Introduction to Building a Security ASP.NET app
Release Date: 9/28/2004
| Update Date: 9/28/2004
Browse all security guidance topics
Microsoft Corporation
In this chapter
Building a secure distributed web application is a very challenging task. The user application is safely restrictive in the weakening link in the application, and distributed applications will have many links. Users must have effective knowledge, master a variety of products and technologies, making all components of a distributed application to jointly work in some safe way.
This chapter describes the basics of building security distributed web applications: Authentication, Authorization, and Secure Communications. Authentication, Authorization, and Security Communication. This chapter also introduces a set of key security principles, and users should pay attention when establishing a distributed web application.
aims
Use this chapter to:
• Understand the meaning of territory authentication, authorization, and security communication in context of this guide. • Understand the overall architecture of high-level ASP.NET web applications. This means that it is necessary to understand the techniques that make up the architecture and the authentication, authorization, and secure communication options provided by each technique. • Understand the key security principles of the rest of this guide.
Applicable to:
This chapter applies to the following products and technologies:
• Microsoft_ Windows_ XP or Windows 2000 Server and subsequent operating systems • 1.0 versions and subsequent versions of .NET Framework • ASP.NET 1.0
How to use this chapter
Get the biggest benefits from this chapter:
• Users must be familiar with Microsoft's products and technology, including Windows, Microsoft SQL ServerTM 2000, Internet Information Services, .NET Framers, Enterprise Services (COM ). • The user must have experience in the development of ASP.NET web applications.
This page
The basic knowledge and technology of interconnect environments and technology are summarized
Interconnected environment
If you already know how to create a secure application, can you apply the knowledge you can apply when you build .NET web applications? In the current web-based public published application environment, Web services are connected to the company with the company, connecting companies with customers, and applications will have different programs, such as revealing to intranet, extranet, and internet. User, for this, can you apply the knowledge you have in this application environment?
Consider the basic characteristics of this interconnect environment:
• The standards used by Web services include standards such as Simple Object Protocol, SOAP, Extensible Markup Language, XML and Hypertext Transport Protocol, HTTP, etc., they basically Use plain text to deliver potential confidential information. • The Internet B2C application passes confidential data via web. • The Extranet B2B application blurred trust boundaries, allowing other applications in partner companies to call applications. • There is also a risk in maintaining the confidentiality of salary and human resources (HR) applications. Such applications are especially vulnerable to attacks due to irresponsibility of administrators and some employees.
Back to top
Basic knowledge
Any successful application security policy is based on a reliable method, requiring authentication, authorization, and secure communication to provide confidentiality and completeness of confidential data. The definition of these core concepts is very important before continuing to introduce. In the "Authentication and Authorization" chapter, we will introduce how to combine all kinds of authentication and authorization mechanisms to provide reliable security design. Authentication
Authentication Explicitly identifies the app's client, the client may include end users, services, processes, or computers. In safety terms, first, it is to be verified by authenticated customers.
Authentication is performed between a distributed web application. End users initially authenticate by the web application, usually need to provide usernames and passwords. Subsequently, when the intermediate application server (if there is this layer in the user's architecture) and the database server, they want to perform authentication, confirming and processes the request.
In many applications, downstream servers and components do not authenticate end users. They only authenticate the entities of the upstream application, trust the application to perform correct authentication and authorize before the forwarding request.
Many authentication mechanisms for ASP.NET applications will conduct further discussions in chapters of the "Security Model for ASP .NET Applications".
Authorize
Authorized Process Management The resources and operations allowed to access authenticated customers. Resources include files, databases, tables, rows, etc., but also system-level resources such as registry keys and configuration data.
First, for the measurable and easy-managed resources, many web applications pass methods, rather than direct access to these resources. That is, for system-level resources, the use of platform-level security, such as Windows ACL, etc., is still necessary. Many of the most common application-level authorization schemes use roles to classify user groups that share the same permissions within the application.
Various authorization options for ASP.NET application developers and gateway guards will be discussed in the chapter "Safety Mode for ASP .NET Applications".
Secure communication
Many applications include a detailed information, credit card number, salary data, and so on for a bank account between the application layer, from the database server to the browser, or from the browser to the database server. In addition, the application must protect the login credentials when walking between the network.
Secure communication provides the following two features:
• Privacy. The concept of privacy is to contact the data to be private and confidential, and cannot be equipped with the eavesdropper of the network monitoring software. Privacy is usually provided by an encryption mechanism. • Integrity. Secure communication channels also need to protect data to be accidentally or deliberately (with malicious) when transferring. Integrity is usually available to use the Message Authentication Code, Mac.
It is very important to use secure communication inside and outside the firewall because many harmful information reveals and safety back door appears inside the company network.
Secure communication and various applicable methods will be further discussed in the "Communication Security" chapter.
Back to top
Teamwork
ASP.NET Web applications can be developed using a variety of different technologies and products. A variety of authentication, authorization, and secure communication methods are required to ensure a deep security policy.
Figure 1 summarizes the basic authentication and authorization methods provided by each technique.
Figure 1. Security of .NET web application
Back to top
Design Principles
Several important principles apply to the guidance instructions provided in the following chapters. You should learn these principles and apply in your application design:
• Principles with minimal privileges. The process running scripts or execution code should run as much as possible of the least amount of permissions, so that the possible damage may be caused when the process is safe. If the malicious user is trying to inject the code into a server process, the permissions granted to this process will greatly determine the type of operation that the user can perform. The code that needs more trust (and higher privileges) should be isolated from different processes. The ASP.NET team consciously decides that the ASP.NET account (using an ASPNET account) is implemented in the original version of the .NET framework in the .NET framework. However, in the .NET framework test version, ASP.NET is run as a SYSTEM, from essentially a less secure setting. • Use a deep defense. Set check points in each layer of the application and each subsystem. The checkpoint is the gateway guard, which ensures that only authenticated and authorized users can access the next downstream layer. • Do not trust user input. The application should thorough all user inputs, and then perform operations according to user input. Verification may include screening special characters. This preventive measures have protected applications for applications to use in situations where the user is surprisingly incurred by the user. Common examples include SQL injection attacks, script injection and buffers overflow. • Use the default security settings. Developers often use only low security settings to make the application run. If the features needed to make you have to reduce the default security settings or change these default security settings, please change the consequences of the previous test changes and understand the hidden dangers that may be brought. • Do not guarantee security by hidden. Try using confused variables to hide confidential information or store them in unused file locations, these methods cannot provide security. In the "Hide" game, it is best to use platform functions or to protect data using the proven technology. • Check at the gate. You don't have to pass the security context of the user to the backend to perform an authorization check. Typically, this approach is not the best choice in a distributed system. In the gateway checking client means granting user permissions in the first authentication point (for example, within a web application on the web server) and determines the resources and operations that allow users to access (may be provided by the downstream service). If you design a reliable authentication and authorization strategy in the gatek, you don't have to delegate the original security context all the way to the application data layer. • Assume that the external system is an unsafe system. If the external system is not owned by you, don't assume that someone guarantees security. • Reduce the surface area. Avoid disclosure of information that does not require public. If this information is disclosed, it is possible to further cause a vulnerability. At the same time, the way to handle errors must be appropriate. When returning an error message to the end user, do not disclose any information that does not require public. • Display error messages in a secure way. If the application fails, you must protect your confidential data. At the same time, do not provide too detailed data in the error message, that is, do not provide any detailed information that helps attackers discover application vulnerabilities. The detailed error message should be written to the Windows event log. • Don't forget your security program to be restricted by the weakest link. Considering safety, the security of all layers of the application should be considered. • Disable unused content. You can remove some potential attack points by disabling modules and components that applications and components. For example, if the application does not use an output cache, the ASP.NET output cache module should be disabled. In this way, the application will not be threatened even in the module. Back to top
summary
This chapter provides some basic information. By understanding this information, you can prepare for the rest of this guide. Because of the core terms and principles introduced in this chapter in the following chapters, you must be familiar with these concepts and principles.
