.NET Development Foundation/Security
Security
editExam objective: Improving the security of the .NET Framework applications by using the .NET Framework 2.0 security features
Topics
editCode access security
editCode access security, CAS, allows the control of various permissions granted to specific managed applications. MSDN
Permissions allow access to system resources. A permission set is a collection of permissions. A code group relates exactly one permission set to exactly one evidence type. Evidence is used to identify an assembly. Evidence types can include the application directory, cryptographic hash of the assembly, publisher's digital signature, site from which the assembly was downloaded, cryptographic strong name of the assembly, URL from which the assembly was downloaded, and the security zone in which the assembly is running. Security zones include the computer zone, local Intranet zone, Internet zone, trusted site, and untrusted sites. See the Internet options security tab in Internet Explorer to view various security zones. An assembly can be associated with multiple code groups. Permission sets can be associated with multiple code groups.
A security policy is a logical grouping of code groups and permission sets. An untrusted managed assembly must pass through four security policies: The Enterprise security policy, machine security policy, user security policy, and application domain security policy. Any one of these security policies can deny an untrusted managed assembly permissions.
Classes, interfaces, and tools
editImplement code access security
editExam objective: Implement code access security to improve the security of a .NET Framework application.
(Refer System.Security namespace)
SecurityManager class - MSDN
CodeAccessPermission class - MSDN
Modify the Code Access security policy at the machine, user, and enterprise policy level by using the Code Access Security Policy tool (Caspol.exe) - MSDN
PermissionSet class, NamedPermissionSet class, and PermissionSetCollection class
- PermissionSet class - MSDN
- NamedPermissionSet class - MSDN
- PermissionSetCollection class
- There does not seem to be such a thing, to be investigated...
Standard Security interfaces
- IEvidenceFactory interface - MSDN
- IPermission interface - MSDN
Implement access control
editExam objective: Implement access control by using the System.Security.AccessControl classes.
DirectorySecurity class, FileSecurity class, FileSystemSecurity class, and RegistrySecurity class
- DirectorySecurity class - MSDN
- FileSecurity class - MSDN
- FileSystemSecurity class - MSDN
- RegistrySecurity class - MSDN
AccessRule class - MSDN
AuthorizationRule class and AuthorizationRuleCollection class
- AuthorizationRule class - MSDN
- AuthorizationRuleCollection class - MSDN
CommonAce class, CommonAcl class, CompoundAce class, GenericAce class, and GenericAcl class
- CommonAce class - MSDN
- CommonAcl class - MSDN
- CompoundAce class - MSDN
- GenericAce class - MSDN
- GenericAcl class - MSDN
AuditRule class - MSDN
MutexSecurity class, ObjectSecurity class, and SemaphoreSecurity class
- MutexSecurity class - MSDN
- ObjectSecurity class - MSDN
- SemaphoreSecurity class - MSDN
Implement custom authentication scheme
editExam objective: Implement a custom authentication scheme by using the System.Security.Authentication classes.
(Refer System.Security.Authentication namespace - MSDN)
For a reference on custom authentification schemes see MSDN
Encrypt, decrypt and hash data
editExam objective: Encrypt, decrypt, and hash data by using the System.Security.Cryptography classes.
(Refer System.Security.Cryptography namespace)
DES class and DESCryptoServiceProvider class
- DES class - MSDN
- DESCryptoServiceProvider class - MSDN
HashAlgorithm class - MSDN
DSA class and DSACryptoServiceProvider class
- DSA class - MSDN
- DSACryptoServiceProvider class - MSDN
SHA1 class and SHA1CryptoServiceProvider class
- SHA1 class - MSDN
- SHA1CryptoServiceProvider class - MSDN
TripleDES and TripleDESCryptoServiceProvider class
- TripleDES - MSDN
- TripleDESCryptoServiceProvider class - MSDN
MD5 class and MD5CryptoServiceProvider class
- MD5 class - MSDN
- MD5CryptoServiceProvider class - MSDN
RSA class and RSACryptoServiceProvider class
- RSA class - MSDN
- RSACryptoServiceProvider class - MSDN
RandomNumberGenerator class - MSDN
CryptoStream class - MSDN
CryptoConfig class - MSDN
RC2 class and RC2CryptoServiceProvider class
- RC2 class - MSDN
- RC2CryptoServiceProvider class - MSDN
AssymetricAlgorithm class MSDN
ProtectedData class and ProtectedMemory class
- ProtectedData class - MSDN
- ProtectedMemory class - MSDN
RijndaelManaged class and RijndaelManagedTransform class
- RijndaelManaged class - MSDN
- RijndaelManagedTransform class - MSDN
CspParameters class - MSDN
CryptoAPITransform class - MSDN
Hash-based Message Authentication Code (HMAC) - MSDN
- HMACMD5 class - MSDN
- HMACRIPEMD160 class - MSDN
- HMACSHA1 class - MSDN
- HMACSHA256 class - MSDN
- HMACSHA384 class - MSDN
- HMACSHA512 class - MSDN
Control permissions
editExam objective: Control permissions for resources by using the System.Security.Permission classes.
(Refer System.Security.Permission namespace)
SecurityPermission class - MSDN
PrincipalPermission class - MSDN
FileIOPermission class - MSDN
- You can also set the FileIoPermisson attribute at assembly level or class level. Be then aware about the SecurityAction enumerations:
- SecurityAction.RequestRefuse: specifies the operations that should not be granted.
- SecurityAction.RequestMinumum: request for a minimum set of permissions. If not given, the app will not execute.
StrongNameIdentityPermission class - MSDN
UIPermission class - MSDN
UrlIdentityPermission class - MSDN
PublisherIdentityPermission class - MSDN
GacIdentityPermission class - MSDN
FileDialogPermission class - MSDN
DataProtectionPermission class - MSDN
EnvironmentPermission class - MSDN
IUnrestrictedPermission interface - MSDN
RegistryPermission class - MSDN
IsolatedStorageFilePermission class - MSDN
KeyContainerPermission class - MSDN
ReflectionPermission class - MSDN
StorePermission class - MSDN
SiteIdentityPermission class - MSDN
ZoneIdentityPermission class - MSDN
Control code privileges
editExam objective: Control code privileges by using System.Security.Policy classes.
(Refer System.Security.Policy namespace)
ApplicationSecurityInfo class and ApplicationSecurityManager class
- ApplicationSecurityInfo class - MSDN
- ApplicationSecurityManager class - MSDN
ApplicationTrust class and ApplicationTrustCollection class
- ApplicationTrust class - MSDN
- ApplicationTrustCollection class - MSDN
Evidence class and PermissionRequestEvidence class
- Evidence class - MSDN
- PermissionRequestEvidence class - MSDN
CodeGroup class, FileCodeGroup class, FirstMatchCodeGroup class, NetCodeGroup class, and UnionCodeGroup class
- CodeGroup class - MSDN
- FileCodeGroup class - MSDN
- FirstMatchCodeGroup class - MSDN
- NetCodeGroup class - MSDN
- UnionCodeGroup class - MSDN
Condition classes
- AllMembershipCondition class - MSDN
- ApplicationDirectory class and ApplicationDirectoryMembershipCondition class
- ApplicationDirectory class - MSDN
- ApplicationDirectoryMembershipCondition class - MSDN
- GacMembership class and GacMembershipCondition class
- GacMembership class
- No search results on MSDN!? a little investigation required here.
- GacMembershipCondition class - MSDN
- Hash class and HashMembershipCondition class
- Hash class - MSDN
- HashMembershipCondition class - MSDN
- Publisher class and PublisherMembershipCondition class
- Publisher class - MSDN
- PublisherMembershipCondition class - MSDN
- Site class and SiteMembershipCondition class
- Site class - MSDN
- SiteMembershipCondition class - MSDN
- StrongName class and StrongNameMembershipCondition class
- StrongName class - MSDN
- StrongNameMembershipCondition class - MSDN
- Url class and UrlMembershipConditon class
- Url class - MSDN
- UrlMembershipConditon class - MSDN
- Zone class and ZoneMembershipCondition class
- Zone class - MSDN
- ZoneMembershipCondition class - MSDN
PolicyLevel class and PolicyStatement class
- PolicyLevel class - MSDN
- PolicyStatement class - MSDN
IApplicationTrustManager interface, IMembershipCondition interface, and IIdentityPermissionFactory interface
- IApplicationTrustManager interface - MSDN
- IMembershipCondition interface - MSDN
- IIdentityPermissionFactory interface - MSDN
Access and modify identity information
editExam objective: Access and modify identity information by using the System.Security.Principal classes.
(Refer System.Security.Principal namespace)
GenericIdentity class and GenericPrincipal class
- GenericIdentity class - MSDN
- GenericPrincipal class - MSDN
WindowsIdentity class and WindowsPrincipal class
- WindowsIdentity class - MSDN
- WindowsPrincipal class - MSDN
NTAccount class and SecurityIdentifier class
- NTAccount class - MSDN
- SecurityIdentifier class - MSDN
IIdentity interface and IPrincipal interface
- IIdentity interface - MSDN
- IPrincipal interface - MSDN
WindowsImpersonationContext class - MSDN
IdentityReference class and IdentityReferenceCollection class
- IdentityReference class - MSDN
- IdentityReferenceCollection class - MSDN