Implementing
Application Security Using the Microsoft .NET Framework
In this article we are going to discuss the application security using Microsoft® .NET Framework. Specifically, we will discuss:
.NET Framework security features.
Code access security.
Role-based security.
Cryptography.
Securing Microsoft ASP.NET Web applications.
Securing ASP.NET Web services.
I assume that reader have Development experience with Microsoft Visual Basic®, Microsoft Visual C++®, or C#
Experience building Microsoft Windows® or Web applications using the .NET Framework.
The .NET common language runtime controls the execution of .NET code. The .NET Framework security system is part of the common language runtime.
The .NET Framework includes many features that you will cover soon in this article, such as type checking for safe type-conversions, secure exception management, and code access security control.
.NET Framework security is designed to complement the security provided by Microsoft Windows®. It does not override Windows-based security. For example, if a Windows access control list (ACL) restricts access to a file, the .NET Framework does not override this security.
.NET Managed Execution Security
The .NET Framework security features
Assist you in developing secure applications
Include many components, including:
Type Checker
Exception Manager
Security Engine
Complement Windows Security
A Type-Safe System
Type-safe code:
Prevents buffer overruns
Restricts access to authorized memory locations
Allows multiple assemblies to run in the same process
App Domains provide:
Increased performance
Increased code security
Type-safety verification is the cornerstone of .NET Framework security because it prevents access to unauthorized memory locations. This allows you to consistently enforce security policy. For example, code cannot overrun a buffer and cause execution to jump to an arbitrary memory location.
Type-safety verification allows the common language runtime to run more than one type-safe assembly in the same process. These sub-processes are called application domains. Application domains are especially useful in server scenarios in which the overhead of using many processes may slow system performance.
In the past, the use of dynamic-link library (DLL)-based components was preferred for efficiency reasons, because EXE-based components were seen to be more secure and robust (due to the Microsoft Win32® virtual address space architecture). However, .NET supports the concept of an App Domain. An App Domain can be thought of as a process within a process, which provides good performance (like a DLL-based component), excellent security, and robustness.
• Managed code typically does not deal with raw pointers (such as a char *). Instead, the .NET runtime uses classes such as System.String and System.Text.StringBuilder, which are managed by .NET type-verification checks.
• A String is an immutable object, which vastly alleviates the buffer overrun issue. Consider the following code:
void CopyString (string src)
{
stringDest = src;
}
When the code executes, a new resultant string object will be created, and the reference stringDest will be altered to refer to that string. Therefore, a buffer overrun is not possible.
Another string class found in the .NET Framework is StringBuilder. StringBuilder is also a robust class and will throw an exception if an attempt is made to overwrite its internal buffer.
Trapping arithmetic errors in unmanaged code (for example, Visual C++) is very difficult. However, with managed code, spotting arithmetic runtime errors is easier. For example, the Visual C# compiler enables automatic checking for arithmetic overflows and underflows.
• By default, the arithmetic error trapping feature is turned off (for optimization reasons). However, you can easily turn on this feature either from the project properties or by using the checked keyword in your code.
• If you have turned arithmetic checking on at the project level, you can override the settings by using the unchecked keyword in your code. This is useful if you are certain that arithmetic errors cannot occur in specific blocks of code and you want to optimize those blocks when your code is compiled.
In few moments, you will see:
• How .NET data-type safety works.
• How to use the checked keyword.
Strong-Named Assemblies
Strong names are unique identifiers for your assemblies. You can generate strong names and then use them to digitally sign your assemblies. Strong-naming solves problems (such as version control and backward compatibility issues) that are caused when components are shared by multiple applications. In effect, strong names associate a distinct build of a component assembly with the client application. A distinct build is indicated by a combination of a version number and a special value that is called the publicKeyToken.
You can generate a public/private key pair for signing your assembly by using the Strong Name tool (Sn.exe).
Isolated Storage
Provides a virtual file system
Allows quotas
Implements file system isolation based on:
Application identity
User identity
IsolatedStorageFile isoStore =
IsolatedStorageFile.GetUserStoreForAssembly();
For some applications, such as downloaded Web applications and code that may come from sources that are not trusted, the basic file system does not provide the necessary isolation and safety. Isolated storage is a data storage mechanism that provides isolation and safety by defining standardized ways of associating code with saved data
With isolated storage, developers no longer have to invent unique paths to specify safe locations in the file system. Developers can now access safe locations by using either the application's identity or the user's identity. The code sample on the slide show an example of how to access the isolated storage based on a user's identity
These are the main .net Security features and we will cover other portions soon. Any comments and questions are acceptable. (maneeshpnair@msn.com). Accept my advance apology for any delayed response as I am in rest.
Forthcoming sections include code access security, Securing ASP.NET Web applications etc.. (Visit: http://maneeshpnair.spaces.live.com/)
