Introduction

By Brian A. LaMacchia

Welcome! The book you hold in your hands is a comprehensive guide and roadmap to the security infrastructure of the Microsoft .NET Framework. The .NET Framework is Microsoft's new cross-language development environment for building rich client applications and XML Web Services. One of the key features of the .NET Framework is a robust security infrastructure that provides developers, administrators, and users with new levels of control over code that executes on their systems. Whether you are a developer, administrator, or end user, this book will help you make the most of the .NET Framework security system and create, control, deploy, and use secure .NET applications.

Demystifying .NET Framework Security

Our primary goal in writing this book is to explain the .NET Framework security system in detail and make it easy to understand. As a group, the authors have over 10 years of combined experience as members of the .NET Framework security product team at Microsoft. We have gathered together in this book our combined advice, experience, and wisdom to help you make the .NET Framework security system best serve your needs. We hope that you will find this book useful not only as an introduction to the fundamental security features of the .NET Framework but also as a frequent desktop reference as you author or administer applications.

This book is designed to serve the security needs of .NET developers, administrators, and end users. Developers who are currently writing code in one or more .NET languages (or planning to start a coding project) will find detailed instructions on how to perform security checks, how to write code conforming to the “principle of least privilege,” and how to include security in your software architectures from the outset. For example, we will teach you how to use cryptographic strong names to protect your programs from outside modification and guarantee that they run with the same shared libraries with which you intended for them to run. We will also demonstrate how to create “semipublic” application programming interfaces (APIs) that can only be called by identities you specify. Debugging security exceptions and interpreting the data returned by the Common Language Runtime when your code is denied access to some protected operation are also covered in this book. Everything you need to know to develop secure components and applications is contained herein.

If you are an administrator, you will find in the following chapters detailed examples showing how to modify security policy to tighten or loosen it as needed for your particular environment. We will walk you through all the common policy modification scenarios and show you how you can configure an entire enterprise from one location through the use of the .NET Framework's security configuration tool and the Windows Active Directory. We will also explain ASP.NET configuration for deploying secure Web Services with authentication and authorization customized to fit your needs.

For end users, our primary task in this book is to demonstrate how you can control the security behavior of .NET Framework applications running on your machine. Depending on your particular situation, you may need to administer portions of your security configuration to allow or refuse rights to particular applications. You may have encountered a security exception while executing an application and want to know why that exception occurred. You might also be trying to use a Web Service and need to understand its security requirements. All of these topics are covered in this book.

What Do You Need to Know Prior to Reading This Book?

We assume that if you are reading .NET Framework Security that you are already familiar with the .NET Framework, the Common Language Runtime, and one or more .NET programming languages (C++, C#, Visual Basic .NET, and so on). Nearly all of the examples in this book are written in the C# programming language, so some basic familiarity with C# will help you learn the most from the sample code. Every sample in this book could just as easily been written in Visual Basic .NET, or any of the other languages that compile to MSIL and run on top of the Common Language Runtime, so what you learn from the samples will be immediately applicable in your particular programming environment.

Some specific chapters in this book assume additional topic-specific knowledge. For example, the two chapters that discuss the cryptography classes in the .NET Framework (Chapter 30, “Using Cryptography with the .NET Framework: The Basics and Chapter 31, “Using Cryptography with the .NET Framework: Advanced Topics”) assume that you already have a basic understanding of cryptography. The chapters describing the security features of ASP.NET (Chapters 13 through 16) assume that the reader has previous exposure to the core features of ASP and/or ASP.NET. Chapter 18 (“Administering Security Policy Using the .NET Framework Configuration Tool”) assumes basic familiarity with the Microsoft Management Console (MMC), because the .NET Framework Configuration tool is an MMC “snap-in” that works alongside other MMC-based configuration tools, such as the Device Manager.

What Software Will You Need to Complete the Examples Provided with This Book?

At a minimum, you will need to have the .NET Framework Software Development Kit (SDK) installed on your computer to compile and run the samples shown throughout this book. The .NET Framework SDK includes the Common Language Runtime, the .NET Framework class libraries, command-line compilers, and administration tools. You can install the .NET Framework SDK on any of the following versions of the Windows operating system: Windows NT 4.0 (with Service Pack 6a), Windows 2000 (at least Service Pack 2 recommended) or Windows XP Professional. The .NET Framework SDK can be downloaded for free from the Microsoft Developer Network Web site at http://msdn.microsoft.com/net/.

Some of the examples in this book demonstrate solutions using Visual Studio .NET. Visual Studio .NET is Microsoft's premier integrated development environment (IDE) for writing programs on top of the .NET Framework. Visual Studio .NET includes the Visual Basic .NET, Visual C# .NET, and Visual C++ .NET compilers, an integrated editor, graphical debugger, design-time wizards, and other supporting tools. Visual Studio .NET is available in three product flavors—Professional, Enterprise Developer, and Enterprise Architect. (Note that if you are a member of the Microsoft Developer Network (MSDN), your subscription may already include Visual Studio .NET.) Complete product information for Visual Studio .NET may be found on the Web at http://msdn.microsoft.com/vstudio/.

How This Book Is Organized

We have arranged the content of this book into five broad sections. Each section is aimed at answering questions and providing examples for one or more of our core constituencies—developers, administrators, and end users. Because this book is intended to serve in part as a comprehensive reference guide to the .NET Framework security infrastructure, we recognize that each reader will be interested in different portions of the book and not everyone will need to read every chapter. We encourage everyone to begin by reading the three chapters that comprise Part I of the book (Chapters 1– 3); they provide an introduction to the .NET Developer Platform, common security problems on the Internet, and an overview of how the .NET Framework security system addresses those concerns. After completing Part I, you should feel free to jump around and explore this book as you explore the various security features of the .NET Framework. Each chapter of the book (with a few noted exceptions) is designed to stand alone, so it is not necessary to read the book straight through.

The following is a quick summary of the contents of each of the five parts of the book:

• Part I: Introduction to the .NET Developer Platform Security— The first part of the book, Chapters 1 through 3, introduces the Microsoft .NET Developer Platform, describes important general features of the platform, and provides an overview of the key security feature. We recommend that everyone read the chapters in this part first to provide common background material for the topic-specific discussions in the remainder of the book.

• Part II: Code Access Security Fundamentals— Part II of the book details the architecture of the .NET Framework's “evidence-based security” model. Chapter 4, “User- and Code-Identity–Based Security: Two Complementary Security Paradigms,” describes how the Framework's security system, which is based on code identity, builds on and complements the Windows NT/2000/XP security model that is based on user identity. The core elements of the evidence-based security model—evidence, permissions, stack-walking and policy objects-are detailed in Chapter 5 though 8. Chapter 9, “Understanding the Concepts of Strong Naming Assemblies,” introduces strong names, a new technology that provides cryptographically secured unique namespaces for assemblies you author. Hosting the Common Language Runtime in your own programs is described in Chapter 10, “Hosting Managed Code.” Type-safety verification, a key feature of MSIL and many languages that run on top of the .NET Developer Platform, is discussed in Chapter 11, “Verification and Validation: The Backbone of .NET Framework Security.” Finally, Chapter 12, “Security Through the Lifetime of a Managed Process: Fitting It All Together,” provides a “walk-through” of the security decisions and processes that occur while designing, developing, deploying, and running a .NET Framework application.

• Part III: ASP.NET and Web Services Security Fundamentals— Part III of this book concerns server-side security, specifically the security features of ASP.NET and Web Services. A brief introduction to the new features of ASP.NET is provided in Chapter 13, “Introduction to ASP.NET Security.” Authentication and authorization in the ASP.NET model are discussed in Chapter 14, “Authentication: Know Who Is Accessing Your Site,” and Chapter 15, “Authorization: Control Who Is Accessing Your Site.” Channel integrity in ASP.NET, most commonly encountered on the Web through the use of the SSL/TLS family of encryption protocols, is covered in Chapter 16, “Data Transport Integrity: Keeping Data Uncorrupted.”

• Part IV: .NET Framework Security Administration— The chapters in Part IV of this book provide a comprehensive guide to administering the .NET Framework security system and ASP.NET. Whether you administer a single machine or your enterprise's entire network, these chapters will show you how to make modifications to the default security policy that is installed by the .NET Framework to meet your particular needs. Chapter 17, “Introduction: .NET Framework Security and Operating System Security,” introduces the major components of .NET Framework security policy—code access security policy, ASP.NET configuration, Internet Explorer security settings, and Windows security configuration—and how they interact with one another. Chapter 18, “Administering Security Policy Using the .NET Framework Configuration Tool,”provides a comprehensive tutorial on how to modify policy using the .NET Framework Security Configuration tool MMC snap-in. Scripting and programmatic interfaces to the security configuration system are discussed in Chapter 19, “Administering .NET Framework Security Policy Using Scripts and Security APIs.” Chapter 20, “Administering an IIS Machine Using ASP.NET,” covers ASP.NET configuration issues, and mobile code considerations are discussed in Chapter 21, “Administering Clients for .NET Framework Mobile Code.” Configuration options for isolated storage and cryptography are contained in Chapter 22, “Administering Isolated Storage and Cryptography Settings in the .NET Framework.”

• Part V: .NET Framework Security for Developers— The final section of this book, Part V, is a guide for developers who want to write secure assemblies, author secure Web sites, create semi-trusted applications, or use cryptography and XML digital signatures in their applications. All developers should read Chapter 23, “Creating Secure Code: What All .NET Framework Developers Need to Know,” for an overview of security-related tasks incumbent on developers building on the .NET Framework. Chapters 24 through 26 detail the process of architecting, building, and testing a secure assembly (a component designed to be shared and called by semi-trusted code). Included in these chapters are detailed examples showing how to make declarative and imperative security checks in your own code, implement custom permissions, work with and leverage strong names, and test the security aspects of your implementation. Security issues relevant to ASP.NET developers are the subject of Chapter 27, “Writing a Secure Web Site Using ASP.NET,” and Chapter 28, “Writing a Secure Web Application in the .NET Development Platform.” Chapter 29, “Writing a Semi-Trusted Application,” describes how to program defensively, including the proper use of assembly-level permission requests and isolated storage. Finally, Chapters 30 and 31 cover the cryptography features that are included in the .NET Framework, and Chapter 32, “Using Cryptography with the .NET Framework: Creating and Verifying XML Digital Signatures,” discusses the classes that implement the XML digital signature standard.

Where to Download the Associated Code for This Book

The associated code files described in this book are available on Addison-Wesley's Web site at http://www.aw.com/cseng/. Enter this book's ISBN (without the hyphens) in the Search box and click Search. When the book's title is displayed, click the title to go to a page where you can download the code.

Conventions Used in This Book

The following typographic conventions are used in this book:

• Code lines, commands, statements, variables, and any text you see onscreen appears in a mono typeface. Bold mono typeface is often used to represent text the user types.

• Placeholders in syntax descriptions appear in an italic mono typeface. Replace the placeholder with the actual filename, parameter, or whatever element it represents.

• Italics highlight technical terms when they're being defined.

• The icon is used before a line of code that is really a continuation of the preceding line. Sometimes a line of code is too long to fit as a single line on the page. If you see before a line of code, remember that it's part of the line immediately above it.

• The book also contains Notes, Tips, and Cautions to help you spot important or useful information more quickly. Some of these are helpful shortcuts to help you work more efficiently.