Академический Документы
Профессиональный Документы
Культура Документы
NET Framework
Mike Kass Product Manager Microsoft Corp.
Windows Forms
Secure, easily deployable rich client classes
ASP.NET
XML
ASP.NET
Classes and engine for building, deploying, and running Web applications and services
ADO.NET
Enterprise Services
A complete set of features enabling transactions, message queuing, etc.
Role-Based Security:
Authentication
Role-Based Security:
Authorization
Access Control Lists Active Directory URL Authorization via Config Files Custom
Cryptographic Library
Easy, unified, stream-based architecture Encryption Digital signatures Hashing Random-number generation Pluggable extensibility (new algorithms) Uses Windows CryptoAPI functionality
Allows partially trusted code to run with reduced rights Evidence-based security model No more all-or-none or sandbox Granular permissions Flexible, extensible
3 Key Elements
Evidence
Inputs to policy about code Strong name, site, zone, Authenticode signature, hash value, app directory, etc.
Permissions
Specific authorizations for code (not users) Define a level of access to a resource or operation
Matches permissions to evidence via code groups Grants permissions to an assembly
Policy
Loading An Assembly
Assembly Evidence Assembly Requests
0. Compile code 1. Load assembly 2. Gather evidence 3. Load policy 4. Grant permissions 5. Verify MSIL 6. Execute code
Policy
Granted Permissions
Exception
Got Permission?
Calls
MYCOMPONENT (fully trusted) . . . . Stream fileStream = FileStream.Open(settings.xml); . . . .
Got Permission?
FRAMEWORK public FileStream (string name) { FileIOPermission fp = new FileIOPermission(name) fp.Demand() . . . . }
Calls
Local machine i.e. code installed locally Intranet Internet (enabled in version 1.1 of the .NET Framework currently in beta) Trusted sites Restricted sites
FullTrust PermissionSet Full access to all machine capabilities But: App must be installed on machine by machines admin
Intranet Permissions
Unlimited UI Same protocol access to site & DNS File read access to origin Open/Save File Dialog Default printer Unlimited Isolated Storage Write to Event Log Env for USERNAME, TEMP, TMP
Systems administrators can adjust current policies or create new policies via new code groups
Programmatic access
Refuse unnecessary permissions Refuse to run if not granted necessary permissions Check to see if granted a permission and tweak app behavior based on response
Coming in version 1.1 For shared IIS 5.0 server, use CAS
Isolate apps running in same process Set permissions on virtualized resources Isolate apps you choose to run in same process Set permissions on virtualized resources
Trustworthy Computing
Used appropriately, we believe that the .NET Framework is one of the best platforms for developing enterprise and Web applications with strict security requirements.
Help customers get patches they need ASAP 2 Service Packs shipped to date
Use the language you like Access the same class libraries to do similar tasks
Experience programming with .NET by building your own Terrarium creature at the Hands-On Lab (Booth #301)
Web site that supports program: (www.msdnaa.net) All the features of Visual Studio .NET Professional plus Course Management Tools
Questions?
More info at: http://msdn.microsoft.com/net/security