.NET Security and Cryptography

You do not often see books that discuss both cryptography and security with equal prominence. These two topics seem, at least on the surface, to be entirely separate disciplines, and they are usually discussed independently of one another. After all, how often does a network administrator wonder about cryptographic questions, such as how hard it is to factor a large product of two prime numbers ? And how often does a mathematician think about security configuration tasks , such as controlling access to items in the Windows registry or Internet Information Services (IIS) virtual directories? Books on cryptography tend to be quite mathematical and theoretical. In contrast, books on security tend not to be programmer-oriented but very hands-on, dealing with practical issues such as how to set up a certificate server, how to create a new user account, and so on. Between these two extremes, there is the .NET programmer, concerned mainly with problems that are neither administrative nor mathematical in nature.

However, programmers are now becoming increasingly interested in incorporating cryptography and security features into their programs. On the one hand, all security-related functionality is ultimately built on top of cryptographic foundations. In fact, all real-world security protocols and technologies, such as Kerberos, the Windows Encrypted File System, Microsoft Certificate Server, and all the .NET Security Framework classes, are entirely based on cryptographic mathematical primitives at their core . On the other hand, all security- related programming must at some point interact with the underlying security configuration of the platform on which it runs that is ultimately established by an administrator. In this chapter, we take a wide-angle view of .NET cryptography and security, and see how each of these major aspects of security and cryptography fit together into the overall .NET programming picture. In subsequent chapters, we look more closely at the detailed aspects of cryptography and security technologies on the .NET platform.