security issues. introduction the.net framework includes a comprehensive set of security tools...
TRANSCRIPT
SECURITY ISSUESSECURITY ISSUES
IntroductionIntroduction
• The .NET Framework includes a comprehensive set of security tools
– Low-level classes and an overall framework– Managing code access security and role-based
security– Applies to Web services, Windows apps,
Windows services, remoting applications
• The .NET Framework includes a comprehensive set of security tools
– Low-level classes and an overall framework– Managing code access security and role-based
security– Applies to Web services, Windows apps,
Windows services, remoting applications
Configuring SecurityConfiguring Security
• Broadly speaking, .NET security is divided into two separate areas:
– Code access security – manages the security of the code itself
– Role-based security – manages the user rather than the code
• Broadly speaking, .NET security is divided into two separate areas:
– Code access security – manages the security of the code itself
– Role-based security – manages the user rather than the code
Understanding Code Access SecurityUnderstanding Code Access Security
• Controls what the code can do on your computer, regardless of where it comes from
• Centers on permissions to use resources
• Controls what the code can do on your computer, regardless of where it comes from
• Centers on permissions to use resources
Concepts Involved in Code Access Security
Concepts Involved in Code Access Security
• Permissions
• Code groups
• Permission sets
• Permissions
• Code groups
• Permission sets
Understanding PermissionsUnderstanding Permissions
• Based on specific permissions granted by the CLR
• E.g. code that wishes to write to the Windows Registry requires RegistryPermission permission
• Based on specific permissions granted by the CLR
• E.g. code that wishes to write to the Windows Registry requires RegistryPermission permission
Types of Permission RequestsTypes of Permission Requests
• Code can make permission requests:– Minimum permissions that it requires to run– Optional permissions– Refuse permissions – ensures it does not have
access to particular resources– Demand permissions of the CLR
• Code can make permission requests:– Minimum permissions that it requires to run– Optional permissions– Refuse permissions – ensures it does not have
access to particular resources– Demand permissions of the CLR
Granting PermissionsGranting Permissions
• The CLR decides whether a particular permission should be granted
• If a module is unable to obtain the minimum permissions it needs, the code does not execute
• The computer’s security settings determine the maximum permissions to be granted
• The CLR decides whether a particular permission should be granted
• If a module is unable to obtain the minimum permissions it needs, the code does not execute
• The computer’s security settings determine the maximum permissions to be granted
Types of PermissionsTypes of Permissions
• Code access permissions – access to protected resources
• Identity permissions – based on credentials that are part of the code itself
• Role-based permissions – based on the user who will run the code
• Code access permissions – access to protected resources
• Identity permissions – based on credentials that are part of the code itself
• Role-based permissions – based on the user who will run the code
Code Access Permissions in the .NET Framework
Code Access Permissions in the .NET Framework
• DirectoryServicePermission
• DnsPermission
• EnvironmentPermission
• EventLogPermission
• FileDialogPermission
• DirectoryServicePermission
• DnsPermission
• EnvironmentPermission
• EventLogPermission
• FileDialogPermission
Code Access Permissions in the .NET Framework (cont’d)
Code Access Permissions in the .NET Framework (cont’d)
• FileIOPermission
• IsolatedStorageFilePermission
• IsolatedFilePermission
• MessageQueuePermission
• OleDBPermission
• FileIOPermission
• IsolatedStorageFilePermission
• IsolatedFilePermission
• MessageQueuePermission
• OleDBPermission
Code Access Permissions in the .NET Framework (cont’d)
Code Access Permissions in the .NET Framework (cont’d)
• PerformanceCounterPermission
• PrintingPermission
• ReflectionPermission
• RegistryPermission
• SecurityPermission
• PerformanceCounterPermission
• PrintingPermission
• ReflectionPermission
• RegistryPermission
• SecurityPermission
Code Access Permissions in the .NET Framework (cont’d)
Code Access Permissions in the .NET Framework (cont’d)
• ServiceControllerPermission
• SocketPermission
• SqlClientPermission
• UIPermission
• WebPermission
• ServiceControllerPermission
• SocketPermission
• SqlClientPermission
• UIPermission
• WebPermission
Code GroupsCode Groups
• A code group is a set of assemblies that share a security context
• You define a code group by specifying the membership condition for the group
• The .NET Framework supports seven different membership conditions for code groups
• A code group is a set of assemblies that share a security context
• You define a code group by specifying the membership condition for the group
• The .NET Framework supports seven different membership conditions for code groups
Membership ConditionsMembership Conditions
• Application directory– Selects all code in the installation directory of the
running application
• Cryptographic hash– Selects all code that matches a specific
cryptographic hash. Effectively limits code group to a single assembly
• Application directory– Selects all code in the installation directory of the
running application
• Cryptographic hash– Selects all code that matches a specific
cryptographic hash. Effectively limits code group to a single assembly
Membership Conditions (cont’d)Membership Conditions (cont’d)
• Software publisher– Selects all code from a specified publisher,
verified by Authenticode signing
• Site – Selects all code from a particular Internet
domain
• Software publisher– Selects all code from a specified publisher,
verified by Authenticode signing
• Site – Selects all code from a particular Internet
domain
Membership Conditions (cont’d)Membership Conditions (cont’d)
• Strong name– Selects all code with a specific strong
name
• URL– Selects all code from a specific URL
• Strong name– Selects all code with a specific strong
name
• URL– Selects all code from a specific URL
Membership Conditions (cont’d)Membership Conditions (cont’d)
• Zone – Selects all code from a specified security
zone:• Internet Local intranet• Trusted sites My Computer• Untrusted sites
• Zone – Selects all code from a specified security
zone:• Internet Local intranet• Trusted sites My Computer• Untrusted sites
Permission SetsPermission Sets
• A set of one or more code access permissions that are granted as a unit
• To grant a single permission, create a permission set with only 1 permission
• The .NET Framework supplies seven built-in permission sets
• A set of one or more code access permissions that are granted as a unit
• To grant a single permission, create a permission set with only 1 permission
• The .NET Framework supplies seven built-in permission sets
Built-in Permission SetsBuilt-in Permission Sets
• Nothing– grants no permissions
• Execution– Can run, but no access to protected
resources
• Nothing– grants no permissions
• Execution– Can run, but no access to protected
resources
Built-in Permission Sets (cont’d)Built-in Permission Sets (cont’d)
• Internet– Grants limited permissions for code of
unknown origin
• LocalIntranet– Grants high permissions designed for
code within the enterprise
• Internet– Grants limited permissions for code of
unknown origin
• LocalIntranet– Grants high permissions designed for
code within the enterprise
Built-in Permission Sets (cont’d)Built-in Permission Sets (cont’d)
• Everything– Grants all permissions except for
permission to skip verification
• SkipVerification– Grants permission to skip security checks
• Everything– Grants all permissions except for
permission to skip verification
• SkipVerification– Grants permission to skip security checks
Built-in Permission Sets (cont’d)Built-in Permission Sets (cont’d)
• FullTrust– Grants full access to all resources– Includes all permissions
• FullTrust– Grants full access to all resources– Includes all permissions
Granting PermissionsGranting Permissions
• The easiest way to grant or deny permissions is to work with the .NET Framework Configuration tool
• Located at:– Control Panel -> Administrative Tools ->
Microsoft .NET Framework 2.0 Configuration -> My Computer -> Runtime Security Policy -> User -> Permissions Sets
• The easiest way to grant or deny permissions is to work with the .NET Framework Configuration tool
• Located at:– Control Panel -> Administrative Tools ->
Microsoft .NET Framework 2.0 Configuration -> My Computer -> Runtime Security Policy -> User -> Permissions Sets
Imperative SecurityImperative Security
• Requesting permissions via attributes is known as declarative security
• With imperative security, you create objects to represent the permissions your code requires
• Requesting permissions via attributes is known as declarative security
• With imperative security, you create objects to represent the permissions your code requires
ImpersonationImpersonation
• Allows ASP.NET to take on the identity of an authenticated user
• Applies only to applications that use ASP.NET to communicate with server
• ASP.NET impersonation is controlled by entries in the appicable web.config file;Ex:
– <identity impersonate=“false”/>
• Allows ASP.NET to take on the identity of an authenticated user
• Applies only to applications that use ASP.NET to communicate with server
• ASP.NET impersonation is controlled by entries in the appicable web.config file;Ex:
– <identity impersonate=“false”/>
Impersonation (cont’d)Impersonation (cont’d)
• By default, ASP.NET runs as an unprivileged account named ASPNET
• When impersonation is disabled, all requests will run in the context of the account running ASP.NET
• By default, ASP.NET runs as an unprivileged account named ASPNET
• When impersonation is disabled, all requests will run in the context of the account running ASP.NET
Impersonation (cont’d)Impersonation (cont’d)
• If enabled, ASP.NET takes on the identity passed to it by IIS
• If you are not allowing anonymous access, ASP.NET will take on the credentials of the authenticated user and make requests for resources as if it were actually that user
• If enabled, ASP.NET takes on the identity passed to it by IIS
• If you are not allowing anonymous access, ASP.NET will take on the credentials of the authenticated user and make requests for resources as if it were actually that user
Role-Based SecurityRole-Based Security
• User is a member of a group• Authorization is handled by role-based
security• Implemented through two objects:
– WindowsIdentity– WindowsPrincipal
• User is a member of a group• Authorization is handled by role-based
security• Implemented through two objects:
– WindowsIdentity– WindowsPrincipal
The WindowsIdentity ObjectThe WindowsIdentity Object
• Represents the Windows user who is running the current code
• Properties of this object allow you to retrieve information about the user; e.g:
– Username– Authentication method
• Represents the Windows user who is running the current code
• Properties of this object allow you to retrieve information about the user; e.g:
– Username– Authentication method
The WindowsPrincipal ObjectThe WindowsPrincipal Object
• Adds functionality to the WindowsIdentity object
• Represents the entire security context of the user
• When the CLR determines which role-based permissions to assign to your code, it inspects the WindowsPrincipal object
• Adds functionality to the WindowsIdentity object
• Represents the entire security context of the user
• When the CLR determines which role-based permissions to assign to your code, it inspects the WindowsPrincipal object
Verifying Role MembershipVerifying Role Membership
• Use the IsInRole() method of the WindowsPrincipal object
• Results of using this method can be used to modify application’s user interface
• Use the IsInRole() method of the WindowsPrincipal object
• Results of using this method can be used to modify application’s user interface
IsInRole() MethodIsInRole() Method
• Three available overloads for this method:
– IsInRole(WindowsBuiltInRole)– IsInRole(String) name of user– IsInRole(Integer) role identifier
(RID)
• Three available overloads for this method:
– IsInRole(WindowsBuiltInRole)– IsInRole(String) name of user– IsInRole(Integer) role identifier
(RID)
Configuring Web Services SecurityConfiguring Web Services Security
• The chief challenge is to decide how to authenticate users
• After a user has been authenticated, a Web service is a Windows application
• You can use the same declarative and imperative security tools that you use with other applications
• The chief challenge is to decide how to authenticate users
• After a user has been authenticated, a Web service is a Windows application
• You can use the same declarative and imperative security tools that you use with other applications
Authenticating Users for Web Services
Authenticating Users for Web Services
• If you need to authorize access to resources based on the caller’s identity, use impersonation
• If all users need to access same resources, Web server performs authentication without impersonation
• On production servers, you should disable HTTP-GET and HTTP-POST, limiting them to SOAP access
• If you need to authorize access to resources based on the caller’s identity, use impersonation
• If all users need to access same resources, Web server performs authentication without impersonation
• On production servers, you should disable HTTP-GET and HTTP-POST, limiting them to SOAP access