Security & .NET 12/1/2018.

Slides:



Advertisements
Similar presentations
.NET Technology. Introduction Overview of.NET What.NET means for Developers, Users and Businesses Two.NET Research Projects:.NET Generics AsmL.
Advertisements

Web Services Security Requirements Stephen T. Whitlock Security Architect Boeing.
Tuesday, June 10, 2003 Web Services Brief Overview & Security Assertion Coordinator Pattern by Mohammad Abushadi & Riaz Ahmed for Security Group CSE -
PIS: Unit III Digital Signature & Authentication Sanjay Rawat PIS Unit 3 Digital Sign Auth Sanjay Rawat1 Based on the slides of Lawrie.
Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
.NET Framework Overview Pingping Ma Nov 16 th, 2006.
Exchange Network Key Management Services A Security Component February 28, 2005 The Exchange Network Node Mentoring Workshop.
Latest techniques and Applications in Interprocess Communication and Coordination Xiaoou Zhang.
Using Internet Information Server And Microsoft ® Internet Explorer To Implement Security On The Intranet HTTP.
Access Control in IIS 6.0 Windows 2003 Server Prepared by- Shamima Rahman School of Science and Computer Engineering University of Houston - Clear Lake.
Secure Systems Research Group - FAU Web Services Standards Presented by Keiko Hashizume.
Matt Steele Senior Program Manager Microsoft Corporation SESSION CODE: SIA326.
Chapter 3 Mohammad Fozlul Haque Bhuiyan Assistant Professor CITI Jahangirnagar University.
CIS 375—Web App Dev II Microsoft’s.NET. 2 Introduction to.NET Steve Ballmer (January 2000): Steve Ballmer "Delivering an Internet-based platform of Next.
Web Services Security Standards Overview for the Non-Specialist Hal Lockhart Office of the CTO BEA Systems.
.NET Framework Danish Sami UG Lead.NetFoundry
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 22 – Internet Authentication.
XML Web Services Architecture Siddharth Ruchandani CS 6362 – SW Architecture & Design Summer /11/05.
Random Logic l Forum.NET l Web Services Enhancements for Microsoft.NET (WSE) Forum.NET ● October 4th, 2006.
Web Services Presented By : Noam Ben Haim. Agenda Introduction What is a web service Basic Architecture Extended Architecture WS Stacks.
Intro to dot Net Dr. John Abraham UTPA CSCI 3327.
O.C.E.A.N Open Computation Exchange and Auctioning Network.
S imple O bject A ccess P rotocol Karthikeyan Chandrasekaran & Nandakumar Padmanabhan.
Wireless and Mobile Security
Web Services Trenton Fairbanks Sung Wan Kim Laura Samartin Jumpei Takatsuki.
Andrew J. Hewatt, Gayatri Swamynathan and Michael T. Wen Department of Computer Science, UC-Santa Barbara A Case Study of the WS-Security Framework.
Active X and Signed Applets Chad Bollard. Overview ActiveX  Security Features  Hidden Problems Signed Applets  Security Features  Security Problems.
Introduction to Oracle Forms Developer and Oracle Forms Services
SharePoint Authentication and Authorization
Introduction to Visual Basic. NET,. NET Framework and Visual Studio
Secure Connected Infrastructure
.NET Omid Darroudi.
Stop Those Prying Eyes Getting to Your Data
TOPIC: Applications of Web Technologies in Distributed Systems
Security Outline Encryption Algorithms Authentication Protocols
Cryptography and Network Security
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 1: Overview of Planning A Windows Server 2003 Network.
Introduction to Oracle Forms Developer and Oracle Forms Services
Introduction to Visual Basic 2008 Programming
Architecting Web Services
WEB SERVICES.
Cryptography and Network Security
Web Service Interview/VIVA
Introduction to Oracle Forms Developer and Oracle Forms Services
Architecting Web Services
Web Services Security.
Visual Studio Tools for Office 2005
Authentication Applications
Module 8: Securing Network Traffic by Using IPSec and Certificates
CCNA Network Fundamentals
Enterprise Library Overview
Introduction How to combine and use services in different security domains? How to take into account privacy aspects? How to enable single sign on (SSO)
COMP3220 Web Infrastructure COMP6218 Web Architecture
Security mechanisms and vulnerabilities in .NET
Message Digest Cryptographic checksum One-way function Relevance
Office 365 Development July 2014.
Enterprise Service Bus (ESB) (Chapter 9)
NAAS 2.0 Features and Enhancements
Sukumara T, Janne S, Kishan SG, Harish G, Eashwar / Presented to CIGRE Colloquium, Mysore, Cyber Security - Secure communication design for.
Building Systems That Flexibly Control Downloaded Executable Content
Objective Understand the concepts of modern operating systems by investigating the most popular operating system in the current and future market Provide.
CIS16 Application Development – Programming with Visual Basic
Multi-party Authentication in Web Services
SAMANVITHA RAMAYANAM 18TH FEBRUARY 2010 CPE 691
Module 8: Securing Network Traffic by Using IPSec and Certificates
Objective Understand the concepts of modern operating systems by investigating the most popular operating system in the current and future market Provide.
Web Services Enhancements 2.0
Presentation transcript:

Security & .NET 12/1/2018

Contents Introduction Security : overview Architectures Conclusion .NET Framework Architectures Conclusion 12/1/2018 Varaprasad Reddy

Introduction Advent of Networking Sharing through Internet Distributed environment Challenges of Dist. Environment Security Key goal of .NET: Securely Manage who ,and what, accesses their data 12/1/2018

Security : overview .NET Framework Foundation for .NET dev. Technologies Basis for easy building , deploying & executing : XML based web services web applications client applications 12/1/2018

Security ( Contd.. ) .NET Framework CLR Execution engine for .NET Framework based apps Functions Code Management Memory Management for apps & objs Security rules enforcement Access control for code Interoperation between code & pre-existing COM objs 12/1/2018

Security ( contd.. ) .NET Framework Class Libraries Provides functionality for : User interface design Threading Security Management NT communications etc. 12/1/2018

Security ( contd.. ) .NET Framework Security features Role-based Evidence-based Code-based Cryptography 12/1/2018

Security ( contd.. ) Role-based Security Applications use role-based security to enforce business rule constraints Individuals are grouped into roles with varying levels of access .NET role-based security works by making user and role information available to the current thread Unified model for Authentication & Authorization 12/1/2018

Security ( Contd.. ) Role-based Security (Contd..) Authentication : Examining user credentials Authorization : Analyzing user roles – what rights and operations allowed to perform .NET Framework provides support for common authentication protocols KERBEROS SSL/TLS etc. 12/1/2018

Security ( Contd.. ) Role-based Security (Contd..) .NET Framework also enables Developers to incorporate .NET passport authentication & cookie based authentication Great deal of flexibility with authorization Ex. devs can use XML to designate to what level of access users have etc. 12/1/2018

Security ( Contd.. ) Evidence-based granting access based on evidence shown ex: Code signed with a certain key or having certain hash value gives more granular support for admins to control dangerous , partially trusted code 12/1/2018

Security ( Contd.. ) Code – Access Similar to evidence based Ex. code residing in a directory Similar access as in evidence-based Four different possibilities: Trusted user , un-trusted code Un-trusted user , trusted code Trusted user , Trusted code Un-trusted user , Un-trusted code 12/1/2018

Security ( Contd.. ) Code-Access (Contd..) Hence has to authorize both users and code No runtime security decisions by users Code is verified by memory type safe only access objects it has reference to only use defined interfaces to objects also , well informed metadata and instructions 12/1/2018

Permissions can always be defined to limit access to system resources Code-Access ( Contd.. ) C# , VB verifiable C++ not verifiable Permissions can always be defined to limit access to system resources Stack walk Demand must be satisfied by all callers 12/1/2018

Security ( Contd.. ) Cryptography .NET Framework includes functions for Encryption Hashing Digital signatures Random No. generation 12/1/2018

Architectures Global XML Web Services Architecture (GXA) XML web services are the building blocks in the move to distributed computing on internet. These web services provide greater level of interoperability through numerous protocols XML SOAP UDDI GXA is Microsoft’s Web service architecture with added reliability and security 12/1/2018

Architectures (Contd..) GXA ( Contd.. ) Key design principles : Modularity Built on modular components which can be used to create solutions giving exact set of features General purpose Designed for variety of XML web service scenarios including B2B , B2C , P2P apps Federated Standards based Built on standard XML web services and protocols 12/1/2018

Architectures (Contd..) GXA ( Contd.. ) Security in GXA Using WS-Security specification defines Std. set of SOAP extensions for implementing integrity and confidentiality in Web services applications Provides standard mechanisms to exchange secure, signed messages in a Web services environment Provides an important foundation layer that will help developers build more secure and broadly interoperable Web services. 12/1/2018

Architectures (Contd..) .NET Passport Centralized model of FIM Subsequent sites gets user authentication info by CCD (Component configuration Document) CCD is an XML doc. 12/1/2018

Conclusion XML playing crucial role in distributed env .NET provides means for the info to travel seamlessly and securely between applications , web sites and devices. .NET provides all round security in to the new world of distributed computing and WS. 12/1/2018

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.