In this chapter we've built on the security outlines for Windows NT and IIS that we looked at in Chapter 7 to encompass the 'working parts' of a DNA application. In particular, we've seen how the declarative security feature in Microsoft Transaction Server (MTS) can be used to simplify the control of user permissions between the various middle-tier business rules components that the application uses.
To make each component more flexible we can also use programmatic security, by adding code to the components that differentiate between different users and groups and changes the behavior of the component based on the outcome of this. By combining these two methods with the ways we used server variables and certificates back in Chapter 7, we have a wide choice of techniques available for managing user access.
In this chapter we also revisited the structure of a Microsoft Message Queue Server (MSMQ) enterprise, from the point of view of configuring it to provide a secure environment for distributed messaging. We saw how we can protect each part of the enterprise, right down to queue level, with the built-in Windows NT security features. We also looked at the ways we can authenticate and encrypt messages that we pass over the network.
Finally, we took a very brief look at some of the issues involved at the data-source end of our DNA applications. In particular this was oriented towards SQL Server, but the general recommendations are just as valid—no matter which relational database system you use. And, of course, other types of data store, such as Exchange, Active Directory, or other specialist applications, will each have their own special requirements and security features.
Overall, in this chapter, we've covered:
We've now come to the end of the 'teaching' part of this book, and we'll finish with a final implementation of our Wrox Car Company application by showing you how we move it from the showroom out onto the Internet, and let people order their new car from the comfort of their own home.