Friday, November 11, 2011

Professional ASP.NET 3.5 Security, Membership, and Role Management with C# and VB (Wrox Programmer to Programmer)

By - Travis Illig

"Professional ASP.NET 3.5 Security, Membership, and Role Management with C# and VB" is, other than a heck of a long title, probably one of the most useful books I've read through in recent memory.

You know when you're working on an in-depth item related to, say, ASP.NET membership and you search the web only to find 100 tiny articles that almost cover what you're looking for? You know how you wish someone would make a book that would just aggregate all of that knowledge and maybe take it just a little deeper?

This is that book.

The high level table of contents is as follows:

* Chapter 1: Introducing IIS 7.0
* Chapter 2: IIS 7.0 and ASP.NET Integrated Mode
* Chapter 3: HTTP Request Processing in IIS 7.0 Integrated Model
* Chapter 4: A Matter of Trust
* Chapter 5: Configuration System Security
* Chapter 6: Forms Authentication
* Chapter 7: Integrating ASP.NET Security with Classic ASP
* Chapter 8: Session State
* Chapter 9: Security for Pages and Compilation
* Chapter 10: The Provider Model
* Chapter 11: Membership
* Chapter 12: SqlMembershipProvider
* Chapter 13: ActiveDirectoryMembershipProvider
* Chapter 14: Role Manager
* Chapter 15: SqlRoleProvider
* Chapter 16: AuthorizationStoreRoleProvider
* Chapter 17: Membership and Role Management in ASP.NET AJAX 3.5
* Chapter 18: Best Practices for Securing ASP.NET Web Applications

The introductory chapters on IIS 7 were particularly interesting to me, since I still maintain a lot of legacy code on IIS 6 and haven't had the opportunity to get in-depth with IIS 7 quite yet. These really gave a great overview not only of the general request process for IIS 7, but also differences between IIS 6 and IIS 7 with a focus on places where security-related events happen (e.g., where a request gets authorized, when the thread principal gets set, how these things get set in different scenarios).

Chapter 4 had a great discussion on the different ASP.NET trust levels that your application can run under and what each means. It also explained how the permissions for your application get determined and how to customize the permissions in your application to give it only what it needs. Code access security is such a tricky thing, it was nice to see this laid out in a clear fashion.

Chapter 5 talked about the way configuration (web.config) gets read and what permissions you need in order to access it. It also discussed ways to encrypt the sensitive sections of configuration (settings that might contain passwords, for example) and ways you can create your own encrypted settings provider - even allowing the settings to be read from a location other than the config file.

Chapter 6 on forms authentication started out like every other ASP.NET book with a forms auth discussion, but this chapter actually got into details like how secure encrypted forms auth tickets are and ways to influence the forms auth process that you might not have originally considered.

Chapter 7 might also have been called "How to get ASP.NET and classic ASP to coexist in IIS 7." While the focus on it is getting the ASP.NET authentication mechanisms to work with classic ASP (using IIS 7), the discussion went a bit deeper than that, even talking about topics like passing data between ASP and ASP.NET.

Chapter 8 is basically everything you ever wanted to know about session state but were afraid to ask. It's not just what session state is and how it works, it goes into what exactly is stored in a SQL session database, how that data gets generated, how to secure it, and how to stop session-related DoS attacks.

Chapter 9 was a short chapter that talked about a few odds and ends that didn't get covered elsewhere. This chapter was the one that felt a little disorganized and mishmash, but it was still useful information. Topics here included request validation, viewstate protection, the permissions needed for page compilation, and securing your site map.

Chapters 10 - 16 were about the role and membership providers. The overall system gets introduced in a chapter, then each out-of-the-box provider gets explained in super detail. For example, the SqlMembershipProvider chapter goes so far as to explain how the schema for the membership database gets versioned. Chapter 17 ties the role and membership stuff into ASP.NET AJAX so you can see how to work with it all from the client side.

Chapter 18, though, is where you'll want to flip right to. This is where it all comes together - all the stuff you'll have learned from the previous chapters, put together in a near-checklist form, so you can take a step back from the application you're working on, look through this, and ask yourself, "Am I doing this in a secure fashion?" Common gotchas and attacks are discussed here as well as ways to protect yourself.

It's definitely not for folks new to ASP.NET - if you haven't written an ASP.NET app before or you're just starting out, this isn't for you. This book gives you in-depth information that, in some cases, you'd only otherwise get by using .NET Reflector to delve into the actual .NET assemblies and follow the code. It's heavy, detailed information. For mid-level to experienced ASP.NET developers, you definitely need to pick this up.

Head First Java: Your Brain on Java - A Learner's Guide

By - Juntao Yuan

When I first saw "Head First Java", it reminds me of the colorful "conversational English" books I had when I started to learn English years ago. The casual, humorous books have turned out effective for English language learning. Is that style good for the Java language learners as well? Is this type of books for beginners only?

With those questions in mind, I started to read "Head First Java". Since I consider myself a Java expert (I wrote a Java book myself, after all), I decided that I would NOT read the book from cover to cover. Instead, I would randomly flip through the book for the humorous stories and photos. I figured that if I cannot learn much new about Java from a "beginner" book, I can at least have some fun.

Geez, I was wrong. I was ADDICTED to the book's short stories, annotated code snippets, mock interviews, puzzle games and brain exercises. They are not only entertaining but also informative. It may be a beginner's book but the stuff they cover are definitely deep enough for expert readers as well (e.g. multiple inheritance, polymorphism, inner classes, threads, RMI, ... just to name a few). The best of all is that I can actually remember the things I learned from the book because I associate them with the stories and pictures. I guess it has something to do with the fact that both sides of my brain are active when reading this book: The right side is for the stories and the left side is for the technical and logic stuff.

There are other great Java books (e.g. "Thinking in Java" by Bruce Eckel) in the market. But they are all very serious and require the readers to spend hours to read entire chapters. The great thing about "Head First Java" is that the bite-size code snippets and stories allow me to learn something about Java in my 5-10 minutes spare time, one piece a time.

The overall writing style is casual and enlightened. The presentation style (fonts and placements of graphical elements) fits the content very well. The book covers a wide variety of Java topics including: basic code structure and language syntax, OOP concepts, math and numbers, exception handling, the Swing GUI library, serialization, network, and distributed computing.

Of course, the casual style is not for everyone. I know people who love the re-assuring feeling from "serious" books. But I can re-assure you that Kathy and Bert are authoritative figures in the Java training community. The content is absolutely first class. I highly recommend "Head First Java" for both Java beginners and expert readers.

Troubleshooting Windows 7 Inside Out: The ultimate, in-depth troubleshooting reference

By - Rockster

This is about the most comprehensive book I have found that discusses Windows 7 features and capabilities in an easy to read format. All the bases seem to be covered to make anyone upgrading to Windows 7 or anyone just starting out with Windows 7 to become comfortable with the new operating system and to get the best out of it. There is even a section in the book covering the basic components of PCs, how to clean your PC, identifying the different parts. Great for newbies who want to know a little about their computer. The book has great tips for optimum configuration, diagnosing problems, setting security, disaster recovery, common annoyances and how to get around them. This is a great reference book that the beginner or advance PC user will want to keep handy. There is so much information in this book that even the die hard computer geek who thinks he/she knows everything about computers should find something here that they didn't know and can put to good use.

Beginning Drupal (Wrox Programmer to Programmer)

Beginning Drupal (Wrox Programmer to Programmer)

By - John F. Williams "Still Hope"

Knowing near nothing about Drupal, I wanted to find a book that would give me the big picture and help me develop a nuts-and-bolts working knowledge quickly. I saw so many titles online that I went to a physical bookstore so I could carefully look at the books and choose the most appropriate one for my needs. I looked at many books, and scanned the Introductions and Tables of Contents of several promising ones. I chose "Beginning Drupal" because it had a great balance of concrete examples, theory, and discussion of the implications of making various choices in Drupal.

After I purchased the book and began to actually use it, it became quickly clear that Wiley Publishing had not only jumped the gun in publishing a Drupal 7 book prematurely, but several other things really soured the experience for me. There was no discussion in the introduction about the fact that the book was based on early alpha and beta versions of Drupal 7, and that the installation instructions would install Drupal 6 which is so different that the exercises in the book are more confusing than helpful. Still, I persisted, trying to find the Drupal 6 equivalents to the Drupal 7 examples in the book. (of course this was not mentioned on the cover either, or on the web site. As a matter of fact, the promotional materials misleadingly call Drupal 7 the latest version, but don't mention that it has not been officially released yet). After I hit page 100, I realized that the UI differences were not the only problem. The book was not only unclear because of the version differences, but because the writer apparently didn't have the benefit of a conscientious editor to make the language clear. The grammar was sloppy, but worse yet, the meanings of many of the sentences were foggy.

I did switch over to using Drupal 7 beta, hoping that would help. In fact, it did help with many of the exercises, but there were also far too many instances in which the examples were confusing because they were based on earlier versions of Drupal 7. I looked at the "errata" published for the book, but they barely scratched the surface of the errors in the book.

I really liked the unfolding of concepts as the book progressed, in that sense the design of the book was brilliant. But it was sloppily executed, and there were numerous instances in which avoidable inconsistencies prevented examples from working the way they should have.

In summary, I'd say that this book was a well conceived but so poorly executed and rushed to market. It wasted more of my time and effort than any other "how to" book that I have ever encountered in my 4 decades in the computer business.

Windows Phone 7 Application Development: 24 Hour Trainer

Great book! Got me up and going quick. On the way to my first Windows Phone App.

mcmoore2

I wanted to get on board with Windows Phone development, I know a lot of folks making good money with apps. This was an easy read. I did not have much time for reading and needed to get the know-how quickly. I was able to create my first project in under 4 hours after reading the first 3 chapters. I was greatful to find a book with good code examples and stright to the point. I started to read a few of the other 800+ page Window Phone books out there, but got bogged down in nonsense. This book gave me hope and it really worked. Practical, to the point and a great extras CD.

CCNA Cisco Certified Network Associate Study Guide, (640-802): Exam 640-802 7th ed.

- BOOK PLUS - COMPUTERBOOK - COMPUTERBOOKS KATHMANDU NEPAL

The best CCNA preparation book I've come across

Steve

After trying to prepare for the CCNA on my own I came to the conclusion that I needed a book if I were going to understand the material enough to receive my CCNA. Having seen Wendells books score high ratings I was going to purchase one of his until I read some of the excerpts from his book. With all due respect to Wendell his books were simply too dry for me. Then I checked out Lammle and discovered his books read as if somebody is actually talking to you, as if you're in a conversation with someone. Having purchased this book it's as immersive as reading a good story and you're learning the whole time.

Todd Lammle fully understands what Cisco expects you to know for your CCNA exam and the seller point for me is the fact that Lammle actually has a gift for teaching it. His book doesn't read as if hes just reguritating information to you but instead he writes to actually make sure you're understanding the material. (I've had professors in college teaching CCNA classes that couldn't do this. And for the record, this book is leaps and bounds better than any college class I've had on Cisco related information). Even if at some point he comes out of nowhere with new material he'll warn you about it and then he'll cover it later in depth. I have never at any point felt overwhelmed with the information in the book and he starts with the fundamentals, the building blocks of networking and goes in depth from there.

At the end of every chapter he'll have exam essays, written labs, and review questions to really make sure you understand the material (along with the CD provided). And to prove Todd wants you to know the material he even has a website you can go to and ask him questions on topics you don't fully understand, or if you feel he might be wrong about something in his book you can talk to him about it. If fact, if you check out other Lammle books on Amazon, you can see he comments on reviews left by others. That to me shows someone who's really dedicated to teaching the material and is someone I have a lot of respect for these days.

I absolutely recommend this study guide. You'll learn so much.