Date post: | 27-Dec-2015 |
Category: |
Documents |
Upload: | bathsheba-ferguson |
View: | 216 times |
Download: | 0 times |
Joe StagnerJoe StagnerDeveloper Community ChampionDeveloper Community ChampionMicrosoft CorporationMicrosoft [email protected]@Microsoft.comwww.ManagedCode.comwww.ManagedCode.com
Best Practices and Best Practices and Techniques for Building Techniques for Building Secure MicrosoftSecure Microsoft®® ASP.NET ASP.NET ApplicationsApplications
So Why This Presentation?So Why This Presentation? Web application security is more important than everWeb application security is more important than ever Ensure that security is a consideration in application designEnsure that security is a consideration in application design Creating secure Web applications is a series of complex tasksCreating secure Web applications is a series of complex tasks Promote best techniques for securityPromote best techniques for security Let developers know about new resources availableLet developers know about new resources available
msdn.microsoft.com/library/en-us/dnnetsec/html/ThreatCounter.aspmsdn.microsoft.com/library/en-us/dnnetsec/html/ThreatCounter.asp
What We Will CoverWhat We Will Cover
Why Web application security?Why Web application security? Planning for Web application securityPlanning for Web application security Authentication and authorization Authentication and authorization
strategiesstrategies Using the ASP.NET process identityUsing the ASP.NET process identity Secure communicationSecure communication Securing secrets and state informationSecuring secrets and state information
Session PrerequisitesSession Prerequisites
Level 200Level 200
Familiarity with MicrosoftFamiliarity with Microsoft®® Windows Windows®® management tools management tools Familiarity with IIS Management ConsoleFamiliarity with IIS Management Console C# and ASP.NET coding experienceC# and ASP.NET coding experience Familiarity with MicrosoftFamiliarity with Microsoft®® Visual Studio Visual Studio®® .NET .NET Basic understanding of Web application security issuesBasic understanding of Web application security issues
DemonstrationsDemonstrations
Configuring IIS for SSLConfiguring IIS for SSL Configuring ASP.NET SecurityConfiguring ASP.NET Security Using forms authentication with Using forms authentication with
MicrosoftMicrosoft®® SQL Server™ SQL Server™ Creating a GenericPrincipal object for Creating a GenericPrincipal object for
roles-based authorizationroles-based authorization
Before We Start !Before We Start !
SSL IS NOT WEB APPLICATION SSL IS NOT WEB APPLICATION
SECURITYSECURITY
Required ReadingRequired Reading
Secure Development Secure Development
AgendaAgenda Planning for ASP.NET application Planning for ASP.NET application
securitysecurity Configuring securityConfiguring security Programming securityProgramming security Securing secretsSecuring secrets ASP.NET process identityASP.NET process identity ImpersonationImpersonation Accessing resourcesAccessing resources Securing state informationSecuring state information Web farm considerationsWeb farm considerations Securing all tiersSecuring all tiers
Planning for ASP.NET Web Planning for ASP.NET Web Application Security Application Security Authentication and AuthorizationAuthentication and Authorization Authentication / authorization request Authentication / authorization request
flowflow
Planning for ASP.NET Web Planning for ASP.NET Web Application Security Application Security Authentication and AuthorizationAuthentication and Authorization Identify resources exposed to clientIdentify resources exposed to client Identify resource for appIdentify resource for app Choose authorization strategyChoose authorization strategy
Role-basedRole-based Resource-basedResource-based
Planning for ASP.NET Web Planning for ASP.NET Web Application Security Application Security Authentication and AuthorizationAuthentication and Authorization Choose Identities Used to Access Choose Identities Used to Access
ResourcesResources ASP.NET process identity (default)ASP.NET process identity (default) Custom identityCustom identity Original callerOriginal caller Fixed identityFixed identity
Decide on identity flowDecide on identity flow To the applicationTo the application To the operating systemTo the operating system
Planning for ASP.NET Web Planning for ASP.NET Web Application Security Application Security Authentication and AuthorizationAuthentication and Authorization Choosing an authentication approachChoosing an authentication approach
Internet scenariosInternet scenarios
StartStartUsers don’t have Users don’t have Windows accounts Windows accounts or certificatesor certificates
InteractiveInteractive Web app?Web app?
Use GXA WS-Use GXA WS-SecuritySecurity
AuthenticationAuthentication
Use Use Passport orPassport or
FormsFormsAuthentication Authentication
No – Web ServiceNo – Web Service
YesYes
Planning for ASP.NET Web Planning for ASP.NET Web Application Security Application Security Authentication and AuthorizationAuthentication and Authorization Choosing an authentication approachChoosing an authentication approach
Planning for ASP.NET Web Planning for ASP.NET Web Application Security Application Security Secure Communication StrategiesSecure Communication Strategies From client to Web serverFrom client to Web server From Web server to database and From Web server to database and
application servers application servers
Planning for ASP.NET Web Planning for ASP.NET Web Application Security Application Security Threat ModelingThreat Modeling An iterative processAn iterative process
Planning for ASP.NET Web Planning for ASP.NET Web Application Security Application Security Specific ThreatsSpecific Threats Common attacks against Web Common attacks against Web
applicationsapplications
Planning for ASP.NET Web Planning for ASP.NET Web Application Security Application Security Specific ThreatsSpecific Threats SQL injection attacksSQL injection attacks
Alters existing query or creates new queryAlters existing query or creates new query Use stored procedures with parametersUse stored procedures with parameters
Cross-site scriptingCross-site scripting Malicious script sent to application as inputMalicious script sent to application as input Frequently part of cookie replay attacksFrequently part of cookie replay attacks Server-side input validationServer-side input validation Encode all output that includes inputEncode all output that includes input
Buffer overflowsBuffer overflows Unmanaged code can cause arbitrary code Unmanaged code can cause arbitrary code Server-side input validationServer-side input validation
AgendaAgenda Planning for ASP.NET application Planning for ASP.NET application
securitysecurity Configuring securityConfiguring security Programming securityProgramming security Securing secretsSecuring secrets Using the ASP.NET process identityUsing the ASP.NET process identity ImpersonationImpersonation Accessing resourcesAccessing resources Securing state informationSecuring state information Web farm considerationsWeb farm considerations Securing all tiersSecuring all tiers
Configuring Security Configuring Security IIS to Secure CommunicationIIS to Secure Communication
Configuring Web Configuring Web Application Security Application Security Configure IIS SettingsConfigure IIS Settings Optionally install a Web server Optionally install a Web server
certificate for SSLcertificate for SSL Configure IIS authenticationConfigure IIS authentication Optionally configure client certificate Optionally configure client certificate
mappingmapping Set NTFS permissions on files and Set NTFS permissions on files and
foldersfolders
Demo 1Demo 1Configure IIS for SSLConfigure IIS for SSL
Set Up the SecurityDemo Web SiteSet Up the SecurityDemo Web Site
Create a Certificate RequestCreate a Certificate RequestConfigure IIS for SSL and CertificatesConfigure IIS for SSL and Certificates
Configuring Web Configuring Web Application Security Application Security ASP.NET Settings in Web.configASP.NET Settings in Web.config Configure authentication modeConfigure authentication mode
<authentication mode="Windows|Passport|Forms|None" /><authentication mode="Windows|Passport|Forms|None" />
Configure impersonationConfigure impersonation<identity impersonate="true" /><identity impersonate="true" />
Configure authorizationConfigure authorization<authorization><authorization> <allow users="DomainName\Bob", "DomainName\Mary" /><allow users="DomainName\Bob", "DomainName\Mary" /> <deny users="*" /><deny users="*" /></authorization></authorization>
Demo 2Demo 2Configure ASP.NET for Configure ASP.NET for Forms AuthenticationForms Authentication
Create a Web Application in Visual StudioCreate a Web Application in Visual Studio
Edit the Application’s Web.config FileEdit the Application’s Web.config File
AgendaAgenda Planning for ASP.NET application Planning for ASP.NET application
securitysecurity Configuring securityConfiguring security Programming securityProgramming security Securing secretsSecuring secrets Using the ASP.NET process identityUsing the ASP.NET process identity ImpersonationImpersonation Accessing resourcesAccessing resources Securing state informationSecuring state information Web farm considerationsWeb farm considerations Securing all tiersSecuring all tiers
Programming ASP.NET Programming ASP.NET Security Security Basic Authorization PatternBasic Authorization Pattern Retrieve credentialsRetrieve credentials Validate credentialsValidate credentials Put users in rolesPut users in roles Create an IPrincipal objectCreate an IPrincipal object Put the IPrincipal object into current Put the IPrincipal object into current
HttpContextHttpContext Authorize based on user identity/roleAuthorize based on user identity/role
AgendaAgenda Planning for ASP.NET application Planning for ASP.NET application
security security Configuring securityConfiguring security Programming securityProgramming security Securing secretsSecuring secrets ASP.NET process identityASP.NET process identity ImpersonationImpersonation Accessing resourcesAccessing resources Securing state informationSecuring state information Web farm considerationsWeb farm considerations Securing all tiersSecuring all tiers
Storing Secrets Storing Secrets Secret ExamplesSecret Examples Database connection stringsDatabase connection strings Credentials for SQL rolesCredentials for SQL roles Fixed identities in Web.configFixed identities in Web.config Process identity in Machine.configProcess identity in Machine.config Keys used to store data securelyKeys used to store data securely SQL Server session stateSQL Server session state Passwords used for forms Passwords used for forms
authentication against a database authentication against a database
Storing Secrets Storing Secrets Storage Methods and TipsStorage Methods and Tips Install Web application directories on a Install Web application directories on a
separate logical volume from the OSseparate logical volume from the OS
Secret storage methods for ASP.NET appsSecret storage methods for ASP.NET apps Data Protection API (DPAPI)Data Protection API (DPAPI) COM+ constructor stringsCOM+ constructor strings .NET cryptography classes.NET cryptography classes CAPICOMCAPICOM Crypto APICrypto API
Demonstration 3Demonstration 3Create a Logon PageCreate a Logon Page and Validate Againstand Validate Against
CredentialsCredentials
Create a Logon PageCreate a Logon PageCreate a User Accounts DatabaseCreate a User Accounts Database
Register the UserRegister the UserStore Connection StringStore Connection String
Store Account Details in DatabaseStore Account Details in DatabaseAuthenticate a UserAuthenticate a User
Demonstration 4Demonstration 4Generate an AuthenticationGenerate an Authentication
Ticket and Create aTicket and Create aGenericPrincipal objectGenericPrincipal object
Create a GetRoles MethodCreate a GetRoles MethodCreate a Forms Authentication TicketCreate a Forms Authentication Ticket
Create GenericPrincipal andCreate GenericPrincipal and FormsIdentity ObjectsFormsIdentity Objects
Check the Logged-in User and Their RolesCheck the Logged-in User and Their Roles
AgendaAgenda Planning for ASP.NET application Planning for ASP.NET application
security security Configuring securityConfiguring security Programming securityProgramming security Securing secretsSecuring secrets ASP.NET process identityASP.NET process identity ImpersonationImpersonation Accessing resourcesAccessing resources Securing state informationSecuring state information Web farm considerationsWeb farm considerations Securing all tiersSecuring all tiers
ASP.NET Process Identity ASP.NET Process Identity GuidelinesGuidelines
Configured in <processModel> elementConfigured in <processModel> element Always run ASP.NET as a least-Always run ASP.NET as a least-
privileged accountprivileged account Never run ASP.NET as SYSTEMNever run ASP.NET as SYSTEM Using the default ASPNET account to Using the default ASPNET account to
access remote resourcesaccess remote resources Create duplicate accounts on remote Create duplicate accounts on remote
computerscomputers Use a least-privileged domain accountUse a least-privileged domain account
AgendaAgenda Planning for ASP.NET application Planning for ASP.NET application
security security Configuring securityConfiguring security Programming securityProgramming security Securing secretsSecuring secrets ASP.NET process identityASP.NET process identity ImpersonationImpersonation Accessing resourcesAccessing resources Securing state informationSecuring state information Web farm considerationsWeb farm considerations Securing all tiersSecuring all tiers
ImpersonationImpersonationFlowing Client IdentityFlowing Client Identity
Inherent performance issuesInherent performance issues Consider instead:Consider instead:
URL or file authorization with role-based URL or file authorization with role-based checkschecks
Efficient management of gatekeepers and Efficient management of gatekeepers and trust boundariestrust boundaries
ImpersonationImpersonationFlowing Client IdentityFlowing Client Identity Four reasons to use impersonationFour reasons to use impersonation
Audit on the OS levelAudit on the OS level Flow original caller to access resourcesFlow original caller to access resources Use a fixed identityUse a fixed identity Save default behavior of a ported classic ASP application Save default behavior of a ported classic ASP application
For local resourcesFor local resources Create ACE with read access for userCreate ACE with read access for user Better to avoid impersonation and use URL or File Better to avoid impersonation and use URL or File
authorization with role-based checksauthorization with role-based checks
For remote resourcesFor remote resources Must use basic, forms or Kerberos authenticationMust use basic, forms or Kerberos authentication
Threading considerationThreading consideration Child threads inherit the ASP.NET process account’s Child threads inherit the ASP.NET process account’s
security contextsecurity context
AgendaAgenda Planning for ASP.NET application Planning for ASP.NET application
securitysecurity Configuring securityConfiguring security Programming securityProgramming security Securing secretsSecuring secrets Using the ASP.NET process identityUsing the ASP.NET process identity ImpersonationImpersonation Accessing resourcesAccessing resources Securing state informationSecuring state information Web farm considerationsWeb farm considerations Securing all tiersSecuring all tiers
Accessing Resources Accessing Resources System Resources and COM ObjectsSystem Resources and COM Objects
Creating event sourcesCreating event sources At install time with a .NET installer classAt install time with a .NET installer class Grant permissions to account on registry hiveGrant permissions to account on registry hive
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\ServicesHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
\EventLog\EventLog
For any registry key, grant account at least For any registry key, grant account at least read accessread access
Apartment Model COM objectsApartment Model COM objects <%@ Page AspCompat="true" %><%@ Page AspCompat="true" %>
Create COM objects in page event handlersCreate COM objects in page event handlers
Accessing Resources Accessing Resources Network ResourcesNetwork Resources
ASP.NET process identityASP.NET process identity Anonymous Internet user accountAnonymous Internet user account
Use impersonation to flow anonymous Use impersonation to flow anonymous account through trust boundariesaccount through trust boundaries
Can be applied to hosting scenariosCan be applied to hosting scenarios
Accessing Resources Accessing Resources Network ResourcesNetwork Resources
Original caller using delegationOriginal caller using delegation Windows Authentication using KerberosWindows Authentication using Kerberos Windows Authentication using client certificatesWindows Authentication using client certificates
OOP-serviced componentOOP-serviced component
AgendaAgenda Planning for ASP.NET application Planning for ASP.NET application
securitysecurity Configuring securityConfiguring security Programming securityProgramming security Securing secretsSecuring secrets Using the ASP.NET process identityUsing the ASP.NET process identity ImpersonationImpersonation Accessing resourcesAccessing resources Securing state informationSecuring state information Web farm considerationsWeb farm considerations Securing all tiersSecuring all tiers
Securing State Information Securing State Information View StateView State
Configure validation attribute in Configure validation attribute in machine.configmachine.config <machineKey validation=“SHA1” … /><machineKey validation=“SHA1” … /> <machineKey validation=“3DES” … /><machineKey validation=“3DES” … />
Enable message authentication code Enable message authentication code (MAC) checks for pages that use view (MAC) checks for pages that use view statestate <% @ Page enableViewStateMac = “true” %><% @ Page enableViewStateMac = “true” %>
Securing State Information Securing State Information SQL Session StateSQL Session State
Secure connection string using Secure connection string using Windows authenticationWindows authentication Create duplicate account on database Create duplicate account on database
server server Change connection stringChange connection string
sqlConectionString="server=127.0.0.1;database=StatsqlConectionString="server=127.0.0.1;database=StateDatabase;Integrated Security=SSPI;"eDatabase;Integrated Security=SSPI;"
Use IPSec or SSL to protect network Use IPSec or SSL to protect network traffic between Web server and SQL traffic between Web server and SQL state database serverstate database server
AgendaAgenda Planning for ASP.NET application Planning for ASP.NET application
securitysecurity Configuring securityConfiguring security Programming securityProgramming security Securing secretsSecuring secrets Using the ASP.NET process identityUsing the ASP.NET process identity ImpersonationImpersonation Accessing resourcesAccessing resources Securing state informationSecuring state information Web farm considerationsWeb farm considerations Securing all tiersSecuring all tiers
Web Farm ConsiderationsWeb Farm ConsiderationsSecurity ImplicationsSecurity Implications
Must use remote, OOP session stateMust use remote, OOP session state For DPAPI, consider user vs. machine For DPAPI, consider user vs. machine
storestore For forms authentication, For forms authentication,
<machineKey> must be the same for <machineKey> must be the same for each computereach computer validationKey attributevalidationKey attribute decryptionKey attributedecryptionKey attribute validation attribute should be SHA1validation attribute should be SHA1
AgendaAgenda Planning for ASP.NET application Planning for ASP.NET application
securitysecurity Configuring securityConfiguring security Programming securityProgramming security Securing secretsSecuring secrets Using the ASP.NET process identityUsing the ASP.NET process identity ImpersonationImpersonation Accessing resourcesAccessing resources Securing state informationSecuring state information Web farm considerationsWeb farm considerations Securing all tiersSecuring all tiers
Securing All TiersSecuring All TiersFrom Code to NetworkFrom Code to Network Follow published guidelines to:Follow published guidelines to:
Use CAS with ASP.NETUse CAS with ASP.NET Build secure pages and controlsBuild secure pages and controls Build secure componentsBuild secure components Build secure Web servicesBuild secure Web services Build secure data accessBuild secure data access Secure the networkSecure the network Secure the Web serverSecure the Web server Secure the database serverSecure the database server Secure the application serverSecure the application server
ReadRead Improving Web Application Security: Threats and Improving Web Application Security: Threats and
CountermeasuresCountermeasures Building Secure ASP.NET ApplicationsBuilding Secure ASP.NET Applications
Session SummarySession Summary
Planning for security is part of Planning for security is part of designing a Web applicationdesigning a Web application
Threat modeling can help your team Threat modeling can help your team focus resources on securityfocus resources on security
Creating a secure Web application is Creating a secure Web application is demanding—Microsoft provides demanding—Microsoft provides resources to help youresources to help you
For More Information…For More Information…
MSDN Web siteMSDN Web site msdn.microsoft.commsdn.microsoft.com
ASP.NET Web siteASP.NET Web site www.asp.netwww.asp.net
GotDotNet Web siteGotDotNet Web site www.gotdotnet.comwww.gotdotnet.com
TechNet Security home pageTechNet Security home page www.microsoft.com/technet/securitywww.microsoft.com/technet/security
Microsoft Security and Privacy home Microsoft Security and Privacy home pagepage www.microsoft.com/security/www.microsoft.com/security/
For More Information…For More Information…
.NET Security home page.NET Security home page msdn.microsoft.com/net/securitymsdn.microsoft.com/net/security
Microsoft Training and Certification in Microsoft Training and Certification in Security Security www.microsoft.com/traincert/centers/security.aspwww.microsoft.com/traincert/centers/security.asp
Improving Web Application Security: Threats Improving Web Application Security: Threats and Countermeasuresand Countermeasures msdn.microsoft.com/library/en-us/dnnetsec/html/msdn.microsoft.com/library/en-us/dnnetsec/html/
ThreatCounter.aspThreatCounter.asp
Building Secure ASP.NET ApplicationsBuilding Secure ASP.NET Applications msdn.microsoft.com/library/en-us/dnnetsec/html/msdn.microsoft.com/library/en-us/dnnetsec/html/
secnetlpMSDN.aspsecnetlpMSDN.asp
Training and Training and EventsEvents
MSDN Webcasts, MSDN Online MSDN Webcasts, MSDN Online Seminars, Tech·Ed, PDC, Developer DaysSeminars, Tech·Ed, PDC, Developer Days
MSDNMSDNEssential Resources for DevelopersEssential Resources for Developers
Subscription Subscription ServicesServices
OnlineOnlineInformationInformation
MembershipMembershipProgramsPrograms
Print Print PublicationsPublications
Library, OS, Professional, Enterprise, Library, OS, Professional, Enterprise, Universal Delivered via CD-ROM, DVD, WebUniversal Delivered via CD-ROM, DVD, Web
MSDN Online, MSDN Flash, How-to MSDN Online, MSDN Flash, How-to Resources, Download CenterResources, Download Center
MSDN User GroupsMSDN User Groups
MSDN MagazineMSDN MagazineMSDN NewsMSDN News
How-to ResourcesHow-to ResourcesSimple, Step-by-Step ProceduresSimple, Step-by-Step Procedures Embedded development How-to resourcesEmbedded development How-to resources General How-to resources General How-to resources Integration How-to resources Integration How-to resources MicrosoftMicrosoft®® JScript JScript®® .NET How-to resources .NET How-to resources Microsoft .NET development How-to resources Microsoft .NET development How-to resources Office development resources Office development resources Security How-to resources Security How-to resources MicrosoftMicrosoft®® Visual Basic Visual Basic®® .NET How-to resources .NET How-to resources MicrosoftMicrosoft®® Visual C# Visual C#®® .NET How-to resources .NET How-to resources Microsoft Visual Studio .NET How-to resources Microsoft Visual Studio .NET How-to resources Web development How-to resources (ASP, IIS, XML) Web development How-to resources (ASP, IIS, XML) Web services How-to resources Web services How-to resources Windows development How-to resources Windows development How-to resources
http://msdn.microsoft.com/howtohttp://msdn.microsoft.com/howto
MSDN WebcastsMSDN WebcastsInteractive, Live Online EventsInteractive, Live Online Events
Interactive, synchronous, live online Interactive, synchronous, live online eventsevents
Discuss the hottest topics from MicrosoftDiscuss the hottest topics from Microsoft Open and free for the general publicOpen and free for the general public Take place every TuesdayTake place every Tuesday
http://www.microsoft.com/usa/webcastshttp://www.microsoft.com/usa/webcasts
MSDN Subscriptions MSDN Subscriptions TheThe Way to Get Visual Studio .NET Way to Get Visual Studio .NETVisual Studio .NETVisual Studio .NET MSDN SubscriptionsMSDN Subscriptions
NE
W
ProfessionalProfessional• Tools to build applications Tools to build applications
and XML Web services for and XML Web services for Windows and the WebWindows and the Web
MSDN ProfessionalMSDN Professional$1199 new$1199 new
$899 renewal/upgrade$899 renewal/upgrade
MSDN EnterpriseMSDN Enterprise$2199 new$2199 new
$1599 renewal/upgrade$1599 renewal/upgrade
MSDN UniversalMSDN Universal$2799 new$2799 new
$2299 renewal/upgrade$2299 renewal/upgrade
Enterprise DeveloperEnterprise Developer• Enterprise lifecycle toolsEnterprise lifecycle tools• Team development supportTeam development support•Windows Server 2003 and Windows Server 2003 and
SQL Server™SQL Server™
Enterprise ArchitectEnterprise Architect• Software and data modelingSoftware and data modeling• Enterprise templatesEnterprise templates• Architectural guidanceArchitectural guidance
Where Can I Get MSDN?Where Can I Get MSDN?
Visit MSDN Online atVisit MSDN Online atmsdn.microsoft.commsdn.microsoft.com
Register for the MSDN Flash e-mail Register for the MSDN Flash e-mail newsletter at newsletter at msdn.microsoft.com/flashmsdn.microsoft.com/flash
Become an MSDN CD subscriber at Become an MSDN CD subscriber at msdn.microsoft.com/subscriptionsmsdn.microsoft.com/subscriptions
MSDN online seminarsMSDN online seminarsmsdn.microsoft.com/training/seminarsmsdn.microsoft.com/training/seminars
Attend more MSDN eventsAttend more MSDN events
Microsoft PressMicrosoft Press®®
Essential Resources for DevelopersEssential Resources for Developers
Microsoft Visual Studio .NET is here!Microsoft Visual Studio .NET is here!This is your chance to start building the next big This is your chance to start building the next big
thing. Develop your .NET skills, increase your thing. Develop your .NET skills, increase your productivity with .NET books from Microsoft Pressproductivity with .NET books from Microsoft Press
www.microsoft.com/mspresswww.microsoft.com/mspress
Become a Microsoft Certified Become a Microsoft Certified Solution DeveloperSolution Developer
What is MCSD?What is MCSD? Premium certification for professionals who design Premium certification for professionals who design
and develop custom business solutionsand develop custom business solutions How do I attain MCSD certification?How do I attain MCSD certification?
Certification requires passing four exams to prove Certification requires passing four exams to prove competency with Microsoft solution architecture, competency with Microsoft solution architecture, desktop applications, distributed application desktop applications, distributed application development, and development toolsdevelopment, and development tools
Where do I get more information?Where do I get more information? For more information about certification For more information about certification
requirements, exams, and training options, requirements, exams, and training options, visit visit www.microsoft.com/mcpwww.microsoft.com/mcp
Get this PresentationGet this Presentation
www.ManagedCode.comwww.ManagedCode.com
© 2003 Microsoft Corporation. All rights reserved.© 2003 Microsoft Corporation. All rights reserved.This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.
Microsoft, MSDN, Visual Basic, Windows, Windows NT, JScript, Visual Studio, Visual C#, Active Directory, Win32, and Microsoft Press are either registered trademarks or Microsoft, MSDN, Visual Basic, Windows, Windows NT, JScript, Visual Studio, Visual C#, Active Directory, Win32, and Microsoft Press are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries. The names of actual companies and products mentioned herein may be the trademarks of trademarks of Microsoft Corporation in the United States and/or other countries. The names of actual companies and products mentioned herein may be the trademarks of
their respective owners.their respective owners.