ArticleDirectory
- 1. Understand potential threats
- 2. Security programming principles
- 3. Keep keeper
- 1. Verify
- 2. Authorization
- 3. confidentiality and integrity
Designing an appropriate security policy is for all distributed applicationsProgramThis is especially true for large Web applications exposed on the Internet.
Security is an important part of Web applications. It should be included in the plan at the beginning of development. The following mechanisms are usually used: user authentication, authorization, access to sensitive resources is prohibited, data stored on the server is protected, and data transmitted over the network is protected..
ASP. NET uses a built-in underlying framework that provides basic security functions to meet this requirement.The security framework of ASP. NET includes user authentication and authorization classes, and also provides classes for processing authenticated users in applications. It also provides a set of advanced models for managing users and roles, allowing programming access or using built-in management tools for management. In addition, the. NET Framework provides a series of basic classes to ensure the confidentiality and integrity of data during encryption and digital signature..
Why create security software?
The security frameworks provided by. NET and ASP. NET are very powerful, but some basic principles must be kept in mind and used correctly in the right place. In many projects, security issues are considered an afterthought, so System Architects and developers do not consider them early. However, if security issues are not kept in mind at the beginning of the project (architecture and design period), how can we correctly use all the security features provided by. NET Framework when appropriate?
Therefore,It is very important to consider security issues at the beginning of development so that you can make correct decisions on security issues when creating architectures and designs..
1. Understand potential threats
Creating a secure architecture and design requires a deep understanding of the running environment of the program. Who will access your program? Where can it be an attack point? Therefore, security is first based on your full understanding of environmental factors, such as users, logon points, and potential attacks.
This is alsoThreat ModelAn increasingly important reason in modern software development processes. Threat models analyze threats in the program environment in a structured way, rate these threats, and select technologies to mitigate them based on these threats. In this way, the decision on security technology (such as verification or SSL encryption) is always based on the actual basis (threatening itself.
The threat model is important for another reason. Not all potential threats can be mitigated using technologies such as verification and authorization mechanisms. In other words, some potential threats cannot be solved by technical means. For example, online banking can use SSL to ensure secure transmission of banking websites. But how can users know that they are visiting a banking website, rather than a website disguised by hackers? Currently, the only way to determine a website is to view the certificate used to establish an SSL channel.
Threat model is a big topic. There is a book that is important to project managers and Architects: Security Development lifecyle by Michael Howard and Steve lipner. This book focuses on how to make security part of the software development declaration cycle, from the initial planning phase to the architecture, development, testing and maintenance. It summarizes how Microsoft's project management makes security a smooth and practical part of the entire project.
2. Security programming principles
Only a secure architecture and design won't leave you unconcerned about program security. It is only one of the important factors.You must also write safeCode. Specifically, the following principles should be kept in mind for web programs:
-
- Never trust user input: Assume that every user is malicious unless you can prove that he is not.User input information is always mandatory for verification; only valid values for verification; you cannot think of all invalid values, it will always be more than you think.
-
- Never use a string connector to create an SQL statement: Always use parameterized statements to ensure that the program is not injected with SQL statements.
-
- Do not directly display user input without verification or code on the webpage: You may enter some code snippets (attack scripts ). Before outputting page data,Be sure to use httputility. htmlencode () to escape special characters, or use the web control to automatically perform Encoding.
- Do not store sensitive data, key business data, or data that affects enterprises' internal decisions in the form of hidden fields on the webpage.: You only need to viewSource codeModify it and save it to a local file to easily modify hidden fields. Attackers only need to submit local web pages to the server to launch attacks.
-
- Never store sensitive or key business data in the view State:View status is another hidden area on the page, which can be easily decoded and viewed.. Although view State encryption can help protect useful information in a short period of time, if attackers have sufficient time, resources, and motivation, the encrypted information can be cracked.
-
- Enable SSL for basic authentication or form authentication in ASP. NET: The SSL series will be described in detail later.
-
- Protect cookies: When using Form Verification, be sure to protect the cookie used for verification and set the timeout time as shorter as possible.
-
- Use SSL: Normally,To process sensitive data, web programs should use SSL to ensure the security of the entire website. Do not forget to use SSL to protect the image directories that are not directly managed by applications or directories that store other files..
The above are just basic principles. For specific applications, you need to create a threat model to generate a complete list of potential threats. In addition, if you forget any of the preceding guiding principles, other security features will be lost. The security strength of the system depends on its weakest link.!
3. Keep keeper
A good way to enhance application security is to deploy many components to enhance security.Keeper(Security Guard) is a conceptual model that applies the pipeline model to the system security architecture. Keeper assumes that a secure program should deploy more security mechanisms, not just necessary security mechanisms.
The program architecture of ASP. NET also uses this mechanism. ASP. NET contains several keepers, each of which is used to enhance some security conditions. In subsequent articles, you will understand the various keepers contained in ASP. NET Framework and their respective responsibilities.
Understanding Security Level
For mainstream web applications, the basic tasks for security implementation are usually the same:
- Verify: Who is this? It determines who is using your program on the other end.
- Authorization: Authorization will ask the following question: what operations can you perform? What resources can you access? What are your operation permissions?
- Confidentiality: When a user uses a program, you must ensure that no one can view the sensitive data that the user is processing. Therefore,You need to encrypt the channel between the browser of the client and the web server. You may also have to encrypt the data stored in the background, and even the database administrator or website administrator cannot view the data..
- Integrity: You must ensure that the data has not been modified by unauthorized users during transmission between the client and the server.Digital signatures provide a way to mitigate such threats..
ASP. NET contains a basic architecture for verification and authorization .. Net Framework base class library contains some classes located in the system. Security namespace, used to encrypt data and sign the data. In addition, SSL is a standardized method to ensure the confidentiality and integrity of data transmitted between the client and the server..
1. Verify
Authentication is the process of discovering a user's identity and ensuring its authenticity. In ASP. NET applications, there are four verification systems:
- Windows Verification
- Form Verification
- Passport verification
- Custom Verification
In each authentication system, you must provide some evidentiary information when logging on. The system uses different methods to track user identities based on different authentication types. For example,In Windows, a 96-bit Sid (Security Identifier) is used to identify each login user. In form verification, the user is assigned a verification ticket stored in the cookie, including various encrypted data.
All verifications allow the program to identify each request. It can meet personalized and customized needs. identity information displays user-specific information on the web page, or changes the appearance of the website. HoweverVerification itself is not enough to limit the tasks that users are allowed to execute.
2. Authorization
Authorization is the process of determining the power and limits assigned to authenticated users.Authorization is based on the role or group to which the user belongs, rather than who the user is. In many cases, role-based authorization is very desirable and easy to implement.For example, roles may be divided into managers, administrators, visitors, sales personnel, and customers.
Web applications perform different types of authorization at different levels. For example, at the highest level, the code can check the user's identity and decide whether a specific operation will continue. At a lower level, you can configure ASP. NET to prohibit users or roles from accessing specific directories and webpages. At a lower level, the Windows operating system checks the permissions of users who execute different tasks (such as connecting to a database, opening a file, and writing event logs.
In most cases, you do not need to use the lowest level, because the code is always executed with a fixed account.In IIS 7.x, it is a network service account.
3. confidentiality and integrity
Confidentiality: Data stored on storage devices such as databases during network transmission is not viewed by unauthorized users.
Integrity: No one can modify data during network transmission or stored on storage devices such as databases.
The two are based on encryption.Encryption is the process of making data irregular so that other users cannot read it. In ASP. NET, the encryption function is completely independent for authentication, authorization, and identity simulation. It can be used together or separately.
- Protect Data Transmission: SSL is the industry standard to solve this problem. SSL also uses digital signatures to ensure data integrity. HoweverSSL is not implemented by ASP. NET, but a function provided by IIS. Whether or not SSL is used, your page program (or Web Service) code is the same.
- Protect permanent information:You should use the Encryption Class provided by. Net to manually encrypt the data before it is stored..
In addition,The. NET encryption class can be used in any type of. Net program.Not only used in network applications such as ASP. NET or ASP. net mvc. Do not confuse this.
Mutual collaboration
In Web applications, how does authentication, authorization, and identity simulation work together?
When users access the website for the first time, they are anonymous and you don't care who they are. They can access any web page. However, when a user requests a page that an anonymous user cannot access, the following steps are taken:
- Because you cannot know the identity of a user, you are required to log on (customize the logon webpage or the logon pop-up box), depending on the type of authentication you are using.
- The user provides an identity, which can be verified by your program (using Form Verification) or automatically verified by IIS (using Windows Authentication ).
- After verification, the user is authorized to access the page. Otherwise, you will be prompted to log on again or navigate to a "Access Denied" page.
If you access a page that only allows access by a specific user or role, you must perform role verification after the authentication is passed.