Microsoft. NET FrameworkEdit
NET Framework is the Microsoft. NET Framework.
the Microsoft. NET Framework is the new managed code programming model for Windows. Its powerful capabilities combine with new technologies to build applications with visually compelling user experiences, seamless communication across technology boundaries, and support for a wide range of business processes. Catalogue
1 Introduction
Version 2
3 Security Solutions
4 Security mechanism components
5 "free" security for calls
? Role-based security? Isolated storage? Declarative security-Forced security
6 Summary
? Web Services engine? made up of three parts
7 Advantages
8 related components
1 introduction edit in today's software environment, there are many sources of applications, and they perform many tasks. Trust in application code is a major requirement because none of us wants software or information to be compromised. A licensed security policy will not allow inappropriate access to sensitive information, or expose a local machineto malicious programs or even code that has a common error. in the past, the security architecture provided isolation and access control based on user accounts-giving the code full access within those limits and assuming that the code that was run by a particular user had the same degree of trust. Unfortunately, if all programs are running on behalf of a user, it is not enough to protect a program from being used by other users, depending on the user's isolation of the code. In another case, code that cannot be fully trusted is often transferred to the sandbox model, where the code runs in an isolated environment without accessing most of the services. A successful security solution for today's applications must be able to harden the balance between the two security models. It must provide access to resources in order to accomplish useful work, which requires careful control of the security of the application to ensure that the code is identified, detected, and given the appropriate level of security. The. NET Framework provides a security model like this. 2 version editing
| version |
Full version number |
Release date |
Visual Studio |
Windows Default Installation |
| 1.0 |
1.0.3705.0 |
2002-02-13 |
Visual Studio. NET 2002 |
Windows XP Media Center Edition Windows XP Tablet PC Edition |
| 1.1 |
1.1.4322.573 |
2003-04-24 |
Visual Studio. NET 2003 |
Windows Server 2003 |
| 2.0 |
2.0.50727.42 |
2005-11-07 |
Visual Studio 2005 |
|
| 3.0 |
3.0.4506.30 |
2006-11-06 |
|
Windows Vista Windows Server |
| 3.5 |
3.5.21022.8 |
2007-11-19 |
Visual Studio |
Windows 7 Windows Server R2 |
| 4.0 |
4.0.30319.1 |
2010-04-12 |
Visual Studio |
|
| 4.5 |
4.5.40805 |
2012-02-20 |
Visual Studio-RC |
Windows 8 RP Windows Server 8 RC |
3 security solution Editor The . NET Framework security solution is based on the concept of Management code and security rules that are enhanced by the common language runtime (CLR). Most administrative code needs to be validated to ensure the security of type safety and the behavior of other properties that are predefined. For example, in the code that is validated, access that is declared to receive a 4-byte value rejects a call that provides a 8-byte parameter because it is not type-safe. The validation process also ensures that the execution flow is routed only to a known location, such as the method entry point, which removes the ability to jump to arbitrary execution. validation blocks code execution that is not type-safe and captures many common programming errors before they cause corruption. Common weaknesses-such as cache overflows, reads of arbitrary or uninitialized memory, and arbitrary transfer of controls-are no longer possible. This will benefit the end user because they are checked before they execute the code. This also benefits developers, who find that many common mistakes (previously developed before they have plagued them) can now be identified and prevented from causing damage. The CLR can also run unmanaged code, but non-administrative code cannot benefit from these security measures. Special licensing is related to the ability to invoke unmanaged code, and a strong security policy ensures that these licenses are properly given. After a long time, the migration of unmanaged code to Administrative code reduces the frequency of calls to unmanaged code. 4 security mechanism widget editing evidence-Based securityThe . NET Framework introduces the concept of "evidence-based security". In essence, it is an answer to the problem that security policy exposes:• From which site is the combination obtained? A combination is a component of a. NET Framework application. They comprise the basic unit of deployment, versioning, reuse, activation scope, and security authentication. The combination of applications is downloaded from the Web site to the client. • Which URL is the combination obtained from? The security policy requires an explicit address, and the combination is downloaded from this address. • Which area is the combination obtained from? A zone is a description of the code-based location for security standards, such as the Internet, intranet, and native, and so on. • What is the combined strong name (strong name)? A strong name is a password-hardened identifier provided by the creator of the combination. Although it does not provide any proof of the creator, it uniquely identifies the combination, ensuring that the combination has not been compromised. based on the answers to these questions and other evidence, the security strategy can be used to calculate the appropriate license for the combined scale. Evidence can be obtained from a variety of sources, including the CLR, browser, Microsoft, and Shell-which relies on the source of the code. policy-driven trust models use code evidencewhen the combination is called into memory, the CLR policy system determines what permissions to combine by collecting the combined evidence and calculating the evidence in a strategic environment. The CLR policy system then gives a combination of licenses based on the approved evidence and combinations made by the license request. Only if the combination is given a minimum set of licenses, or the combination does not require permission at all, the creator of the combination will know that the combination is working correctly. With one or more requests for a specific license, such additional requirements can be transferred to the room policy system. depending on the type of license request, the policy system can further restrict the license to the combination (remove unnecessary licenses) or even refuse to load the combination into memory (if the minimum license required to run the mix is not given by the policy). In the absence of any license request, the combination will never be given more than the license permissions that the policy system will grant, and the request is only a further restriction of the license granted. security Policies contain a number of code groups that contain the permissions that should be granted based on evidence. The license described by the code group can be provided to a combination obtained from a specific security zone, or to a combination signed by a particular publisher, and so on. Although a set of default code groups (and associated licenses) are issued with the CLR, administrators can set these CLR security to suit their specific needs. Remember that by defining the code group associated with the evidence, anything can be submitted as evidence as long as the security policy can use it. The process of creating a license involves an assessment of the evidence to determine which level the code group applies to: Enterprise, machine, and user. The policy evaluates these three levels in the order above, and then creates a three-level license setting. Administrators can mark any one policy level as final, which prevents further evaluation of the policy at other levels. For example, an administrator can terminate a policy at the machine level, which prevents user-level policy from applying to that combination. Once the policy is complete, the initial setup of the license is created. A combination optimizes these licenses by making specific requests from three aspects:• The first aspect is to specify the minimum license setting that must be owned in order for the combination to run. If these licenses are not given, then the combination will be different into memory and throw an exception. • Second, you can specify a set of optional licenses. Although the combination would like these licenses to exist, it can still be transferred into memory if these licenses are not available. • Finally, a particularly well-behaved combination actually rejects risky licenses that they do not need. These three optimization options are implemented as declarative statements when they are tuned in. at run time, the license is calculated based on the execution of the code. The diagram on the right summarizes the sequence in which this process occurs. The combination A3 provides its evidence and evidence from the host to the Strategy evaluator. The policy evaluator also considers the license request from the combination when creating the license, "G3". The combined A3 is called by the combined A2, and A2 is called by the combo A1. When a composite A3 performs an operation that raises a security check, the licenses A2 and A1 are also checked to ensure that they have the permissions requested by A3. In this process, this process is called a stack walk (walking), and the permissions for each combination in the stack are checked to determine whether the given permission settings contain the permissions required for the security check. If each combination in the stack is given the permission required for security checks, the call succeeds. How any combination does not give the required permission, the stack traversal process fails, and the security exception is thrown. Figure 1. Hosts and combinations provide evidence for the policy evaluator, and the evaluator uses security policies and licensing requests to determine the combined license permissions. License permissions for different running components in the application are then used to make authorization decisions. code access security stack traversal can protect your code from attack. In a well-versed attack, malicious code deceives trusted code to perform operations that it cannot run alone-effectively exploiting the code's permissions for malicious purposes. It is difficult for developers to guard against such attacks-but the stack traversal ensures that if code is involved in a lower level of trust, a valid license is reduced to the license of the code with the lowest trust level. as a result, the code obtains different levels of trust from the source and runs under the constraints that are appropriate for a particular code execution environment. 5 called "free" security edits some activities, such as reading and writing files, displaying dialog boxes, reading and writing environment variables, can be implemented by the. NET Framework method contained in the framework security architecture. This enables the. NET framework to allow or disallow an operation based on security policy, without requiring the programmer to do extra work. While the creators of management classes that have exposed protection resources have made clear security demands in their libraries, developers who use the. NET Framework class Library to access protected resources are free to exploit code to access security systems; they do not have to make explicit security calls. administrators can optimize security policies by deciding which licenses to grant, and then rely on the. NET framework to handle all security operations. Code access security can block most malicious attacks, and validation of code reduces cache overflow and other undesirable behavior that can lead to a security attack. As a result, applications and components are inherently protected from the impact of most security issues, which have been trapped around the implementation of native code. role-based securityit is sometimes appropriate to make a certification decision based on a certified identity or based on a role associated with the code execution context. For example, financial and enterprise software can enforce policies by evaluating the enterprise logic of role information. The data for financial transactions can be limited based on the user role that is requested. The cashier is allowed to handle a certain amount of the request, and all work that is more than that amount needs to be handled by the supervisor's role. identities can be mapped to users who log on to the system, or are defined by the application. The corresponding principles encapsulate identity and other related role information (for example, but not limited to this, the user's "group" is defined by the operating system). Certifications and authorizationsauthentication is a process that receives a certificate from a user and confirms the authorization of the certificate. If the certificate is valid, then the user can say that he has a certified identity. The authorization process is to determine whether the authenticated user has access to the given resource. Authentication can be done through system or enterprise logic, which is or is obtained through an API. The authentication API is fully extensible, so developers can use their own enterprise logic as needed. Developers can encode their authentication requirements or modify the underlying authentication methods without changing their code too much. In addition to Microsoft Windows operating system authentication, there are authentication methods that include basic HTTP, digest and Kerberos, as well as Microsoft Passport and forms-based authentication. These authentication methods are fully integrated into the process. In form authentication, the user provides the certificate and submits the form. If the application consult a request, the system sends a cookie that, in some form, contains the keyword containing the certificate or the re-acquired identity. The request that is sent next contains a cookie in the header that the handler authenticates and authorizes through any valid method that the application expects. If the request is not authenticated, the HTTP client will be used to send the request to the authentication form, where the user may provide a certificate of trust. Form authentication is sometimes used for personalization--to set the content of a known user. In some cases, identity is the problem rather than authentication, so the user's personalized information can simply be accessed by the user or obtained. The purpose of authorization is to determine whether the requested identity is given access to a given resource. Two types of licensing services are available: File authorization and URL authorization. The file authorization determines which access control list the user is using, based on the method being used and the identity that makes the request. URL authorization is a logical mapping between a URI namespace and a different user or role. Isolated StorageThe . NET Framework provides a special feature, isolated storage, for storing data, even when access to a file is not allowed-for example, when an administrative control is downloaded from the Internet and runs it, providing it with limited permissions but no right to read and write files. Isolated Storage is a new set of used. NET supported types and methods for local storage. In essence, each combination can access an isolated storage space on the disk. It does not allow access to other data, and isolated storage is only valid for the combination created for it. Isolated storage can also be used by applications to save activity records, save settings, or save state data to disk for future use. Because the location of the quarantined storage is predetermined, the isolated storage provides a convenient way to specify a unique storage space without having to decide on the file path. the code obtained from the local enterprise LAN has similar limitations, but less, it can access the large amount of isolated storage. Finally, code from the Restricted Sites zone (which does not trust the site) does not have access to the quarantined storage. EncryptThe . NET Framework provides a set of cryptographic objects that support cryptographic algorithms, digital signatures, hashing, generating random numbers, and are implemented through well-known algorithms such as RSA, DSA, Rijndael/aes, Triple des, des, and RC2, And MD5, SHA1, SHA-256, SHA-384, and SHA-512 hashing algorithms. It also supports the XML digital signature specification developed in the IETF and the company. NET Framework uses cryptographic objects to support internal services. These objects are also provided as administrative code to developers who require encryption support. How do i specify security? If you want to modify the behavior of the composite runtime, you can make declarative or enforced security changes as required by the programmer. Declarative Securitydeclarative security enables programmers to specify security requirements for a combination directly in the metadata of the combined code. The license request and all other forms of declarative security are specified in the code as a fixed property. The annotations for classes, properties, and methods are used to optimize licensing. For example, declarative security can be used by callers of a class to check whether the caller is known to have Peddler signed before calling the method, or to have a specific strong name. because declarative attributes are part of the combined metadata, the security requirements of a combination are easily distinguishable. You can use the tool to scan a combination to discover which methods require certain permissions and which methods assert certain licenses. when the requested activity and permission are known at compile time, declarative checking can be used as one of the selected solutions. For example, if the method always checks for write access permission to C:temp, then the license check will benefit from the declaration. On the other hand, forced security may be a better solution if the requested location with access has changed. forced-type securityforced security is implemented directly in the code. The programmer takes the security activity through the program and decides whether to grant or deny the license based on the state of the security stack. For example, if a method requests access to a particular file, the request fails if the caller (or any of the method's callers) is not given the required permissions. Because the forced type security is implemented by the program, it satisfies the dynamic demand. If you need access to a particular file, but the license also changes depending on other information, forced security is an optional solution. 6 summary edits The . NET Framework Security caters to the fact that software develops to diversify mobile components and provides protection based on that fact. Under a granular, extensible policy and licensing system, users can run powerful code while reducing associated risks. Administrators can create strong security policies at various levels when trust decisions are made to users when they are not running. The policy is fully configurable. Developers can focus on the application logic without having to worry about the core security issue (which is handled transparently by the CLR). However, developers can extend the security model at any time. Web Services engineThere are many programmers and users who are eager to have a well-established and transparent infrastructure to build webservices (Internet service). The. NET framework is the infrastructure that is provided for this requirement. NETFramework provides application models and key technologies that make it easy for developers to generate, program, and continue to develop highly secure, stable, and highly extensible web Services with legacy Technologies. For the. NET Framework, all of the components can become Web services,web Services Just another component of the form. Microsoft integrates the advantages of COM, and it does not have to be as rigorous as COM to lock up two objects, and the. NET Framework loosely locks the components of this type of Web Services. This result makes it very easy for developers to develop powerful Web services components, improve overall security and reliability, and greatly increase the scalability of the system. .Made up of three partsthe purpose of the. NET Framework is to make Web Services and Internet applications work as simple as the. NET Framework consists of three parts: the first part is the common Language Runtime (CLR, all. NET Program Language, the second part is the Shared Object class library (which provides the basic objects required for all. NET programming languages), and the third part is written back as a component (the older version is the object required to provide ASP Web pages in Asp.dll). It doesn't have a big impact on the machine after it's basically installed.NET Framework is an internal Windows component that supports building and running next-generation applications and XML Web servicesNET run environment, similar to the Run Time library thing, to run. NET computer must have this thing installed. Specifically, internal Windows components that support the generation and running of next-generation applications and XML WEB services. The. NET Framework is designed to achieve the following objectives:provides a consistent object-oriented programming environment, regardless of whether the object code is stored and executed locally, is executed locally but is distributed on the Internet, or is executed remotely. provides a code execution environment that minimizes software deployment and version control conflicts. provides a code execution environment that can improve code execution security, including code created by unknown or incompletely trusted third parties. provides a code execution environment that can eliminate the scripting environment or explain the performance issues of the environment. make the developer experience consistent across applications that are very different types, such as Windows-based applications and WEB-based applications. generate all communications according to industry standards to ensure that the. NET Framework-based code can be integrated with any other code. the. NET Framework has two main components: the common language runtime and the. NET Framework class library. The common language runtime is the foundation of the. NET Framework. You can treat the runtime as a proxy for managing code at execution time, providing core services such as memory management, thread management, and remoting, and enforcing strict type safety and other forms of code accuracy that improve security and reliability. In fact, the concept of code management is the basic principle of the runtime. Code that targets the runtime is called managed code, and code that does not target the runtime is called unmanaged code. Another major component of the. NET Framework is the class library, which is a comprehensive set of object-oriented reusable types that you can use to develop a variety of applications. These applications include traditional command line or graphical user interface (GUI) applications, and also include applications based on the latest innovations provided, such as Web Forms and XML Web services. The . NET Framework can be hosted by unmanaged components that load the common language runtime into their processes and initiate execution of managed code to create a software environment that can leverage both managed and unmanaged functionality. The. NET Framework provides not only several runtime hosts , and also supports the development of third-party runtime hosts. For example, the hosting runtime has provided a scalable server-side environment for managed code. Use the runtime directly to enable applications and XML WEB services (both are discussed later in this topic). Internet Explorer is an example of an unmanaged application that hosts the runtime (in the form of MIME-type extensions). Using Internet Explorer to host the runtime enables you to embed managed components or Windows forms controls in an HTML document. Hosting the runtime in this way enables managed mobile code (similar to microsoft® activex® Control) is possible, but it requires significant improvements that only managed code can provide, such as incomplete trusted execution and isolated file storage.
. NET Framework3.5 Service Pack 1(x86x64) bit:. NET Framework 4 (X86X64) Bits:
. NET Framework 4.5 (X86X64) bit:. NET Framework 4.5.1 (x86x64) bit:
. NET Framework 4.5.2 (x86x64) Bits:
