This is a big book weighing in at over 1,200 pages. Note the "Pro" in the title. If you want to learn how to design Web sites, this book is not for you; it's meant for the professional Web designer needing to build serious, real-world Web sites that are scalable and secure. This is the complete book for the professional; it covers all the basic parts such as the history of ASP.NET, Visual Studio 2005, upgrading old projects, and WebForm basics, but these are covered fleetingly and assumes the reader already knows the concepts and has enough experience to figure out the details for himself. For those getting started in ASP.NET or Web development in general, I recommend Beginning ASP.NET in C# 2005 from Apress (ISBN 1-59059-572-6) or Microsoft ASP.NET 2.0 Step by Step from Microsoft Press (ISBN 0-7356-2201-9).

This book is divided into six major parts, core concepts, data access, building ASP.NET Web sites, security, advanced user interfaces, and Web Services.

The core concept section covers the advantages that ASP.NET has to offer, along with getting started with Visual Studio, WebForms including validation, events, and the page class, server controls (with more validation), and ASP.NET application basics such as configuration, .NET components, and working with HTTP handlers. This part closes with a chapter on state management.

The database section covers all databases parts as they pertain to Web pages, but I'd also recommend that you add good books on database design, database administration, and ADO.NET (such as ADO.NET 2.0 from Apress, reviewed in DNDJ Vol. 4 Issue 2). The chapter on ADO.NET fundamentals covers basics such as ADO.NET classes, connection pooling, stored procedures, and transactions. Two things I like about this chapter are the discussion of SQL injection attacks and the section on writing code that can be used with different databases. This section has a chapter on data binding and another one on data binding to advanced controls such as grid and form views. You cannot have too much information on these topics. It also has a full chapter on data caching, including SQL Server 2000 and 2005. The section closes with chapters on XML data, including discussions on when it makes sense to use XML databases and chapters on files and streams.

The third section, Building ASP.NET Web sites, covers basic controls, themes, master pages (including dynamically setting the master page), and Web site navigation. This section includes a short chapter on resources and localization, and a chapter that goes into detail on Web site deployment, the differences between IIS 5 and IIS 6, and side-by-side execution.

The fourth section covers all aspects of security in depth. In my opinion, this is one of the most important and difficult areas of Web development, the one area that separates the pros from the wannabes.

It starts with an overview of security including how Web sites are attacked and how attacks can be prevented with authentication, authorization, SSL, roles, impersonation, gatekeepers, and layered security. It then goes into detail about forms authentication, which uses a secure cookies- and programmer-supplied login page, and how it differs from membership-based security. Membership-based security uses .NET 2.0 security controls and the membership class and API to provide security. This includes the login control, one of the coolest new controls in ASP.NET. It accepts usernames and passwords, and automatically verifies the user. Related controls let users set up accounts, change passwords, and e-mail users their password if they forget them. It discusses Windows' authentication and impersonation, which uses the built-in authentication capabilities of the Windows operating system, but requires a Windows-based server and client and that users already have logins on the server. Its advantage is that it allows the use of impersonation, where the Web page get the rights associated with a Windows account other than the standard account used by the ISS server.

The security section also has chapters on authorization, roles, and profiles, and closes with chapters on cryptography and custom membership providers.

The fifth section covers advanced user interfaces, including the creation of custom server controls that work with different browsers, handling view state, control state, and postback events, as well as adding design time support to custom controls. It has a chapter on JavaScript, a chapter on using the GDI+ library to create dynamic graphics, and closes with a chapter on Web parts, another of the coolest additions to ASP.NET 2.0. It includes information on using the supplied Web parts and creating new ones.

The last section contains three chapters covering Web Services, starting with the basics of creating Web Services, and then going into more detail with SOAP, WSDL, and customizing XML serialization with attributes or IXmlSerializable, closing with asynchronous calls, and my personal favorite, security.

I like this book because it covers all the key aspects of building a secure professional Web site, and pays special attention to databases and controls. I especially like the attention paid to security. The Apress motto is "The Experts' Voice." It's books like this that earn that reputation.