS policy. This article discusses the essential elements of CAS (evidence, permissions, and policy), shows how .NET CAS policy works, and explains reasons for making various policy decisions.
  
  
• Use Generics to Create an Audit Trail
  
  Magazine/Issue: CoDe Magazine, 2004 - May/June
  Release Date: Tuesday, April 20, 2004
  Quick ID: 0405041
  Building an audit trail into your application provides a mechanism for tracking who updated what when, and the new generics feature in Whidbey helps you build that trail.The Whidbey release of .NET will include a new Common Language Runtime (CLR) feature called generics. Generics allow you to use a variable to represent a desired data type, and thereby create very generic code (hence the name) that works with any data type.You define the data type for the generic variable at run time and the CLR substitutes that data type for the variable everywhere in the code that it is used; basically providing you with strongly typed generic code.
  
  
• Cryptography the .NET Way
  
  Magazine/Issue: CoDe Magazine, 2003 - July/August
  Release Date: Sunday, June 15, 2003
  Quick ID: 0307051
  In real-world applications you just can't do without encryption.The problem with cryptography, though, is that sometimes it may make you use an overly complex API. The .NET Framework classes for cryptography don't require you to become an expert mathematician or a cryptography guru. In the .NET Framework you'll find symmetric and asymmetric cryptographic providers as well as hash providers. Some of these provider classes end up calling into the unmanaged CryptoAPI library while other parts of the .NET cryptography solution are purely managed code.
  
  
• Auto-Deploying Windows Forms .NET Applications: The Revenge of the Fat Client
  
  Magazine/Issue: CoDe Magazine, 2003 - July/August
  Release Date: Sunday, June 15, 2003
  Quick ID: 0307061
  .NET provides new tools to make deployment of fat client .NET applications easier.This article describes the basics of .NET Auto-Deployment technology and the security mechanism that prevents users from inadvertently running code distributed by hackers and virus writers.
  
  
• .NET Web Services Security
  
  Magazine/Issue: CoDe Magazine, 2003 - July/August
  Release Date: Sunday, June 15, 2003
  Quick ID: 0307071
  Web services are all about connecting businesses in a standard and secure manner.For a real-life Web service, security is intrinsic to every facet of operation and no party would ever agree to interact with a non-secure Web service. Unfortunately, Web services security is still in its infancy; standards such as WS-I are just emerging and there is no built-in support in the development tools for them. That being said, there are quite a few programming techniques you can use today in .NET 1.1 to secure your Web services, and do so in a way that will ease the transition to future standards and protocols.
  
  
• Threat Modeling
  
  Magazine/Issue: CoDe Magazine, 2002 - Nov/Dec
  Release Date: Tuesday, October 15, 2002
  Quick ID: 0211091
  The first step in securing your application is to understand threats. This article discusses how to understand where your application may be threatened.
  
  
• Interview with Microsoft's Steve Lipner
  
  Magazine/Issue: CoDe Magazine, 2002 - Nov/Dec
  Release Date: Tuesday, October 15, 2002
  Quick ID: 0211101
  David Stevenson interviews Steve Lipner, Microsoft's Director of Security Assurance; the article discusses how Microsoft is implementing security in their applications.
  
  
• Stateful Network-Deployable .NET Components Use Isolated Storage
  
  Magazine/Issue: CoDe Magazine, 2002 - Nov/Dec
  Release Date: Tuesday, October 15, 2002
  Quick ID: 0211111
  Sometimes an application needs to keep its data in its own secure "sandbox". This article demonstrates creating these isolated applications in .NET.
  
  
• Securing Your SQL Server
  
  Magazine/Issue: CoDe Magazine, 2002 - Nov/Dec
  Release Date: Tuesday, October 15, 2002
  Quick ID: 0211121
  SQL Server, like most complex databases, has potential security holes. This article discusses these security holes and how to close them.
  
  
• Understanding the Crypto API
  
  Magazine/Issue: CoDe Magazine, 2002 - March/April
  Release Date: Friday, February 15, 2002
  Quick ID: 0203041
  You know about the importance of securing your data.But, how do you add industrial strength security to your program? The answer is simple: use the Windows Crypto API.
  
  
• Taking Advantage of ADSI
  
  Magazine/Issue: CoDe Magazine, 2001 - Issue 1
  Release Date: Monday, January 15, 2001
  Quick ID: 0101041
  Active Directory Service Interfaces (ADSI) is a COM-based set of interfaces that allow you to interact with and manipulate directory service interfaces.That means it's a cool way for scripts and code to add users, change passwords, create network groups, control IIS programmatically, and start and stop services. In this article, I'll cover the basic ADSI syntax and give you some example code to use in your own applications.
  
  
• Create Bulletproof Components with COM+ Security
  
  Magazine/Issue: CoDe Magazine, 2000 - Summer
  Release Date: Saturday, July 15, 2000
  Quick ID: 0002051
  COM+ gives the developer a way to build a flexible and powerful security system into applications without having to write a lot of custom code.This article will examine how to leverage the power of the COM+ security model.