I received my copy of Keith Brown's The .NET Developer's Guide to Windows Security on Friday and have been reading and enjoying it most of this weekend (in between finishing my slides and demos for Code Camp II next weekend). I must emphasize again -- get this book! I had read most of this online, but there is something (at least for me) about reading it in book form that makes it much better. I can highlight it, make notes, and come back to it time and time again offline when I remember something else that Keith said about an area I am working on.
There was some question about the value and worth of the book for .NET developers on Keith's blog, as it touches parts of .NET security indirectly. This is a book first and foremost to understand Windows Security. .NET sits on top of Windows and while there are many great and powerful things you can do with the Framework, you can't do everything. What .NET currently wraps and extends for security is a fraction of what is available through the Win32 API. Keith shows the relationships between Windows Security and .NET and the work-arounds that you may still need to use to get the job done. For a well-rounded understanding of developing secure .NET applications, you need to understand the basic security concepts and the foundation of Windows Security. This book provides this and more (I love the "How to Develop Code as a Non-Admin" chapter and refer to it often) and that is why I say it is definitely one of the must read books of the year for the .NET developer.