the ultimate web service client code security & client deployment slides for this event will be...
TRANSCRIPT
The Ultimate Web Service The Ultimate Web Service ClientClient
Code Security & Client DeploymentCode Security & Client Deployment
Slides for this event will be posted at:Slides for this event will be posted at:http://www.microsoft.com/uk/msdn/posteventshttp://www.microsoft.com/uk/msdn/postevents
Stephen TurnerStephen TurnerSoftware Design EngineerSoftware Design EngineerMicrosoft UKMicrosoft [email protected]@microsoft.com
AgendaAgenda
Code access securityCode access securityEnabling mobile code scenariosEnabling mobile code scenariosRunning under FullTrust, LocalIntranet Running under FullTrust, LocalIntranet and Internet permission setsand Internet permission setsManaging security policyManaging security policy
Client deploymentClient deploymentDeployment backgroundDeployment backgroundXCopy deploymentXCopy deploymentWindows Installer deploymentWindows Installer deploymentNo-Touch deploymentNo-Touch deployment
Why do We Need Code Why do We Need Code Security?Security?
The enemy is among us – no The enemy is among us – no perimetersperimetersInnocent but trusted code often plays Innocent but trusted code often plays host to malicious mobile codehost to malicious mobile codeMalicious code can do anything that Malicious code can do anything that the user has permissions to dothe user has permissions to doThe user will always make the wrong The user will always make the wrong security decisionsecurity decision
LIBRARYOnly people
with a membership card can use
books.
LIBRARYOnly people
with a membership card can use
books.
Code Security in Pictures Code Security in Pictures 11
Security Policy
BobAliceEve
Alice, would you get a book for
me?
Bob, would you get a book for
Eve?
I would like to check out a book
Are you and all who will handle this book members?
Shared Library
Luring attack
Untrusted code
Stack Walk
Security Demand
Call Chain
MEMBERcard
Evidence
MEMBERcard
MEMBERcard
LIBRARYOnly those who have a member card can check out a book.
LIBRARYOnly those who have a member card can check out a book.
BobAliceEve
Alice, would you get a book for
me?
Bob, would you get a book for
Eve?
I would like to check out a book
Are you and all who will handle this book members?
Eve is not a member, but I vouch
for her.
Stack Modifier:Assert() I don’t
want to be responsible – won’t
pass books
promoting violence!
Stack Modifier:Deny()
I will only pass
books printed
after 1980
Stack Modifier:
PermitOnly()
Code Security in Pictures Code Security in Pictures 22
Code Access SecurityCode Access SecurityClient Apps Client Apps Run Run Safely from the InternetSafely from the Internet
Evidence of Evidence of code code origin and credentialsorigin and credentialsOrigin: Origin: IE zone, web site & IE zone, web site & URLURLCredentials: Credentials: strong name signature, strong name signature, AuthenticodeAuthenticode
Security PermissionsSecurity PermissionsAAuthorization to execute a protected uthorization to execute a protected operationoperationRestricted access to Restricted access to a a machine resourcemachine resource
Security PolicySecurity PolicyDetermines permissions based on evidenceDetermines permissions based on evidenceEasily Easily maintainedmaintained by administrator by administrator & policy & policy
No security decision is ever made by the No security decision is ever made by the user!user!
Code Access SecurityCode Access SecurityGranular Permissions Protect ResourcesGranular Permissions Protect Resources
FileIOFileIOFileDialogFileDialogIsolatedStorage IsolatedStorage EnvironmentEnvironmentRegistryRegistryUI UI PrintingPrintingReflection Reflection SecuritySecurity
SocketSocketWebWebOleDbOleDbSQLClientSQLClientMessageQueueMessageQueueEventLogEventLogDirectoryServicesDirectoryServices… … extensible extensible
Execution, Assertion, Skip verification, Execution, Assertion, Skip verification, Unmanaged code, Control evidence, Control Unmanaged code, Control evidence, Control policy, Control principal, Control threadspolicy, Control principal, Control threads
Code Access SecurityCode Access SecurityAll Code in Call Chain is EvaluatedAll Code in Call Chain is Evaluated
MYAPP (INTRANET)MYAPP (INTRANET). . . .. . . .myComponent.ReadSetting(key);myComponent.ReadSetting(key);. . . .. . . .
MYCOMPONENT (LOCALMACHINE)MYCOMPONENT (LOCALMACHINE). . . .. . . .Stream fileStream = FileStream.Open(“settings.xml”);Stream fileStream = FileStream.Open(“settings.xml”);. . . .. . . .
CallsCalls
Got Permission?Got Permission?
Got Permission?Got Permission?
ExceptionException
CallsCalls
FRAMEWORKFRAMEWORKpublic FileStream (string name) {public FileStream (string name) {
FileIOPermission fp = new FileIOPermission(name)FileIOPermission fp = new FileIOPermission(name)fp.Demand()fp.Demand(). . . .. . . .
}}
Code Access SecurityCode Access SecurityStack Walk Stopped by AssertStack Walk Stopped by Assert
MYAPP (INTRANET)MYAPP (INTRANET). . . .. . . .myComponent.ReadSetting(key);myComponent.ReadSetting(key);. . . .. . . .
MYCOMPONENT (LOCALMACHINE)MYCOMPONENT (LOCALMACHINE). . . .. . . .FileIOPermission fp = new FileIOPermissionFileIOPermission fp = new FileIOPermission
(FileIOPermissionAccess.Read, “settings.xml”);(FileIOPermissionAccess.Read, “settings.xml”);fp.Assert();fp.Assert();Stream fileStream = FileStream.Open(“settings.xml”);Stream fileStream = FileStream.Open(“settings.xml”);
CallsCalls
Got Permission?Got Permission?CallsCalls
FRAMEWORKFRAMEWORKpublic FileStream (string name) {public FileStream (string name) {
FileIOPermission fp = new FileIOPermission fp = new FileIOPermission(name)FileIOPermission(name)
fp.Demand()fp.Demand(). . . .. . . .
}}
ReturnsReturns
ReturnsReturns
Code Access SecurityCode Access Security
Running under FullTrust, LocalIntranet Running under FullTrust, LocalIntranet and Internet security permission setsand Internet security permission setsWindows Forms control within a Windows Forms control within a browser pagebrowser pageManaging security policyManaging security policy
AgendaAgenda
Code access securityCode access securityEnabling mobile code scenariosEnabling mobile code scenariosRunning under FullTrust, LocalIntranet Running under FullTrust, LocalIntranet and Internet permission setsand Internet permission setsManaging security policyManaging security policy
Client deploymentClient deploymentDeployment backgroundDeployment backgroundXCopy deploymentXCopy deploymentWindows Installer deploymentWindows Installer deploymentNo-Touch deploymentNo-Touch deployment
Deployment ProblemsDeployment Problems
Installing client apps is Installing client apps is fragilefragileWill the install of app1 break app2?Will the install of app1 break app2?Traditional DLL hell problemTraditional DLL hell problem
Installing client apps is Installing client apps is hard & hard & expensiveexpensive
Must touch every clientMust touch every clientBoth for 1st time install & subsequent Both for 1st time install & subsequent updatesupdates
V1 of the .NET FrameworkV1 of the .NET Framework
Addressed #1 app safety issue, DLL Addressed #1 app safety issue, DLL HellHell
Application isolationApplication isolationControlled versioning of shared Controlled versioning of shared componentscomponentsDid not address application install safetyDid not address application install safety
Began to address ease of deploymentBegan to address ease of deploymentRun from URL / UNC exesRun from URL / UNC exesManaged browser controlsManaged browser controls
XCopy DeploymentXCopy DeploymentSimple file-copy deploymentSimple file-copy deployment
XCOPY or otherwiseXCOPY or otherwiseRun off a share, CD, disk-on-key, etc.Run off a share, CD, disk-on-key, etc.No setup requiredNo setup required
Good candidatesGood candidatesXML Web servicesXML Web servicesASP.NET Web applicationsASP.NET Web applicationsSmall desktop applicationsSmall desktop applications
LimitationsLimitationsCan’t create shortcuts links, Start menu Can’t create shortcuts links, Start menu icon, etc.icon, etc.Can’t configure users, groups, other Can’t configure users, groups, other security issuessecurity issuesCan’t verify dependencies or run Can’t verify dependencies or run installation logicinstallation logicCan’t deploy public assemblies, etc.Can’t deploy public assemblies, etc.
Windows Installer Windows Installer DeploymentDeployment
Proven technologyProven technologyBest option for traditional deployment Best option for traditional deployment Extended to support needs of .NETExtended to support needs of .NETVisual Studio .NET tools:Visual Studio .NET tools:
Uses Windows Installer 2.0Uses Windows Installer 2.0Setup and Deployment project templatesSetup and Deployment project templates
No-Touch DeploymentNo-Touch Deployment
Why not avoid installations altogether?Why not avoid installations altogether?Deploy .NET Windows apps over the Deploy .NET Windows apps over the WebWeb
Rich-client UI married to thin-client Rich-client UI married to thin-client deploymentdeploymentTwo options:Two options:
Internet Explorer 5.01+Internet Explorer 5.01+Application loaderApplication loader
Easily manage securityEasily manage securityAuto-update capabilityAuto-update capability
Byproduct of no-touchByproduct of no-touchUpdater mechanism for installed appsUpdater mechanism for installed apps
No-Touch DeploymentNo-Touch DeploymentUsing Internet ExplorerUsing Internet Explorer
User navigates to URL:User navigates to URL:
IE 5.01+ listens for requested IE 5.01+ listens for requested assembliesassembliesDownloads to assembly download Downloads to assembly download cachecache
C:\windows\assembly\downloadC:\windows\assembly\downloadAssigned IEExec process to launch app Assigned IEExec process to launch app with restricted security settingswith restricted security settingsNot required to run IE firstNot required to run IE firstIf not already open, browser only If not already open, browser only appears momentarilyappears momentarily
<a href=“<a href=“http://myserver/myapp.exehttp://myserver/myapp.exe”>Run my app!</a>”>Run my app!</a>
No-Touch DeploymentNo-Touch DeploymentUsing Assembly.LoadFrom(url)Using Assembly.LoadFrom(url)
Two scenariosTwo scenariosSmall desktop app on clientSmall desktop app on clientURL-launched EXE needs greater accessURL-launched EXE needs greater access
Compile to DLL, not EXECompile to DLL, not EXETrickle-feedTrickle-feed
““On demand” or JIT-loaded assembliesOn demand” or JIT-loaded assembliesBreak up large applicationBreak up large applicationMust factor correctlyMust factor correctly
Dim app As [Assembly] = _Dim app As [Assembly] = _ [Assembly].LoadFrom("http://CORPSVR/Foo/Bar.dll")[Assembly].LoadFrom("http://CORPSVR/Foo/Bar.dll")
No-Touch DeploymentNo-Touch DeploymentChallenges of Auto-Updating Challenges of Auto-Updating ApplicationsApplications
Discovering updatesDiscovering updatesPoll network for available updatesPoll network for available updatesNetworking code and communication Networking code and communication protocolprotocol
Downloading updatesDownloading updatesWithout user’s consentWithout user’s consentInterruptibleInterruptible
Maintaining securityMaintaining securityMost criticalMost criticalMust ensure only installing safe codeMust ensure only installing safe code
Applying updatesApplying updatesWhile the app is runningWhile the app is running
Updater Application Block (UAB)Updater Application Block (UAB)
““Plug-and-play” componentsPlug-and-play” componentsOne of the Microsoft “Patterns and One of the Microsoft “Patterns and Practices”Practices”Or, build your own:Or, build your own:
Custom controllersCustom controllersCustom downloadersCustom downloadersCustom validatorsCustom validatorsCustom post-processorsCustom post-processors
Fully documented and extensibleFully documented and extensiblehttp://msdn.microsoft.com/library/default.asp?http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnbda/html/updater.aspurl=/library/en-us/dnbda/html/updater.asp
Updater Application BlockUpdater Application BlockSelf-Update ScenarioSelf-Update Scenario
1.01.0
AppStart.exeAppStart.exe
MyAppMyApp
1.11.1
AppStart.exeAppStart.exe
AppStart.configAppStart.config
MyApp V1 MyApp V1 DomainDomain
Web ServerWeb Server
Check manifestCheck manifestfor updatesfor updates
Download updatesDownload updatesusing BITSusing BITS
MyApp V1.1 MyApp V1.1 DomainDomain
HTTPHTTP
Client DeploymentClient Deployment
Updater Application BlockUpdater Application Block
No-Touch DeploymentNo-Touch DeploymentComparison of All Three OptionsComparison of All Three Options
IEIE App LoaderApp Loader UABUAB
No-Touch No-Touch DeploymentDeployment XX MostlyMostly Server onlyServer only
Auto-updateAuto-update XX XX XX
Trickle-feedTrickle-feed XX XX
OfflineOffline XX
Full TrustFull Trust XX
Win 9xWin 9x XX XX
ClickOnceClickOnceNew with the .NET Framework 2.0New with the .NET Framework 2.0
Bring the Bring the easeease & & reliabilityreliability of of web application deployment web application deployment to client applications. to client applications.
ClickOnceClickOnceDevelopment ExperienceDevelopment Experience
Integrated VS SupportIntegrated VS SupportIntegrated to core project systemIntegrated to core project systemSetup is not a post-development Setup is not a post-development operationoperation
Publish WizardPublish WizardCopies application to web serverCopies application to web serverFTP, UNC, FrontPage Server ExtensionsFTP, UNC, FrontPage Server Extensions
Client DeploymentClient Deployment
Building, deploying & updating a client Building, deploying & updating a client application with ClickOnceapplication with ClickOnce
The Best of the Client & WebThe Best of the Client & Web
WebWeb ClickClickOnceOnce
MSI MSI ClientClient
ReachReach YY
No Touch DeploymentNo Touch Deployment YY YY
Low System ImpactLow System Impact YY YY
Install/Run Per-UserInstall/Run Per-User YY YY
Rich / InteractiveRich / Interactive YY YY
OfflineOffline YY YY
Windows Shell IntegrationWindows Shell Integration YY YY
Per-Machine/Shared Per-Machine/Shared ComponentsComponents
YY
Unrestricted Install Unrestricted Install YY
Run & Update from the WebRun & Update from the Web
Deployment Manifest
1.0
Deployment Manifest
1.0Application Manifest
1.0
Application Manifest
1.0
Web Page w/ Link to Manifest
Web Page w/ Link to Manifest Application
Manifest
1.1
Application Manifest
1.1
Assembly List…
1.1
Assembly List…
ClickOnce APIsClickOnce APIs
Update SupportUpdate SupportControl when & how the app updatesControl when & how the app updatesCheckForUpdate(), Update(), etc..CheckForUpdate(), Update(), etc..
On-Demand SupportOn-Demand SupportDownload files as neededDownload files as neededDownload only required files at 1st installDownload only required files at 1st installUse API to trigger download of files as Use API to trigger download of files as neededneededReplaces Assembly.LoadFrom()Replaces Assembly.LoadFrom()
Call to actionCall to action
Code access securityCode access security
Client deploymentClient deploymentUse Updater Application Block todayUse Updater Application Block todayUse ClickOnce tomorrowUse ClickOnce tomorrow
MSDN ConnectionMSDN Connection
Get personalised info & a customised Get personalised info & a customised RSS feedRSS feed
The programming language(s) you’re The programming language(s) you’re interested ininterested inThe technology area(s) you’re interested inThe technology area(s) you’re interested inThe information you wantThe information you want
View news, technical resources, events, View news, technical resources, events, webcasts and community informationwebcasts and community informationSign up for MSDN Connection at:Sign up for MSDN Connection at:
http://www.microsoft.com/http://www.microsoft.com/uk/msdnuk/msdn
Additional InformationAdditional InformationPost Events SitePost Events Site
All information on past events, slide decks etcAll information on past events, slide decks etchttp://www.microsoft.com/http://www.microsoft.com/uk/msdn/posteventsuk/msdn/postevents
The UK MSDN Site & FlashThe UK MSDN Site & FlashLocal news, events, webcastsLocal news, events, webcasts
http://www.microsoft.com/uk/msdnhttp://www.microsoft.com/uk/msdnRegister to received the bi-weekly MSDN Flash by Register to received the bi-weekly MSDN Flash by emailemail
http://www.microsoft.com/http://www.microsoft.com/uk/msdn/flash.aspxuk/msdn/flash.aspx
Try Visual StudioTry Visual Studiohttp://www.microsoft.com/http://www.microsoft.com/vstudio/tryitvstudio/tryit
Take a look at the Express productsTake a look at the Express productshttp://http://msdn.microsoft.commsdn.microsoft.com/express/express
GotDotNet and ASP.NET – lots of excellent GotDotNet and ASP.NET – lots of excellent resourcesresources
http://www.gotdotnet.comhttp://www.gotdotnet.comhttp://http://www.asp.netwww.asp.net
Useful Resources on the Useful Resources on the InternetInternet
Web sitesWeb siteshttp://msdn.microsoft.com/securityhttp://msdn.microsoft.com/securityhttp://http://msdnmsdn.microsoft.com.microsoft.com/smartclient/smartclienthttp://windowsforms.nethttp://windowsforms.net
NewsgroupsNewsgroupshttp://msdn.microsoft.com/newsgroupshttp://msdn.microsoft.com/newsgroupsnews://microsoft.public.dotnet.framework news://microsoft.public.dotnet.framework news://microsoft.public.dotnet.frameworknews://microsoft.public.dotnet.framework
.windowsforms.windowsforms
Books on .NET SecurityBooks on .NET Security
.NET Framework Security.NET Framework SecurityLaMacchia et al., Addison-WesleyLaMacchia et al., Addison-WesleyISBN 0-672-32184-XISBN 0-672-32184-XBible for both administrators and Bible for both administrators and developersdevelopers
Visual Basic Code Security HandbookVisual Basic Code Security HandbookEric Lippert, Wrox PressEric Lippert, Wrox PressISBN 1-86100-747-7ISBN 1-86100-747-7Practical guide for developers with lots of Practical guide for developers with lots of code examplescode examplesChapters on best practice and worst Chapters on best practice and worst practicepractice
© 2004 Microsoft Corporation. All rights reserved.This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.