The .NET Developer's Guide to Windows Security

Summary
The Home Page for "The .NET Developer's Guide to Windows Security"

Table of Contents

Preface
Acknowledgements

Part 1: The Big Picture

Item 1: What is secure code?
Item 2: What is a countermeasure?
Item 3: What is threat modeling?
Item 4: What is the principle of least privilege?
Item 5: What is the principle of defense in depth?
Item 6: What is authentication?
Item 7: What is a luring attack?
Item 8: What is a non privileged user?
Item 9: How to develop code as a non admin
Item 10: How to enable auditing
Item 11: How to audit access to files

Part 2: Security Context

Item 12: What is a security principal?
Item 13: What is a SID?
Item 14: How to program with SIDs
Item 15: What is security context?
Item 16: What is a token?
Item 17: What is a logon session?
Item 18: What is a window station?
Item 19: What is a user profile?
Item 20: What is a group?
Item 21: What is a privilege?
Item 22: How to use a privilege
Item 23: How to grant or revoke privileges via security policy
Item 24: What is WindowsIdentity and WindowsPrincipal?
Item 25: How to create a WindowsPrincipal given a token
Item 26: How to get a token for a user
Item 27: What is a daemon?
Item 28: How to choose an identity for a daemon
Item 29: How to display a user interface from a daemon
Item 30: How to run a program as another user
Item 31: What is impersonation?
Item 32: How to impersonate a user given her token
Item 33: What is Thread.CurrentPrincipal?
Item 34: How to track client identity using Thread.CurrentPrincipal
Item 35: What is a null session?
Item 36: What is a guest logon?
Item 37: How to deal with unauthenticated clients

Part 3: Access Control

Item 38: What is role based security?
Item 39: What is ACL based security?
Item 40: What is discretionary access control?
Item 41: What is ownership?
Item 42: What is a security descriptor?
Item 43: What is an access control list?
Item 44: What is a permission?
Item 45: What is ACL inheritance?
Item 46: How to take ownership of an object
Item 47: How to program ACLs
Item 48: How to persist a security descriptor
Item 49: What is Authorization Manager?

Part 4: COM(+)

Item 50: What is the COM authentication level?
Item 51: What is the COM impersonation level?
Item 52: What is CoInitializeSecurity?
Item 53: How to configure security for a COM client
Item 54: How to configure the authentication and impersonation level for a COM app
Item 55: How to configure the authentication and impersonation level for an ASP.NET app
Item 56: How to implement role based security for a managed COM app
Item 57: How to configure process identity for a COM server app

Part 5: Network Security

Item 58: What is CIA?
Item 59: What is Kerberos?
Item 60: What is a service principal name SPN?
Item 61: How to use service principal names
Item 62: What is delegation?
Item 63: What is protocol transition?
Item 64: How to configure delegation via security policy
Item 65: What is SSPI?
Item 66: How to add CIA to a socket based app using SSPI
Item 67: How to add CIA to .NET Remoting
Item 68: What is IPSEC?
Item 69: How to use IPSEC to protect your network

Part 6: Misc

Item 70: How to store secrets on a machine
Item 71: How to prompt for a password
Item 72: How to programmatically lock the console
Item 73: How to programatically log off or reboot the machine
Item 74: What is group policy?
Item 75: How to deploy software securely via group policy

Code Samples
Download them here.

How to read online
See the table of contents below, and click on any subject you want to read!

Note that editing has been disabled due to spam. Thanks to all the good people who have helped fix typos, and of course all the fine folks who helped port the final version of the book into this wiki!

And yes, the entire contents of the book is here for your reference, free of charge. But please support my publisher and my family by picking up a hardcopy from your nearest bookstore ! If you're looking for classroom training on these topics, see the Pluralsight training page at PluralSight.com/courses . Thanks! Sphere: Related Content