security issues. introduction the.net framework includes a comprehensive set of security tools...

SECURITY ISSUESSECURITY ISSUES

IntroductionIntroduction

• The .NET Framework includes a comprehensive set of security tools

– Low-level classes and an overall framework– Managing code access security and role-based

security– Applies to Web services, Windows apps,

Windows services, remoting applications

• The .NET Framework includes a comprehensive set of security tools

– Low-level classes and an overall framework– Managing code access security and role-based

security– Applies to Web services, Windows apps,

Windows services, remoting applications

Configuring SecurityConfiguring Security

• Broadly speaking, .NET security is divided into two separate areas:

– Code access security – manages the security of the code itself

– Role-based security – manages the user rather than the code

• Broadly speaking, .NET security is divided into two separate areas:

– Code access security – manages the security of the code itself

– Role-based security – manages the user rather than the code

Understanding Code Access SecurityUnderstanding Code Access Security

• Controls what the code can do on your computer, regardless of where it comes from

• Centers on permissions to use resources

• Controls what the code can do on your computer, regardless of where it comes from

• Centers on permissions to use resources

Concepts Involved in Code Access Security

Concepts Involved in Code Access Security

• Permissions

• Code groups

• Permission sets

• Permissions

• Code groups

• Permission sets

Understanding PermissionsUnderstanding Permissions

• Based on specific permissions granted by the CLR

• E.g. code that wishes to write to the Windows Registry requires RegistryPermission permission

• Based on specific permissions granted by the CLR

• E.g. code that wishes to write to the Windows Registry requires RegistryPermission permission

Types of Permission RequestsTypes of Permission Requests

• Code can make permission requests:– Minimum permissions that it requires to run– Optional permissions– Refuse permissions – ensures it does not have

access to particular resources– Demand permissions of the CLR

• Code can make permission requests:– Minimum permissions that it requires to run– Optional permissions– Refuse permissions – ensures it does not have

access to particular resources– Demand permissions of the CLR

Granting PermissionsGranting Permissions

• The CLR decides whether a particular permission should be granted

• If a module is unable to obtain the minimum permissions it needs, the code does not execute

• The computer’s security settings determine the maximum permissions to be granted

• The CLR decides whether a particular permission should be granted

• If a module is unable to obtain the minimum permissions it needs, the code does not execute

• The computer’s security settings determine the maximum permissions to be granted

Types of PermissionsTypes of Permissions

• Code access permissions – access to protected resources

• Identity permissions – based on credentials that are part of the code itself

• Role-based permissions – based on the user who will run the code

• Code access permissions – access to protected resources

• Identity permissions – based on credentials that are part of the code itself

• Role-based permissions – based on the user who will run the code

Code Access Permissions in the .NET Framework

Code Access Permissions in the .NET Framework

• DirectoryServicePermission

• DnsPermission

• EnvironmentPermission

• EventLogPermission

• FileDialogPermission

• DirectoryServicePermission

• DnsPermission

• EnvironmentPermission

• EventLogPermission

• FileDialogPermission

Code Access Permissions in the .NET Framework (cont’d)


• FileIOPermission

• IsolatedStorageFilePermission

• IsolatedFilePermission

• MessageQueuePermission

• OleDBPermission

• FileIOPermission

• IsolatedStorageFilePermission

• IsolatedFilePermission

• MessageQueuePermission

• OleDBPermission



• PerformanceCounterPermission

• PrintingPermission

• ReflectionPermission

• RegistryPermission

• SecurityPermission

• PerformanceCounterPermission

• PrintingPermission

• ReflectionPermission

• RegistryPermission

• SecurityPermission



• ServiceControllerPermission

• SocketPermission

• SqlClientPermission

• UIPermission

• WebPermission

• ServiceControllerPermission

• SocketPermission

• SqlClientPermission

• UIPermission

• WebPermission

Code GroupsCode Groups

• A code group is a set of assemblies that share a security context

• You define a code group by specifying the membership condition for the group

• The .NET Framework supports seven different membership conditions for code groups

• A code group is a set of assemblies that share a security context

• You define a code group by specifying the membership condition for the group

• The .NET Framework supports seven different membership conditions for code groups

Membership ConditionsMembership Conditions

• Application directory– Selects all code in the installation directory of the

running application

• Cryptographic hash– Selects all code that matches a specific

cryptographic hash. Effectively limits code group to a single assembly

• Application directory– Selects all code in the installation directory of the

running application

• Cryptographic hash– Selects all code that matches a specific

cryptographic hash. Effectively limits code group to a single assembly

Membership Conditions (cont’d)Membership Conditions (cont’d)

• Software publisher– Selects all code from a specified publisher,

verified by Authenticode signing

• Site – Selects all code from a particular Internet

domain

• Software publisher– Selects all code from a specified publisher,

verified by Authenticode signing

• Site – Selects all code from a particular Internet

domain


• Strong name– Selects all code with a specific strong

name

• URL– Selects all code from a specific URL

• Strong name– Selects all code with a specific strong

name

• URL– Selects all code from a specific URL


• Zone – Selects all code from a specified security

zone:• Internet Local intranet• Trusted sites My Computer• Untrusted sites

• Zone – Selects all code from a specified security

zone:• Internet Local intranet• Trusted sites My Computer• Untrusted sites

Permission SetsPermission Sets

• A set of one or more code access permissions that are granted as a unit

• To grant a single permission, create a permission set with only 1 permission

• The .NET Framework supplies seven built-in permission sets

• A set of one or more code access permissions that are granted as a unit

• To grant a single permission, create a permission set with only 1 permission

• The .NET Framework supplies seven built-in permission sets

Built-in Permission SetsBuilt-in Permission Sets

• Nothing– grants no permissions

• Execution– Can run, but no access to protected

resources

• Nothing– grants no permissions

• Execution– Can run, but no access to protected

resources

Built-in Permission Sets (cont’d)Built-in Permission Sets (cont’d)

• Internet– Grants limited permissions for code of

unknown origin

• LocalIntranet– Grants high permissions designed for

code within the enterprise

• Internet– Grants limited permissions for code of

unknown origin

• LocalIntranet– Grants high permissions designed for

code within the enterprise


• Everything– Grants all permissions except for

permission to skip verification

• SkipVerification– Grants permission to skip security checks

• Everything– Grants all permissions except for

permission to skip verification

• SkipVerification– Grants permission to skip security checks


• FullTrust– Grants full access to all resources– Includes all permissions

• FullTrust– Grants full access to all resources– Includes all permissions

Granting PermissionsGranting Permissions

• The easiest way to grant or deny permissions is to work with the .NET Framework Configuration tool

• Located at:– Control Panel -> Administrative Tools ->

Microsoft .NET Framework 2.0 Configuration -> My Computer -> Runtime Security Policy -> User -> Permissions Sets

• The easiest way to grant or deny permissions is to work with the .NET Framework Configuration tool

• Located at:– Control Panel -> Administrative Tools ->

Microsoft .NET Framework 2.0 Configuration -> My Computer -> Runtime Security Policy -> User -> Permissions Sets

Imperative SecurityImperative Security

• Requesting permissions via attributes is known as declarative security

• With imperative security, you create objects to represent the permissions your code requires

• Requesting permissions via attributes is known as declarative security

• With imperative security, you create objects to represent the permissions your code requires

ImpersonationImpersonation

• Allows ASP.NET to take on the identity of an authenticated user

• Applies only to applications that use ASP.NET to communicate with server

• ASP.NET impersonation is controlled by entries in the appicable web.config file;Ex:

– <identity impersonate=“false”/>

• Allows ASP.NET to take on the identity of an authenticated user

• Applies only to applications that use ASP.NET to communicate with server

• ASP.NET impersonation is controlled by entries in the appicable web.config file;Ex:

– <identity impersonate=“false”/>

Impersonation (cont’d)Impersonation (cont’d)

• By default, ASP.NET runs as an unprivileged account named ASPNET

• When impersonation is disabled, all requests will run in the context of the account running ASP.NET

• By default, ASP.NET runs as an unprivileged account named ASPNET

• When impersonation is disabled, all requests will run in the context of the account running ASP.NET

Impersonation (cont’d)Impersonation (cont’d)

• If enabled, ASP.NET takes on the identity passed to it by IIS

• If you are not allowing anonymous access, ASP.NET will take on the credentials of the authenticated user and make requests for resources as if it were actually that user

• If enabled, ASP.NET takes on the identity passed to it by IIS

• If you are not allowing anonymous access, ASP.NET will take on the credentials of the authenticated user and make requests for resources as if it were actually that user

Role-Based SecurityRole-Based Security

• User is a member of a group• Authorization is handled by role-based

security• Implemented through two objects:

– WindowsIdentity– WindowsPrincipal

• User is a member of a group• Authorization is handled by role-based

security• Implemented through two objects:

– WindowsIdentity– WindowsPrincipal

The WindowsIdentity ObjectThe WindowsIdentity Object

• Represents the Windows user who is running the current code

• Properties of this object allow you to retrieve information about the user; e.g:

– Username– Authentication method

• Represents the Windows user who is running the current code

• Properties of this object allow you to retrieve information about the user; e.g:

– Username– Authentication method

The WindowsPrincipal ObjectThe WindowsPrincipal Object

• Adds functionality to the WindowsIdentity object

• Represents the entire security context of the user

• When the CLR determines which role-based permissions to assign to your code, it inspects the WindowsPrincipal object

• Adds functionality to the WindowsIdentity object

• Represents the entire security context of the user

• When the CLR determines which role-based permissions to assign to your code, it inspects the WindowsPrincipal object

Verifying Role MembershipVerifying Role Membership

• Use the IsInRole() method of the WindowsPrincipal object

• Results of using this method can be used to modify application’s user interface

• Use the IsInRole() method of the WindowsPrincipal object

• Results of using this method can be used to modify application’s user interface

IsInRole() MethodIsInRole() Method

• Three available overloads for this method:

– IsInRole(WindowsBuiltInRole)– IsInRole(String) name of user– IsInRole(Integer) role identifier

(RID)

• Three available overloads for this method:

– IsInRole(WindowsBuiltInRole)– IsInRole(String) name of user– IsInRole(Integer) role identifier

(RID)

Configuring Web Services SecurityConfiguring Web Services Security

• The chief challenge is to decide how to authenticate users

• After a user has been authenticated, a Web service is a Windows application

• You can use the same declarative and imperative security tools that you use with other applications

• The chief challenge is to decide how to authenticate users

• After a user has been authenticated, a Web service is a Windows application

• You can use the same declarative and imperative security tools that you use with other applications

Authenticating Users for Web Services

Authenticating Users for Web Services

• If you need to authorize access to resources based on the caller’s identity, use impersonation

• If all users need to access same resources, Web server performs authentication without impersonation

• On production servers, you should disable HTTP-GET and HTTP-POST, limiting them to SOAP access

• If you need to authorize access to resources based on the caller’s identity, use impersonation

• If all users need to access same resources, Web server performs authentication without impersonation

• On production servers, you should disable HTTP-GET and HTTP-POST, limiting them to SOAP access

security issues. introduction the.net framework includes a comprehensive set of security tools...

Documents