Online Book - A .net developer's guide to Windows security

I "google stumbled" onto an amazing online book by Keith Brown - "a .net developer's guide to Windows security". The whole (in progress) book, including some sample code, is available online. There's even an rss feed with updates.

This book is a great compliment to "Writing Secure Code". Writing Secure Code tells you how to avoid security mistakes of all types; Keith's book tells you how to work with the Windows security model from .NET. As Keith points out on the book's splash page, the .NET framework doesn't do a good job of abstracting the gory details of the Windows security model, and it can be pretty difficult to find .NET code that calls into the Windows security API's (hello, www.pinvoke.net!).

So get down and dirty with the SIDs, tokens, profiles, impersonation, priveleges, ACL's, etc. Good stuff.

And while you're at it, check out Password Minder 1.5 and his other cool security related utilities and samples here.