SECURITY ISSUES

Introduction The.NET Framework includes a comprehensive set of security tools –Low-level classes and an overall framework –Managing code access security and role-based security –Applies to Web services, Windows apps, Windows services, remoting applications The.NET Framework includes a comprehensive set of security tools –Low-level classes and an overall framework –Managing code access security and role-based security –Applies to Web services, Windows apps, Windows services, remoting applications

Configuring Security Broadly speaking,.NET security is divided into two separate areas: –Code access security – manages the security of the code itself –Role-based security – manages the user rather than the code Broadly speaking,.NET security is divided into two separate areas: –Code access security – manages the security of the code itself –Role-based security – manages the user rather than the code

Understanding Code Access Security Controls what the code can do on your computer, regardless of where it comes from Centers on permissions to use resources Controls what the code can do on your computer, regardless of where it comes from Centers on permissions to use resources

Concepts Involved in Code Access Security Permissions Code groups Permission sets Permissions Code groups Permission sets

Understanding Permissions Based on specific permissions granted by the CLR E.g. code that wishes to write to the Windows Registry requires RegistryPermission permission Based on specific permissions granted by the CLR E.g. code that wishes to write to the Windows Registry requires RegistryPermission permission

Types of Permission Requests Code can make permission requests: –Minimum permissions that it requires to run –Optional permissions –Refuse permissions – ensures it does not have access to particular resources –Demand permissions of the CLR Code can make permission requests: –Minimum permissions that it requires to run –Optional permissions –Refuse permissions – ensures it does not have access to particular resources –Demand permissions of the CLR

Granting Permissions The CLR decides whether a particular permission should be granted If a module is unable to obtain the minimum permissions it needs, the code does not execute The computer’s security settings determine the maximum permissions to be granted The CLR decides whether a particular permission should be granted If a module is unable to obtain the minimum permissions it needs, the code does not execute The computer’s security settings determine the maximum permissions to be granted

Types of Permissions Code access permissions – access to protected resources Identity permissions – based on credentials that are part of the code itself Role-based permissions – based on the user who will run the code Code access permissions – access to protected resources Identity permissions – based on credentials that are part of the code itself Role-based permissions – based on the user who will run the code

Code Access Permissions in the.NET Framework DirectoryServicePermission DnsPermission EnvironmentPermission EventLogPermission FileDialogPermission DirectoryServicePermission DnsPermission EnvironmentPermission EventLogPermission FileDialogPermission

Code Access Permissions in the.NET Framework (cont’d) FileIOPermission IsolatedStorageFilePermission IsolatedFilePermission MessageQueuePermission OleDBPermission FileIOPermission IsolatedStorageFilePermission IsolatedFilePermission MessageQueuePermission OleDBPermission

Code Access Permissions in the.NET Framework (cont’d) PerformanceCounterPermission PrintingPermission ReflectionPermission RegistryPermission SecurityPermission PerformanceCounterPermission PrintingPermission ReflectionPermission RegistryPermission SecurityPermission

Code Access Permissions in the.NET Framework (cont’d) ServiceControllerPermission SocketPermission SqlClientPermission UIPermission WebPermission ServiceControllerPermission SocketPermission SqlClientPermission UIPermission WebPermission

Code Groups A code group is a set of assemblies that share a security context You define a code group by specifying the membership condition for the group The.NET Framework supports seven different membership conditions for code groups A code group is a set of assemblies that share a security context You define a code group by specifying the membership condition for the group The.NET Framework supports seven different membership conditions for code groups

Membership Conditions Application directory –Selects all code in the installation directory of the running application Cryptographic hash –Selects all code that matches a specific cryptographic hash. Effectively limits code group to a single assembly Application directory –Selects all code in the installation directory of the running application Cryptographic hash –Selects all code that matches a specific cryptographic hash. Effectively limits code group to a single assembly

Membership Conditions (cont’d) Software publisher –Selects all code from a specified publisher, verified by Authenticode signing Site –Selects all code from a particular Internet domain Software publisher –Selects all code from a specified publisher, verified by Authenticode signing Site –Selects all code from a particular Internet domain

Membership Conditions (cont’d) Strong name –Selects all code with a specific strong name URL –Selects all code from a specific URL Strong name –Selects all code with a specific strong name URL –Selects all code from a specific URL

Membership Conditions (cont’d) Zone –Selects all code from a specified security zone: InternetLocal intranet Trusted sitesMy Computer Untrusted sites Zone –Selects all code from a specified security zone: InternetLocal intranet Trusted sitesMy Computer Untrusted sites

Permission Sets A set of one or more code access permissions that are granted as a unit To grant a single permission, create a permission set with only 1 permission The.NET Framework supplies seven built-in permission sets A set of one or more code access permissions that are granted as a unit To grant a single permission, create a permission set with only 1 permission The.NET Framework supplies seven built-in permission sets

Built-in Permission Sets Nothing –grants no permissions Execution –Can run, but no access to protected resources Nothing –grants no permissions Execution –Can run, but no access to protected resources

Built-in Permission Sets (cont’d) Internet –Grants limited permissions for code of unknown origin LocalIntranet –Grants high permissions designed for code within the enterprise Internet –Grants limited permissions for code of unknown origin LocalIntranet –Grants high permissions designed for code within the enterprise

Built-in Permission Sets (cont’d) Everything –Grants all permissions except for permission to skip verification SkipVerification –Grants permission to skip security checks Everything –Grants all permissions except for permission to skip verification SkipVerification –Grants permission to skip security checks

Built-in Permission Sets (cont’d) FullTrust –Grants full access to all resources –Includes all permissions FullTrust –Grants full access to all resources –Includes all permissions

Granting Permissions The easiest way to grant or deny permissions is to work with the.NET Framework Configuration tool Located at: –Control Panel -> Administrative Tools -> Microsoft.NET Framework 2.0 Configuration -> My Computer -> Runtime Security Policy -> User -> Permissions Sets The easiest way to grant or deny permissions is to work with the.NET Framework Configuration tool Located at: –Control Panel -> Administrative Tools -> Microsoft.NET Framework 2.0 Configuration -> My Computer -> Runtime Security Policy -> User -> Permissions Sets

Imperative Security Requesting permissions via attributes is known as declarative security With imperative security, you create objects to represent the permissions your code requires Requesting permissions via attributes is known as declarative security With imperative security, you create objects to represent the permissions your code requires

Impersonation Allows ASP.NET to take on the identity of an authenticated user Applies only to applications that use ASP.NET to communicate with server ASP.NET impersonation is controlled by entries in the appicable web.config file;Ex: – Allows ASP.NET to take on the identity of an authenticated user Applies only to applications that use ASP.NET to communicate with server ASP.NET impersonation is controlled by entries in the appicable web.config file;Ex: –

Impersonation (cont’d) By default, ASP.NET runs as an unprivileged account named ASPNET When impersonation is disabled, all requests will run in the context of the account running ASP.NET By default, ASP.NET runs as an unprivileged account named ASPNET When impersonation is disabled, all requests will run in the context of the account running ASP.NET

Impersonation (cont’d) If enabled, ASP.NET takes on the identity passed to it by IIS If you are not allowing anonymous access, ASP.NET will take on the credentials of the authenticated user and make requests for resources as if it were actually that user If enabled, ASP.NET takes on the identity passed to it by IIS If you are not allowing anonymous access, ASP.NET will take on the credentials of the authenticated user and make requests for resources as if it were actually that user

Role-Based Security User is a member of a group Authorization is handled by role-based security Implemented through two objects: –WindowsIdentity –WindowsPrincipal User is a member of a group Authorization is handled by role-based security Implemented through two objects: –WindowsIdentity –WindowsPrincipal

The WindowsIdentity Object Represents the Windows user who is running the current code Properties of this object allow you to retrieve information about the user; e.g: –Username –Authentication method Represents the Windows user who is running the current code Properties of this object allow you to retrieve information about the user; e.g: –Username –Authentication method

The WindowsPrincipal Object Adds functionality to the WindowsIdentity object Represents the entire security context of the user When the CLR determines which role- based permissions to assign to your code, it inspects the WindowsPrincipal object Adds functionality to the WindowsIdentity object Represents the entire security context of the user When the CLR determines which role- based permissions to assign to your code, it inspects the WindowsPrincipal object

Verifying Role Membership Use the IsInRole() method of the WindowsPrincipal object Results of using this method can be used to modify application’s user interface Use the IsInRole() method of the WindowsPrincipal object Results of using this method can be used to modify application’s user interface

IsInRole() Method Three available overloads for this method: –IsInRole(WindowsBuiltInRole) –IsInRole(String)name of user –IsInRole(Integer)role identifier (RID) Three available overloads for this method: –IsInRole(WindowsBuiltInRole) –IsInRole(String)name of user –IsInRole(Integer)role identifier (RID)

Configuring Web Services Security The chief challenge is to decide how to authenticate users After a user has been authenticated, a Web service is a Windows application You can use the same declarative and imperative security tools that you use with other applications The chief challenge is to decide how to authenticate users After a user has been authenticated, a Web service is a Windows application You can use the same declarative and imperative security tools that you use with other applications

Authenticating Users for Web Services If you need to authorize access to resources based on the caller’s identity, use impersonation If all users need to access same resources, Web server performs authentication without impersonation On production servers, you should disable HTTP- GET and HTTP-POST, limiting them to SOAP access If you need to authorize access to resources based on the caller’s identity, use impersonation If all users need to access same resources, Web server performs authentication without impersonation On production servers, you should disable HTTP- GET and HTTP-POST, limiting them to SOAP access