Build a secure ASP.NET application
route map
General Directory Overview ASP.NET Application Security Model Authentication and Authorization Security Communication Intranet Extranet Security Internet ASP.NET Security Enterprise Service Security Web Service Security Remote Processing Security Data Access Security Security Questions Troubleshooting How to Do (How to) Article Collection Appendix: Working Principle ASP.NET Identification Matrix Basic Configuration Configuration Storage and Tool Keys and Certificates .NET Web Application Security Glossation Reference Center
Authentication, authorization and security communication
J. D. Meier, Alex Mackman, Michael Dunner and Srinath Vasired
Microsoft Corporation
October 2002
Overview
This section summates the general content and scope of this guide.
This chapter focuses on the goals of this guide, introduces key terms and puts forward the central principles followed by the following chapter guidance.
This chapter introduces the common feature of the .NET web application from the security perspective, and introduces the .NET Web application security model, and introduce the core implementation techniques that will be used when building a secure .NET web application. At the same time, this chapter also introduces a variety of gateway guards that can be used to develop depth defense security strategies, explaining the concept of subjective authorization based on main object objects and identification objects. This chapter will help you answer the following questions:
What kind of deployment mode is usually taken in .NET web application? What security features have been used to build a .NET web application? What should I know what gateway guards? How to use them to provide depth defense security strategies? What is subject object and identification? Why are they very important? What is the relationship between .NET security and Windows security?
Designing a consistent authentication and authorization strategy of multi-layers across applications is a crucial task. This chapter provides relevant guidelines to help you develop appropriate policies for specific application scenarios and will help you choose the most suitable authentication and authorization technology and apply it to your application in the right way. Read this chapter you can learn how to do the following tasks:
Select the appropriate authentication mechanism to identify the user. Develop a valid authorization strategy. Select the appropriate role-based security type. Compare and compare the .NET role with Enterprise Services (COM ) roles. Use the database role. Between the trusted subsystem resource access model and the simulation / delegate model, the latter is used to allow the original adjustment party security context through multiple layers of the application at the operating system level. Figures 1 and 2 show these two core resource access models. Figure 1 The trusted subsystem model is in a trusted subsystem model:
Perform downstream resource access using a fixed trusted identification and security context. The downstream resource manager (for example, a database) entrusted the upstream application to proper authentication and authorization for the caller. Resource Manager grants resource access to the application. The original call does not have direct access to the resource manager. There is a trust boundary between downstream and upstream components. Original modulus (for review) is transmitted at the application (rather than operating system) level. Figure 2 Simulation / Delegation Model In the Simulation / Delegate Model:
Execute downstream resource access using the original adjustment security context. The downstream resource manager (eg, a database) authorizes each caller. Original logo is transmitted at the operating system level, which is available for platform level review and performs authorization by the modifier.
Chapter 4 - Secure Communications This chapter introduces two core technologies, which can provide message confidentiality and message integrity guaranteed to network data streams between clients and servers on Internet and company intranet, which is SSL and IPSec. This chapter also discusses RPC encryption technology, which can be used to secure communication with remote service components. Read this chapter You can learn how to do the following tasks: Chapter 1 - Introduction Chapter 2 - .NET Web Application Security Model Chapter 3 - Authentication and Authorization Applications Security Communication Technology on each layer of the application. Select between SSL and IPSec. Configure secure communication. Use RPC encryption.
This chapter explains the need to provide secure communication channels between the physical layers of the application, as shown in Figure 3. Figure 3 You can securely communicate typical web deployment models Chapter 5 - Intranet This chapter describes a set of common intranet applications and introduces the recommended security configuration for each program. At the same time, this chapter also introduces the configuration steps required to build each security solution, analysis of each program, and other relevant but specific situations. The application programs introduced in this chapter are as follows:
ASP.NET to SQL Server. This scenario is shown in Figure 4. ASP.NET to Enterprise Services to SQL Server ASP.NET to Web Services to SQL Server ASP.NET to Remoting to SQL Server Transfer Original Models to the database. It includes multi-layer Kerberos delegation scheme, as shown in Figure 5. Figure 4 ASP.NET to remote SQL Server scheme Security Configuration Figure 5 ASP.NET to Remote Enterprise Services to remote SQL Server Kerberos delegation scheme security configuration reading This chapter can learn how to do the following tasks:
Use a local ASPNET account to call a remote SQL Server database from the ASP.NET web application. Use Windows authentication to establish a trusted database connection between SQL Server. Grant database access using the database role defined by SQL Server users. Avoid storage credentials in your application. Use SSL and IPSec to protect confidential data. Implement the Kerberos delegation to pass the security context of the original call to the backend database through multiple layers of the application. Use basic authentication to pass the security context of the original call. Joint use ASP.NET file authorization, URL authorization, .NET role, and Enterprise Services (COM ) roles to authorize. Effectively use simulation in the ASP.NET web application. Chapter 6 - Extranet This chapter describes a set of commonly used EXTRANET applications and provides recommended security configuration, configuration steps, and analysis for each program. The Extranet scheme introduced in this chapter is as follows:
This scenario is shown in Figure 6 of the Public WEB Service (B2B Partner Exchange) Figure 6. Public WEB Applications (Partner Application Portal) Figure 6 Security Configuration of the Web Services B2B Partner Exchange Scheme This chapter can learn how to do the following tasks:
Use client certificate authentication using client certificate authentication to verify the identity of partner companies using client certificates. Map the certificate to the Windows account. Use the ASP.NET file authorization and .NET role to the partner company to authorize. Use the ASPNET ID to access the remote SQL Server database located on the company Intranet. Chapter 7 - Internet This chapter introduces a set of common Internet applications, and introduces the recommended security configuration, configuration steps and analysis for each program. The Internet application programs introduced in this chapter are as follows:
This scenario shows this scenario in the SQL Server Figure 7 of SQL Services to SQL Server. Figure 7 ASP.NET to Remote Enterprise Services to SQL Server Security Configuration Read This chapter can learn how to perform the following tasks: Use Table Single authentication with SQL Server credentials. Avoid storage passwords in the credential database. Use the URL authorization and .NET role to authorize the Internet user. Use Windows authentication from the ASP.NET Web application via a firewall to SQL Server. Use SSL and IPSec to protect confidential data. Use SOAP from the ASP.NET Web application to communicate with the remote Enterprise Services application via the firewall. Protect the call to the intermediate layer service components of the application. Chapter 8 - ASP.NET Security This chapter introduces the security recommendations of the ASP.NET web application, including IIS and ASP.NET, authentication, authorization, and secure communication services, as shown in Figure 8. Figure 8 ASP.NET Security Service Read this chapter can learn how to do the following tasks:
Configure a variety of ASP.NET authentication patterns. Implementation forms authentication. Implement Windows authentication. Use iprincipal and iidentity objects. Effectively use IIS and ASP.NET gateways guard. Configure and use the ASP.NET file authorization. Configure and use the ASP.NET URL authorization. Use the principal permission requirements and IPRINCIPAL.Isinrole to implement a declarative, command, and programming-based security mechanism. Understand when and when you should not use simulation in the ASP.NET web application. Select the appropriate account to run the ASP.NET. Use the ASP.NET process to identify access to local and network resources. Access the remote SQL Server database using your local ASPNET account. Call the COM object from ASP.NET. Effectively use an anonymous Internet user account in a Web host environment. Store confidential in the ASP.NET web application. Protection session and view status. Configure ASP.NET security in the network field scheme. Chapter 9 - Enterprise Services Security This chapter explains how to protect the service components included in the Enterprise Services application. This chapter describes how and when to use Enterprise Services (COM ) roles, and how to configure RPC authentication and simulation, and introduce how to identify from ASP.NET Web Application Security Call service components and how to identify and Pass the security context of the original modes. Figure 9 shows the Enterprise Services security feature described in this chapter. Figure 9 Enterprise Services Security Overview Read this chapter you can learn how to do the following tasks:
Configure Enterprise Services applications using the .NET property. Protect server and library applications. Select the appropriate account to run Enterprise Services server applications. Methodical levels based on Enterprise Services (COM ) roles are implemented in programming methods and statements. Configure the ASP.NET as a DCOM client. Safely call service components from ASP.NET. Compare Enterprise Services (COM ) roles with .NET roles. Identify the caller within the service component. Using programming simulations within the service component pass the original modest security context through Enterprise Services applications. Access local and network resources from service components. Use RPC encryption to protect confidential data passed to the service component and from the service component. Understand the process of RPC authentication level negotiation. Use DCOM through the firewall. Chapter 10 - Web Services Security This chapter focuses on platform level security of web services using IIS and ASP.NET's basic functions. For message level security, Microsoft is developing a Web Services Development Kit, using the toolkit, you can build a security solution that meets a WS-Security specification (Global XML architecture (GXA) proposal). Figure 10 shows the security architecture of the ASP.NET Web service platform. Figure 10 Web Services Security Architecture Read This chapter can learn how to do the following tasks: implement a platform-based web service security solution. Develop Web services authentication and authorization strategies. Use client certificate authentication in the Web service. Use the ASP.NET file authorization, URL authorization, and .NET role to provide authorization in the Web service. The security context of the original call is passed through the Web service. Use SSL to call Web services. Access local and network resources from a Web service. Pass the authentication credentials to the web service via the Web service agent. Implement trusted subsystem models for web services. Call the COM object from the web service. Chapter 11 - Remote Processing Security .NET Framework provides an infrastructure for remote processing so that the client can communicate with objects that reside in a remote application domain or object or a remote computer. This chapter describes how to implement a safe .NET Remoting solution. Read this chapter you can learn how to do the following tasks:
Select the appropriate host for the remote component. Provide a depth defense security mechanism using all available gateway guards. Use URL authentication and .NET roles to grant access to remote components. Use file authentication in remote processing. This requires the actual REM or .SoAP file corresponding to the remote component object URI. Access local and network resources from remote components. Pass the authentication credentials to the remote component via a remote component proxy object. Pass the safe context of the original call through the remote component. Combine use SSL and IPSec to protect the transformation of remote components. Understand when to use remote processing, when using web services. Chapter 12 - Data Access Security This chapter describes the recommendations and guidance for you to develop secure data access policies. Figure 11 shows several key content described in this chapter. This includes: secure storage connection string; access the database using the appropriate identifier; protect data from the database; use the appropriate authentication mechanism; implement authorization in the database. Figure 11 Read this chapter can learn how to do the following tasks:
Use Windows authentication from ASP.NET. Protect the connection string. Use DPAPI storage confidentiality from the ASP.NET web application (such as connection string and credentials). Safely store identity credentials in the database. Verify user input to prevent SQL injection attacks. Reduce security threats related to using SQL authentication. Understand the type of database you want to use. Compare and compare the database user role with the SQL Server application role. Use IPSec and SSL to protect communications with SQL Server. Create a database account for the least permission. Enable audits in SQL Server. Chapter 13 - Security Problem Troubleshooting This section introduces a group of troubleshooting tips, techniques, and tools to help you diagnose questions related to security. Additional Information This Guide This guide can help you deepen the understanding of the techniques, strategies, and security solutions that are described in the previous chapters. Detailed "How to Do" The topic provides you with step-by-step steps to help you implement specific security solutions. It contains the following information: Working principle ASP.NET identity matrix Basic Configuration Configuration Storage and Tool Keys and Certificates .NET Web Application Security Glossary Reference Center