1. Preface As the .NET technology's current development and the launch of Windows2003, more and more people began to familiarize with and use products developed by .NET. Our programmers often ignore security importance during the development of .NET procedures, thinking that as long as it is a good product, or blindly pushed the security .NET environment to solve. This is completely wrong. The .NET environment provides a complete set of safety protection measures, we must use these security measures and run through every aspect of development and deployment to achieve the expected security effect. The security we mentioned in this article is mainly for the use of .NET technology development, 3-tier application based on three-layer architecture. Briefly introduce the application developed by three-layer architecture. This article is suitable for familiar with .NET development, familiar with SQL Server 2000, and assembles the readers of Windows 2003.
2. The full name of the three-layer architecture application of the three-layer architecture is "Three-Tier Application Using An XML Web Service" For details, please refer to MSDN. Which three floors do? First layer: Client application layer (including browser page). Layer 2: Web Service layer. Layer 3: Database layer. See Figure 1 for details.
(figure 1)
The benefits of doing this are: 1. Developers can quickly and easily develop programs. 2. Users can apply applications where anything that can be connected to the Internet. 3. Data Access Layers Concentrate on Web Service for updating maintenance, without upgrading clients. 4. Data Access is separated from the front desk.
3. Demo procedure for this article
Since this paper tells how security deployment .NET three-layer application, not how to develop. So this demonstration is not described in detail. This is a small demonstration program that lists all customers from the database and queries each customer order.
Directory: root directory / demo subdirectory / demo / demo_client application database / demo / demo_database database / demo_webservice web service note: Due to emphasis on security, the interaction with the database is implemented by the stored procedure. Click here to download the demo.
The client is as shown below:
(figure 2)
4. Configure your system
4.1.
Safe architecture, access to access is clear, try to use dedicated identities, and the permissions should be set to the minimum authorization of "just enough". It is mainly considered from four aspects. (1). Client anonymous users access IIS as IUSR_MACHINENAME. (2). III executes Web Service as an identity set by Application Pool (By default, NT Authority / Network Service). (3). If there is no new role play, or configure it in Web.config, Web Service accesss SQL Server to execute it. (4). SQL Server Accesses resources with a particular restricted user (in our example, _sqlser_). 4.2. Built a user separately for SQL Server 2000
4.2.1. Cause
In Windows, the system has built two accounts for IIS, IUSR_MACHINENAME, IWAM_MACHINENAME (Start IIS Process Account). The benefits of doing this are that due to the low permissions of these two accounts (usually only IIS), even if IIS is invaded, the loss can be minimized. In SQL Server, there is no similar private account. When installing SQL Server, the account of the access resource for SQL Server is usually set to the local system (NT Authority / Local System), this identity has more privileges than Administrator . This is too high for SQL Server, once it is captured, the consequences are unimaginable. We can manually build a user and give it the lowest permissions for SQL Server (refer to it to access the database file). Now I will start from the beginning. 4.2.2. New user
New users are shown in Figure 3:
(image 3)
Note: 1. This is the new user dialog of standard Windows 2003. 3. The password should be as long as possible (64 bytes), as complicated as possible (including uppercase, numbers, special symbols, etc., preferably randomly generated). Don't Panic This password is only once, so it is best to write in the document. 4. Also selecting users cannot change the password and password never expire.
4.2.3. Give this user dispute limit modification permission is shown in Figure 4: (Figure 4)
Note: 1. Right click _SQLServer_ users, select properties. 2. Enter the "belonging to" page and delete the UserS group. This _SQLServer_ is not part of any group, this user does not have any permissions. Note: For Windows 2000, some additional configurations are required for the default Everyone fully controlled authorization on all drives.
4.3. It is recommended to reload your SQL Server
4.3.1. Cause
Re-establish secure SQL Server. Make sure SQL Server accesss your computer resources as SQL Server Jail User. Make sure SQL Server only trusts a nomenclature. So it is recommended to reload SQL Server.
4.3.2. Modify the SQL Server service account
One step in the process of installing SQL Server is to specify what SQL Server service is running. Figure 5:
(Figure 5)
Note: 1. Here the SQL Server Jail User we just added as Services Accounts. 2. Fill in "_sqlserver_" in UserName; copy the password to the password. 3. Thoroughly delete files that record passwords, this password is only once. This user is like being entered into the SQL Server prison, except for SQL Server without programs, you can use it. 4. Click Next
4.3.3. Specify SQL Server Login Verification Mode and Network Connection Method
As shown in Figure 6, Figure 7 shows:
(Figure 6)
Note: 1. We don't trust the SA login mode, just trust Windows Authentication Mode 2. SA identity has a lot of disadvantages: (1) .sa identity has no expiration time. (2). SA identity No user locks, so that the SA password is ultimately exhausted. (3). SA identity is too high, one but the SA password is acquired, and any program can be run as SQL Server.
(Figure 7)
Note: 1. Do not trust any network connection other than named pipe 2. Cancel the TCP / IP Sockets in the default (if you need to run in a distributed environment, you should configure the Active Directory domain). 3. The principle is that unless otherwise needed, please do not choose 4.3.4. Install SQL Server SP3
One step will be prompted when installing SP3, you must specify the SA password, because when you install SQL Server, you are not allowed to log in as SA, so the SA password is empty. SP3 thinks that the SA password is empty is unsafe (even if SA cannot be used as a login). What we have to do is to enter a string of as long and complicated passwords.
5. Start deploying the DEMO program (minimum of permissions) 5.1. Before deploying 5.1.1. Copy the DEMO directory to "C: / Sample /" directory 5.1.2. First match
Modify the security of the Sample directory, so that the Sample directory and all subdirectories and files can only be fully controlled by members of the Administrators group. Other default access control deletes. Figure eight.
(Figure 8)
Note: 1. Right-click the Sample Folder, click "Properties"; select the Security page. The default has four identities to access the folder. Click "Advanced" as shown in Figure 8. 2. Send the "Allowing the Inheritance of Parents ... ..." check box. This will pop up a dialog box and click the "Remove" button. 3. This will remove all permissions from the parent directory inheritance. Only the Administrators group has access. Figure Nine:
(Figure 9)
5.1.3. Additional Database (Attach Database)
Attaching a database in the SQL Server Enterprise Manager, you will find that File Browser can't spread into the Sample folder when you select a database. This is because SQL Server is running as _sqlserver_ identity, _SQLServer_ identity cannot access the Sample folder and database file, next to _SQLServer_ traverse the folder permission and full control of the database file. Similarly, in "Security" of Sample "Properties", click "Advanced", pop up the "Sample's Advanced Security Settings" dialog box, click "Add", enter "_SQLServer_" Click the "OK" button, in the permission project table Select "_SQLServer_", click the "Edit" button, pop up the "Permissions Project" setting dialog. Select "Only the folder" in the "Apply to" drop-down box; select "Allow" after the "List Folder / Read Data check box. Exit according to "OK". Figure 10. Follow this method to clarify the Sample, Demo, Demo_Database file. Finally, give the database file "demo_db_data.mdf" and "demo_db_ldf" dispatcher, here SQL Server needs to perform various operations, all the access rights to _SQLServer_ identity. Tonpeted with the above-mentioned distribution ration method, in the last step, "complete control" is selected. Figure 11. Go back to the SQL Server Enterprise Manager to attach a database. Set the Special Database Owner to _SQLServer_. Figure 12. (Figure 10)
(Figure 11)
(Figure 12)
5.2. Deploy Web Service
5.2.1. New application pool for Web Service (Application Pool)
I recommend at least one application pool for each Web Service. It is very simple to create an application pool in IIS 6.0. Start IIS6.0, right-click Application Pool, select "New" Application Pool, popup Add Application Pool dialog box, enter the application pool name. Figure 13. (Figure 13)
For AppPool-Demo Application Pool, right-click the "AppPool-Demo" Select Properties pop-up attribute dialog. You can set some application properties here. We care about the "Identification" page to make sure the predefined account of the application pool security account is "Network Service" (ie NetWork Service Account). Figure 14.
(Figure 14)
5.2.2. Add a virtual directory to Web Service
The virtual directory is named Demo, and the corresponding path is "c: / sample / demo / demo_webservice". New virtual directory is no longer detailed. Now give the virtual directory dispatcher, the Web Service is performed by IIS as the identity of Application Pool (Network Service). So you should give the Network Service to run and run the virtual directory permission. Right-click the Demo virtual directory in IIS, select "Permissions", pop up the security settings dialog of the directory. Add a "NetWork Service" account. And select "read and run" permissions. Figure 15. Give Web Service An application pool, right-click the Demo virtual directory, select Properties. Select the Appppool-demo that is just created in the AppPoL-Demo. Now try the Web Service works normally. Click the "DEMO" virtual directory in IIS, in the list of files, right-click "Demo.asmx" to select "Browse". Check if the web service is normal. As shown in Figure 16, the Web Service is normal. If you don't normal, please check each step described above. (Figure 15)
(Figure 16)
5.3. Configuring the database
5.3.1. Add access database user
Open the SQL Server Enterprise Manager, expand the DEMO_DB tree, right-click "User". Select "New Database User", pop up the new user dialog box, select "New" in the "Login Name" drop-down box, then pop up a dialog, manually fill in the "NAME" drop-down box "NT Authority / Network Service ". (Note: You must manually fill in the full name in SQL Server. This user cannot be searched. In this regard, I also said it will not solve it). Select the database "DEMO_DB". Click the "OK" button. As Figure 17 retreats to the first dialog, select "NT Authority / Network Service" in the "Login Name" drop-down box and give "public" permissions. Click the "OK" button.
(Figure 17)
5.3.2. Visit for this user
Expand the "Demo" database directory in the SQL Server Enterprise Manager, click "User", right-click "NT Authority / Network Service" in the right of the right, select the Properties pop-up dialog, click the "Permissions" button, Then pop-up the permissions dialog box, "Exec" permission to "Exec" permission to "exec" permission to "exec" permission. Figure 18. Note: A secure application, all access to database tables and views should be processed by stored procedures. So we should only give access to the stored procedure when setting the permissions, no access to the table and view permissions. In the database, it is considered that there is no permission access, so only two stored procedures are painted. (Figure 18)
6. Run the client program
6.1. Running this time will find that the program cannot run, pop up an Error dialog, as shown in Figure 19.
(Figure 19)
This is because the client program is a network resource that is accessed by IUSR_MACHINENAME. Before the Web Server is run as IusR_machinename, IIS is based on IUSR_MACHINENAME, until IIS discovers the requested resources are web The Server program performs Web Server as the Application Pool specified by Application Pool. So we have to add IUSR_MACHINENAME to Web Server. Figure 20.
(Figure 20)
Note: 1. Right-click the Demo virtual directory in IIS, select Permissions, pop up the security settings dialog of the directory. Add "IUSR_MACHINENAME" (the name of each computer will vary, usually IUSR_ plus hostname) account. And select "Read" 2. Run the client. See if you can run, if there is a mistake, please check each step mentioned in detail.
