Few points on our guides ... Building Secure ASP.NET Applications: Authentication, Authorization, and Secure Communication

Did you know?
- The content is available is 3 different formats: ONLINE, MSPRESS Book, PDF (complete book)
- The COMPLETE code for the book is available is available at the MSPRESS book site
- Even though the title says "ASP.NET", we cover Enterprise Services, Web Services, .NET Remoting, ADO.NET and SQL Server
- We worked very hard to make the content ACTIONABLE, the information is dense and NO blah, blah stuff
- Trade-offs: We wanted the content to be modular, we don't want to force the reader to read 600+ pages end-to-end. This comes with a cost, to make your reading experience easy, you will see some repetition (we gave a lot of though to this, finally decided that we want to reduce the number-of-jumps a reader has to do before he gets the information that he want)

Process behind the madness
If you consider - Spotting, investigating and documenting technical details is a challenge, then capturing the PROCESS was another challenge. Let me explain...
- In Authentication and Authorization chapter, we have a section called "Designing an Authentication and Authorization Strategy". We went through several dozen cycles before we came up with that process, several brainstroming sessions, validating with SMEs (Subject Matter Experts), MCS Architects (MCS - Microsoft Consulting Services), Customers etc.
- "Process for Troubleshooting" - Everyday the 'middleware developer support group at PSS (Product Support Services)' troubleshoot several security issues. Watching from outside it looks random -- set of questions throw at customers, hey can you try this...try that, etc. After digging deeper and talking to some of these engineers, we saw a pattern. We captured the exercise-of-troubleshooting-security-issues in a doc, sent the drafts to engineers who do this day-in-and-day-out for review, we refined the datapoints and documented it

Scenarios
We covered close to 10 scenarios in this guide (there are several other mini-secnarios distributed throughout the guide). If you consider the chapters ASP.NET Security, Ent Services Security, Web Services Security etc as DOTS, consider these chapters as Connecting-the-DOTS. We worked hard to follow a pattern in all the three chapters Intranet Security, Internet Security and Extranet Security:
- Every scenario has a BEFORE and AFTER picture. The AFTER picture shows how the landscape will look after applying on top of BEFORE picture
- We discuss the CHARACTERISTICS of the scenario
- 'Configure'section - the goals was you the developer, should be able to print-out this section and hand it out to your admin and worry about explaining him all the aspects to make this scenario work
- 'Analysis' section - there are several different ways to solve the problem. We provided the rationale behind each of our solutions in this section
- Pitfalls: These scenarios have 'Advantages' and 'Disadvantages' we tried to highlight them here.
- 'Related Scenarios' section - What happens if one of the variable is changed in the scenario. we tried to cover the most common variations, based on the beta feedback.
- 'Q&A' section - these are the most common questions that have been asked-again-and-again a zillion times in the newsgroup...our goal was to create these thread-killers