610 likes | 814 Views
.NET Framework Application Security Overview. Gunther Beersaerts guntherb@microsoft.com Microsoft Corporation. Agenda. Security 101 .NET Framework Security Features Code Access Security Role-Based Security Cryptography Securing ASP.NET Web Applications Securing ASP.NET Web Services.
E N D
.NET Framework Application Security Overview Gunther Beersaerts guntherb@microsoft.com Microsoft Corporation
Agenda • Security 101 • .NET Framework Security Features • Code Access Security • Role-Based Security • Cryptography • Securing ASP.NET Web Applications • Securing ASP.NET Web Services
Agenda • Security 101 • .NET Framework Security Features • Code Access Security • Role-Based Security • Cryptography • Securing ASP.NET Web Applications • Securing ASP.NET Web Services
Security 101Overview of Security Technologies • Developers need to understand, use and apply: • Encryption • Hashing • Digital signatures • Digital certificates • Secure communication • Authentication • Authorization • Firewalls • Auditing • Service packs and updates
Security 101Encryption • Encryption is the process of encoding data • To protect a user’s identity or data from being read • To protect data from being altered • To verify that data originates from a particular user • Encryption can be: • Asymmetric • Symmetric
User B User A Data Data Data Hash Algorithm Hash Value If hash values match, data is valid Hash Algorithm Hash Value Hash Value User A sends data and hash value to User B Security 101Verifying Data Integrity with Hashes
User B User A Hash Algorithm Data Data Hash Algorithm User A Public Key Hash Value Hash Value Hash Value User A Private key Security 101Digital Signatures If hash values match, data came from the owner of the private key and is valid
Security 101How Digital Certificates work? Private Key User Private/Public Key Pair Computer Public Key Service Application Certification Authority Certified Administrator
Security 101Secure Communication Technologies • Technologies include: • IPSec • SSL • TLS • RPC encryption IPSec RPC Encryption SSL/TLS
Agenda • Security 101 • .NET Framework Security Features • Code Access Security • Role-Based Security • Cryptography • Securing ASP.NET Web Applications • Securing ASP.NET Web Services
.NET Framework SecurityIn General • .NET CLR controls execution of managed code • .NET Framework Security is part of the CLR • .NET Framework Security includes many features: • Managed Execution • Type-Safe System • Buffer Overrun Protection • Arithmetic Error Trapping • Strong-Named Assemblies • Isolated Storage • ... • Important: Complements Windows Security
.NET Framework SecurityType Safety System • Type-safe code: • Prevents buffer overruns • Restricts access to authorized memory locations • Allows multiple assemblies to run in same process • App Domains provide: • Increased performance • Increased code security
.NET Framework SecurityBuffer Overrun Protection • Managed Code does not deal with raw pointers (char *,…) • Instead, .NET CLR uses Framework Classes • System.String • .NET System.String objects are immutable • System.Text.StringBuilder • System.Text.StringBuilder class checks buffer bounds • Throws exception if attempts to overwrite internal buffer • Type-verification prevents arbitrary memory overwrites void CopyString (string src) { stringDest = src; }
.NET Framework SecurityArithmetic Error Trapping • Arithmetic error trapping is achieved by using: • The checked keyword • Project settings byte b=0; while (true) { Console.WriteLine (b); checked { b++; } }
Type Safety System Investigating .NET Data-Type Safety Using the checked keyword
.NET Framework SecurityStrong Named Assemblies • Strong names are: • Unique identifiers (containing a public key) • Used to digitally sign assemblies • Why strong-named assemblies? • Prevent tampering • Confirm the identity of the assembly’s publisher • Allow side-by-side components sn –k MyFullKey.snk
.NET Framework SecurityIsolated Storage • Provides a virtual file system • Allows quotas • Implements file system isolation based on: • Application identity • User identity IsolatedStorageFile isoStore = IsolatedStorageFile.GetUserStoreForAssembly();
.NET Framework SecurityWhat did we learn? • Use managed code ! • Type-Safe System • Buffer Overrun Protection • Arithmetic Error Trapping • Strong-Named Assemblies • Isolated Storage
Agenda • Security 101 • .NET Framework Security Features • Code Access Security • Role-Based Security • Cryptography • Securing ASP.NET Web Applications • Securing ASP.NET Web Services
Code Access SecurityEvidence-Based Security • Evidence works on top of Win32 security • .NET Framework • Collects info about an Assembly • Presents info to the Security system • CLR decides if code is allowed to execute • Evidence • Assessed when assembly is loaded • Determines permissions for assembly • Evidence can include assembly’s: • Strong name information • URL • Zone • Authenticode signature
Call to ReadFile Call to ReadFile Code Access Security Security Check Stack Walk 1. An assembly requests access to a method in your assembly 2. Your assembly passes the request to a .NET Framework assembly 3. The security system ensures that all callers in the stack have the required permissions 4. The security system grants access or throws an exception Call Stack SomeAssembly Grant: Execute YourAssembly Grant: ReadFile Permission Demand Security System .NET Framework Assembly Security exceptionAccess denied Grant access? Grant: ReadFile
Code Access Security Types of Security Checks • Imperative security checks • Create Permission objects • Call Permission methods (Demand,…) • Declarative security checks • Use Permission attributes • Apply to methods or classes • Overriding security checks • Use the Assert method • Prevent the stack walk
Code Access Security Permissions Requests • Used by developers to state required permissions • Implemented by attributes • Prevents an assembly from loading • When minimum permissions are not available • Rather than wait for unauthorized operation //I will only run if I can call unmanaged code [assembly:SecurityPermission (SecurityAction.RequestMinimum, UnmanagedCode=true)]
Code Access Security Using the .NET Framework Configuration Tool Performing Security Checks Requesting Permissions
Code Access Security Partial Trust Applications • .NET Framework 1.0 • All ASP.NET web applications ran with full trust • No CAS could be applied • .NET Framework 1.1 • Provides partial trust levels to ASP.NET • Full • High • Medium • Low • Minimal
Code Access Security Sandboxing Privileged Code Permissions Demanded / Asserted AllowPartiallyTrustedCallers attribute added Assembly installed into the Global Assembly Cache Resource Access Secured Resource Partial Trust Web Application Wrapper Assembly Sandboxed Code <trust level_”Medium” originUri_--/>
Code Access SecurityWhat did we learn? • Use managed code ! • Evidence is Assembly based • Security Stack Walk • Types of Security Checks • Imperative, Declarative, Overridable • Partially Trusted Applications
Agenda • Security 101 • .NET Framework Security Features • Code Access Security • Role-Based Security • Cryptography • Securing ASP.NET Web Applications • Securing ASP.NET Web Services
Role-Based SecurityAuthentication & Authorization • Authentication asks:"Who are you?""Am I sure you are who you say you are?“ • Authorization asks:"Are you allowed to … ?"
Role-Based Security Identities and Principals • Identity • Contains information about a user • Example: Logon name • Principal • Contains role information about a user or computer • .NET Framework provides: • WindowsIdentity and WindowsPrincipal objects • GenericIdentity and GenericPrincipal objects
Role-Based Security Creating Windows Identities and Principals • Use WindowsIdentity and WindowsPrincipal • For Single validation WindowsIdentity myIdent = WindowsIdentity.GetCurrent(); WindowsPrincipal myPrin = new WindowsPrincipal(myIdent); For Repeated validation AppDomain.CurrentDomain.SetPrincipalPolicy(PrincipalPolicy.WindowsPrincipal); WindowsPrincipal myPrin = System.Threading.Thread.CurrentPrincipal;
Role-Based Security Creating Generic Identities and Principals • Create a GenericIdentity and a GenericPrincipal GenericIdentity myIdent = new GenericIdentity("User1"); string[] roles = {"Manager", "Teller"}; GenericPrincipal myPrin = new GenericPrincipal(myIdent, roles); Attach the GenericPrincipal to the current thread System.Threading.Thread.CurrentPrincipal = myPrin;
Role-Based Security Performing Security Checks • Use Identity and Principal members in code • For example, using the Name property of the Identity object to check the user’s logon name if (String.Compare(myPrin.Identity.Name, "DOMAIN\\Gerd", true)==0) { // Perform some action } • Example: using IsInRole method of the Principal object to check role membership if (myPrin.IsInRole("BUILTIN\\Administrators")) { // Perform some action }
Role-Based Security Imperative and Declarative Security Checks • Use permissions to make role-based security checks • Imperative checks PrincipalPermission prinPerm = new PrincipalPermission("Teller", “Manager”, true); try { prinPerm.Demand(); //Does the above match the active principal? } • Declarative checks [PrincipalPermission(SecurityAction.Demand, Role="Teller", Authenticated=true)]
Role-Based Security Using Windows Role-Based Security Using Generic Role-Based Security
Role-Based SecurityWhat did we learn? • Use managed code ! • Authentication vs Authorization • Identities vs Principals • WindowsIdentity vs GenericIdentity • WindowsPrincipal vs GenericPrincipal
Agenda • Security 101 • .NET Framework Security Features • Code Access Security • Role-Based Security • Cryptography • Securing ASP.NET Web Applications • Securing ASP.NET Web Services
CryptographyReview The .NET Framework providesclasses that implement these operations
CryptographyUsing Symmetric Algorithms • Choose an algorithm • TripleDESCryptoServiceProvider • RijndaelManaged • Generate a secret key • Use secret key to encrypt and decrypt data: • FileStream • MemoryStream • NetworkStream
CryptographyUsing Asymmetric Algorithms • Choose an algorithm • RSACryptoServiceProvider • DSACryptoServiceProvider • Generate a private and publickey pair • Encrypt or decrypt data
.NET Framework Encryption Performing Symmetric Encryption Signing Data
CryptographyWhat did we learn? • Use managed code ! • Symmetric Encryption • Assymmetric Encryption • Data Signing & Verification
Agenda • Security 101 • .NET Framework Security Features • Code Access Security • Role-Based Security • Cryptography • Securing ASP.NET Web Applications • Securing ASP.NET Web Services
Configure IIS to use Anonymous authentication Set forms-based authentication in Web.config Set up authorization in Web.config Build a logon form Securing ASP.NETConfiguring Form-Based Authentication <system.web> <authentication mode="Forms"> <forms loginUrl="WebForm1.aspx"/> </authentication> <authorization> <deny users="?"/> </authorization> </system.web>
Securing ASP.NETForm-Based Authentication Enhancements • Developers can require secure cookies <authentication mode="Forms"> <forms loginUrl="login.aspx" protection="All" requireSSL="true" timeout="10" name="AppNameCookie" path="/FormsAuth" slidingExpiration="true" </forms> </authentication> Developer can create application-specific keys
User Enters Data Error Message No Valid? Valid? Yes Client Server No Yes Web ApplicationProcessed Securing ASP.NETValidation Controls • Client-side validation • Provides instant feedback • Reduces postback cycles • Server-side validation • Repeats all client-side validation • Validates against stored data, if required