Security Enhancements in .NET Framework 2.0 Rajiv Sodhi Microsoft India Agenda CLR Enhancements Protecting Data (DPAPI) System.Security.SecureString Access Control Lists XML Encryption Configuration file encryption ASP.NET Security
ClickOnce Security Summary Data Protection API (DPAPI) OS Level Data Protection Service Available on Windows 2000, XP, 2003 Password based service Tied to the user login credentials DPAPI does not store protected data There was no out of the box support for DPAPI calls in Framework 1.0 and 1.1 CryptProtectData and CryptUnProtectData
Data Protection API byte[] rawData = System.Text.UTF8Encoding.UTF8.GetBytes("My test"); byte[] cipherData = ProtectedData.Protect( rawData, null, DataProtectionScope.CurrentUser); rawData = ProtectedData.Unprotect( cipherData, null, DataProtectionScope.CurrentUser); Console.WriteLine( System.Text.UTF8Encoding.UTF8.GetString(rawData));
System.Security.SecureString Managed Strings A Bad Place to Store Secrets There is no way to erase them GC doesnt zero out old memory. GC compaction is NOT deterministic GC might move strings around and create several instances of the secret. Used for confidential text Content is encrypted Deleted when no longer needed Class not visible to COM Based on DPAPI Supported methods
Insert, Append, Remove and Clear MakeReadOnly for lockdown No methods to inspect, compare or convert content SecureString Example // Create a SecureString SecureString ss = new SecureString(); // Add characters and lock the string ss.AppendCharacter('a'); ss.AppendCharacter('b'); ss.MakeReadOnly(); // Retrieve content IntPtr uniString = Marshal.SecureStringToGlobalAllocUni(ss); String s = Marshal.PtrToStringUni(uniString);
Console.WriteLine("String is '{0}'", s); // Zero and free Marshal.ZeroFreeGlobalAllocUni(uniString); Access Control Lists (ACLs) Until now required P/Invoke The framework now models Windows security descriptors ! Programmatically read and modify access control lists (ACL) Supports objects and hierarchies Take ownership of objects Supports Auditing operations Access Control Lists (ACLs)
FileSecurity sec = new FileSecurity( @"C:\AUTOEXEC.BAT", AccessControlSections.All); Console.WriteLine("owner = " + sec.GetOwner(typeof(NTAccount))); foreach (FileSystemAccessRule r in sec.GetAccessRules(true, true, typeof(NTAccount))) { Console.WriteLine(r.AccessControlType); Console.WriteLine(r.IdentityReference); Console.WriteLine(r.InheritanceFlags); Console.WriteLine(r.IsInherited); Console.WriteLine(r.PropagationFlags); Console.WriteLine(r.FileSystemRights); Console.WriteLine("");
} // foreach XML Encryption W3C Compliant Implementation Will be able to exchange data with other implementations XML Output Does not have to be XML Input Can encrypt portions of an XML document Can encrypt different portions of the same document with different keys XML Encryption Several types of encryption
Triple DES AES 128 AES 192 AES 256 RSA X509CertificateEx Driven through System.Security.Cryptography.Xml.EncryptedXml Class Integration with XML Digital Signature XmlDecryptionTransform Configuration File Encryption Used for configuration files in ASP.NET
and Winforms DPAPI for Local, RSA for web farms Decryption is automatic Console.WriteLine(ConfigurationSettin gs.AppSettings["MySecret"]); Configuration File Encryption (app.config) AQAA...C5L+4zzo8=
CLR Enhancements Agenda CLR Enhancements
Protecting Data (DPAPI) System.Security.SecureString Access Control Lists XML Encryption Configuration file encryption ASP.NET Security ClickOnce Security Summary What's New in ASPNET Security Membership service Service for managing users and credentials Provider-based for flexible data storage
Login controls Controls for logging in, creating new users, recovering lost passwords, and more Role Management service Combine forms authentication and rolebased authorization without writing code! Login Controls Control ChangePassword Description UI for changing passwords
CreateUserWizard UI for creating new user accounts Login UI for entering and validating user names and passwords LoginName Displays authenticated user names LoginStatus UI for logging in and logging out LoginView
Displays different views based on login status and roles PasswordRecoveryUI for recovering forgotten passwords Membership Service Service for managing users and credentials Declarative access via Web Site Admin Tool Programmatic access via Membership and MembershipUser classes Membership class provides base services
MembershipUser class represents users and provides additional services Provider-based for flexible data storage Membership Schema Control s Login Login LoginStatus LoginStatus Other
OtherLogin Login Controls Controls LoginView LoginView Membership API Membership Membership MembershipUser MembershipUser
Membership Providers Other OtherMembership Membership AccessMembershipProvider SqlMembershipProvider AccessMembershipProviderSqlMembershipProvider Providers Providers Membership Data Access
SQL Server Other Data Stores Role Management Schema Control s Login Login Roles API
LoginStatus LoginStatus LoginView LoginView Other OtherLogin Login Controls Controls Roles Roles
Role Providers AccessRoleProvider AccessRoleProvider SqlRoleProvider SqlRoleProvider Other OtherRole RoleProviders Providers Roles Data Access
SQL Server Other Data Stores Login Controls Agenda CLR Enhancements Protecting Data (DPAPI) System.Security.SecureString Access Control Lists XML Encryption Configuration file encryption
ASP.NET Security ClickOnce Security Summary Introduction To ClickOnce The Best of the Client and the Web Web ClickOnce Reach
No Touch Deployment Low System Impact Install and Run per User
MSI Client Rich and Interactive Offline Access
Windows Shell Integration Per-Computer and Shared Components Unrestricted Installation
Security Secure Execution Environment (Sandbox) ClickOnce applications run in a sandbox by default Permissions are based on origin Internet, Intranet, or Full Trust Ensures that applications are safe to run Similar to Microsoft Internet Explorer and JavaScript
Applications often need higher trust Call unmanaged code Access the file system or the registry Connect to a database Consume Web services Security Determining Permission Requirements Security pane of Project Designer Use to manually configure permissions Permissions Calculator Calculates the least-required permissions
Debug in the sandbox Debug applications with partial trust Exception Assistant Microsoft Intellisense in the sandbox Filtered based on the security context Click Once Better Security Error Information Expanded SecurityException Type Now possible to tell precisely what failed and why
Includes Failed Assembly information Including failed assemblies permission set grant Security Action that failed The permission set that was checked Deeply integrated into the VS IDE (Debug in Zones) COOL Further Exploring System.Security.SecurityContext System.Security.Principle System.DirectoryServices
System.Diagnostics Code Coverage Static Analysis PreFast and FxCop Application Verifier And More Your Feedback is Important! Please Fill Out the feedback form 2005 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.