Product Description

Any company using .NET will eventually (if it hasn't already) expose part of its functionality as a .NET Web service, and securing these features will become job number one. Completely up to date for the latest version of Visual Studio .NET, Expert Web Services Security in the .NET Platform is a comprehensive treatment on how to secure Web services on the .NET platform. This book specifically focuses on Web services security, not general .NET security.

Authors Brian Nantz and Laurence Moroney lay the foundation for a complete discussion of Web services security in the .NET platform by first describing the key aspects of security for the Windows operating system, Internet Information Services, and ASP.NET. They show developers how to use the WS-Security W3C specifications for industry-standard authentication, encryption, authorization, XML signature, attachments, and routing with Web services. The specific working code examples and clear-cut explanations will assist developers in readily integrating Web services security into their applications.

Product Details

• Amazon Sales Rank: #1015486 in Books
• Published on: 2004-11-01
• Original language: English
• Number of items: 1
• Binding: Paperback
• 280 pages

About the Author
Laurence Moroney is a technology strategist and researcher at major financial services company in New York City. A graduate in Physics, he has somehow worked for over 10 years in software development and architecture, specializing in security, in such diverse environments as Casinos, Jails, Border Patrol, Airports, Professional Soccer and Financial Services. He lives in Westbury, New York with wife Rebecca and children Claudia and Christopher.

Brian Nantz is currently employed with Security International, designing software for security equipment worldwide. He has developed Microsoft solutions for companies in both the medical and security industries. Brian lives with his wife and three children in the Milwaukee, Wisconsin, area.

Customer Reviews

good discussion of crypto
The book offers a good general description of Web Services. And specifically on how to make a simple Web Service using the .NET platform. But the thrust of the book is in showing how to incorporate cryptographic methods into the WS communications. The authors claim that perhaps the most important reason that WS have not taken off is security. Without a secure authentication and authorisation of messages, companies are leery about exposing their data via WS.

So the book devotes most of its space to the various cryptographic issues involved in .NET and WS. Some of this is not restricted to WS. For example, you may want to encrypt a channel, over which you will send sensitive data. That data might be a WS message, or something else. Hence, we get explanations of Active Directory, which handles a lot of these grubby details.

Later, they discuss public key cryptography. Which they term asynchronous encryption; not a widely used term. They contrast this to synchronous encryption, which most others call symmetric encryption.

But having said this, the book does offer a reasonable guide to using C# and .NET for WS. What is left for the reader is the much harder problem. That of designing a useful.

Do not waste your money
Please do not waste your money.
I bought this book looking at the ratings.
No coverate of WS-Security.
It talks about IIS and other setup things, not really about
.Net code.
It looks rehash of one chapter of "Building Secure Microsoft ASP.Net applications".
The book had no code examples. It says it is expert level,
but it is not.

Not enough depth, and the pieces aren't tied together
I was excited by the prospect of this book. Many books on web services or ASP.Net offer only a short chapter on security that goes over the different authentication methods and not much more. I was looking forward to a broader end-to-end treatment of security.

Although this book did discuss a wide range of topics, it failed to tie them together. It describes a bunch of technologies but doesn't teach you how to choose between them or use them together. Some case studies or end-to-end diagrams would have really helped.

I also felt that there was not enough depth. Although the book is advertised as "advanced", it's really only an introduction to a bunch of topics. You need to go elsewhere to learn enough to really apply them. The book is quite thin.

I'm not sure who a good target audience for this book is. If you are trying to understand an overview web service security, it falls short because it doesn't do enough to help you understand the big picture. If you understand the big picture and are looking for an advanced treatment of how to implement security techniques, this book will only give you an introduction.