Developing and Deploying Secure Microsoft .NET Framework Applications

Target Audience
The goal of this course is to enable developers to build Microsoft .NET compatible applications by using assemblies, which are the basic unit of versioning, isolation, security, and deployment in the .NET Framework environment

Pre-Requisites
Before attending this course, students must have:AttendedA basic skill level in C#, or a working knowledge of and comfort with C++ syntax.A working knowledge of COM

Purpose
At the end of the course, students will be able to define the term assembly, list the programming problems that assemblies solve, and describe how code in an assembly is executed, describe the purpose of metadata and the manifest, and their relationship to the .NET Framework, create single-file and multi-file assemblies, use code signing to create strong-named assemblies, create Visual Studio .NET deployment projects to deploy assemblies using the Microsoft Windows Installer, describe how type safety, verification, and strong-name signing improve application security, explain how the .NET security system uses policy to map information about an assembly to a set of resource access rights for an assembly, use code access security to develop and use secure assemblies, implement role-based security in an assembly by using principals and identities, and create and use isolated storage, call Win32 code and COM objects from assemblies.

Course outline

1. Introduction To Assemblies
2. Creating an Assembly
3. Deploying an Assembly
4. Assembly Versioning and Satellite Assemblies
5. Type Safety, Verification, and Code Signing
6. Code Access Security
7. Role Based Security and Isolated Storage
8. Interoperating Between Managed and Unmanaged Code

Module 1:Introduction To Assemblies

• The Programming Problems Assemblies Solve
• Assembly Concepts

• List the programming problems that assemblies solve.
  
• Define the term assembly.
  
• Describe the types of assemblies and differentiating between strong-named assemblies and private assemblies.
  
• Describe how the code in an assembly is executed.
  

Module 2:Creating an Assembly

• Introduction to Metadata
• Creating, Packaging, and Referencing an Assembly
• Reflection

• State the purpose of metadata.
  
• Describe the contents found in the metadata that is stored within an assembly or a portable executable (PE) file.
  
• Use the Microsoft intermediate language (MSIL) Disassembler to view the metadata stored within an assembly or a PE file.
  
• Create a single-file assembly and a multi-file assembly.
  
• Describe the purpose of reflection and using it to inspect metadata stored within an assembly.
  

Module 3:Deploying an Assembly

• Binding Policy and Configuration Files
• Types of Deployment
• Deploying Private Assemblies
• Deploying Strong-Named Assemblies
• Deployment Options

• Describe the purpose of binding policy.
  
• Describe the types of policy configuration files.
  
• Differentiate between private assemblies and strong-named assemblies.
  
• Describe the purpose of the global assembly cache (GAC).
  
• Deploy and uninstalling private and strong-named assemblies.
  
• Describe the probing process for private assemblies.
  
• List the methods for deploying assemblies.
  

Module 4:Assembly Versioning and Satellite Assemblies

• Versioning
• Incremental Download
• Satellite Assemblies

• Explain the need for versioning and describe how versioning determines assembly compatibility.
  
• Configure application binding policy and publisher binding policy.
  
• Define the terms side-by-side deployment and side-by-side execution.
  
• Describe the probing process for strong-named assemblies.
  
• List benefits of using strong-named assemblies.
  
• Describe the incremental download deployment process and listing some of its benefits.
  
• Describe the procedure that the common language runtime uses to locate pieces of an assembly.
  
• Build an application for incremental download.
  
• Build a satellite assembly.
  

Module 5:Type Safety, Verification, and Code Signing

• Introduction to Security
• Type Safety and Verification
• Code Signing
• Cryptographic Services and Data Signing

• Explaining how the security model for the .NET Framework relates to the security model for the Microsoft Windows operating system.
  
• Describing how type safety and verification improve security.
  
• Explaining the benefits of code signing.
  
• Developing delay-signed assemblies.
  
• Describing the facilities in the .NET Framework for encrypting and signing data.
  

Module 6:Code Access Security

• Evidence-Based Security
• Security Policy
• Imperative Code Access Security
• Declarative Code Access Security
• Miscellaneous Topics in Code Access Security

• Listing and describing the kinds of evidence used by security policy.
  
• Listing and describing built-in permissions and named permission sets.
  
• Explaining how code groups fit into security policy.
  
• Describing how security policy is used to map evidence to permission grants.
  
• Demanding and asserting permissions imperatively and declaratively.
  
• Making assembly permission requests.
  
• Configuring security policy in the .NET Framework by using the Microsoft Management Console (MMC) snap-in and the Code Access Security Policy tool (Caspol.exe) for testing and debugging purposes.
  

Module 7:Role Based Security and Isolated Storage

• Role-Based Security
• Creating Principals and Identities
• Performing Role-Based Security Checks
• Isolated Storage
• .NET Security Summary

• Describing the role-based security model of the .NET Framework.
  
• Creating principals and identities.
  
• Using the PrincipalPermission class to make role-based security checks.
  
• Using the PrincipalPermissionAttribute attribute to make role-based security checks.
  
• Using principal and identity objects directly to make role-based security checks.
  
• Explaining the need for isolated storage.
  
• Creating and using isolated storage files.
  

Module 8:Interoperating Between Managed and Unmanaged Code

• Integration Services
• Platform Invoke
• Calling COM Objects from Managed Code
• Calling .NET Objects from COM Objects

• Stating the need for interoperability between .NET assemblies and COM components.
  
• Using platform invoke to call a function in a dynamic-link library (DLL).
  
• Exposing the methods and properties of a COM object to an assembly.
  
• Describing the three ways to generate runtime callable wrappers.
  
• Using Visual Studio .NET to call a COM object.
  
• Using the Type Library Importer to generate metadata from a type library.
  
• Exposing the methods and properties of a .NET Framework class to a COM client.
  
• Using the Type Library Exporter to generate a type library for an assembly.
  
• Using the ClassInterface attribute to control and modify the type of interface that is generated for a .NET Framework class.