New Horizons Computer Learning Center
410-597-9722

50031: Complete .NET 2.0 Security

Course Length: 4 Days

Overview:
This 4 day instructor led course provides a foundation of the various security APIs contained within the Microsoft .NET 2.0 base class libraries. The course begins by examining how strong naming, obfuscation, and digital certificates can prevent others from tampering with and modifying the content within a .NET assembly. The course then addresses the role of one-way encryption using hash algorithms as well as symmetrical and asymmetrical cryptographic services. This class will also examine the use of Role Based Security and Code Access Security to assign identities and permissions to users and executing assemblies. The course wraps up by examining numerous topics regarding securing ASP.NET web applications and XML web services.

Prerequisites:
Experience with Visual Studio IDE
Firm grounding in OOP
Firm grounding in .NET 2.0 development
Solid understanding of C# or Microsoft Visual Basic

Course Objectives:
Upon successful completion of this course, students will be able to:

• Understand the Windows File Protection (WFP) object model and the use of XAML
• Use WPF developments tools
• Control content model and layout managers
• Use data binding, styles, and graphics
• Use Navigation Applications and XBAPsBuild WPF applications using XAML, code files, and Microsoft Visual Studio

Course Content

Lesson 1: The Assembly as a Security Boundary

• Review the composition of .NET assemblies
• Understand the role of Application Domains
• Define 'roundtrip engineering'
• Learn to protect assemblies from tampering using strong names
• Understand the role of obfuscation
• Understand the role of publisher certificates
• Understand the role of FxCop.exe

Lesson 2: Understanding the Role of Hash Algorithms

• Define the role of cryptographic services
• Understand the role of hash algorithms and hash codes
• Generate hashed data using the .NET framework
• Validate hash codes programmatically

Lesson 3: Understanding .NET Cryptographic Services

• Understand the role of encryption and decryption
• Learn to encrypt data symmetrically
• Learn to encrypt data asymmetrically

Lesson 4: Understanding Role Based Security (RBS)

• Understand the use of role based security
• Create and administer roles
• Distinguish between principals, identity and roles
• Programmatically determine role membership
• Restrict actions based on roles

Lesson 5: An Introduction to Code Access Security

• Understand the motivation behind Code Access Security (CAS)
• Understand the building blocks of CAS
• Use CAS to secure ClickOnce Applications
• Programmatically interact with CAS

Lesson 6: Understanding Isolated Storage

• Understand the role of Isolated Storage
• Understand the levels of isolated storage
• Investigate the System.IO.IsolatedStorage namespace
• Administer isolated storage using storeadm.exe
• Programmatically manipulate isolated storage

Lesson 7: Securing an ASP.NET Web Site

• Examine the Architecture of ASP.NET Security
• Contrast Windows based and Forms based authentication
• Configure ASP.NET authentication and authorization using a web.config file
• Work with the ASP.NET security controls

Lesson 8: Securing XML Web Services using WSE 3.0

• Briefly review the construction of .NET XML Web Services
• Understand the role of Web Services Extensions (WSE) 3.0
• Walkthrough the process of obtaining and installing WSE 3.0
• Understand the scope of Microsoft.Web.Services3.dll
• Examine how to authenticate users using WS-Security

6940 Tudsbury Road, Baltimore, MD 21244
P: 410-597-9722
www.nhbaltimore.com