Security Issues
OBJECTIVES
This chapter covers the following Microsoft-specified objective for the "Creating and Managing Microsoft Windows Services, Serviced Components, .NET Remoting Objects, and XML Web Services" section of the, "Developing XML Web Services and Server Components with Microsoft Visual C# .NET and Microsoft .NET Framework" exam:
Implement security for a Windows service, a serviced component, a .NET Remoting object, and an XML Web service.
This chapter also covers the following Microsoft-specified objectives for the "Deploying Windows Services, Serviced Components, .NET Remoting Objects, and XML Web Services" section of the, "Developing XML Web Services and Server Components with Microsoft Visual C# .NET and Microsoft .NET Framework" exam:
Configure security for a Windows service, a serviced component, a .NET Remoting object, and an XML Web service.
Configure authentication type. Authentication types include Windows authentication, Microsoft .NET Passport, custom authentication, and none. Configure and control authorization. Authorization methods include file-based authorization and URL-based authorization. Configure and implement identity management. These days, it's not enough to write correct code. You must also write secure code if you want your applications to be widely useful. Thanks to the increasing connectivity of computers over LANs and the Internet, your applications will often be visible to thousands or millions of potential attackers. Thus, it's necessary to secure these applications so that only authorized users can work with them. These objectives test your understanding of the basic security features of the .NET Framework and the ways in which you can apply those features to particular applications.
OUTLINE
Introduction Configuring Security Understanding Code Access Security Understanding Permissions Requesting Minimum Permissions Code Groups and Permission Sets Granting Permission Imperative Security Computing Permissions Requesting Other Types of Permissions
Using Custom Security Attributes
Configuring Authentication No Authentication IIS and ASP.NET Authentication Authentication Providers Configuring IIS Authentication Passport Authentication Forms Authentication
Configuring Authorization Implementing Impersonation Identity and Principal Objects Verifying Role Membership Using the PrincipalPermission Class
Security for Windows Services Security for Web Services Platform and Application Security Configuring Web Services for Security WS-Security
Remoting Security Enterprise Services Security Chapter Summary Apply Your Knowledge
STUDY STRATEGIES
Use code access security to specify the permissions an assembly requires. Make sure you understand the differences between minimum and optional permission requests. Use the Microsoft .NET Framework Configuration tool to specify security policies for an assembly, and understand the effects of those policies on the assembly. Experiment with the interaction between multiple security policies for the same assembly. Use authentication to control who can access an ASP.NET application, and understand what happens when a user cannot be authenticated. Configure a Web service for secure access, and confirm that you cannot use the Web service without proper authentication and authorization.
|
