What is . NET FrameworkSecurity?
. NET Framework provides a user and code security model that allows you to restrict operations that can be performed by users and code. To program role-based security and code access security, you canSystem. SecurityType used in the namespace .. NET Framework also providesSystem. Security. CryptographyNamespace: supports symmetric and asymmetric encryption and decryption, hash, random number generation, and digital signature.
To understand the basic security settings of. NET Framework, refer to the ". NET Security Basics" unit.
How to Write managed security code
Use a strong name to digitally sign the Assembly so that they cannot be modified at will. At the same time, when combining programs with strong names and ASP. NET, pay attention to the issue of Strong names. By following solid object-oriented design principles, you can reduce the attack surface of an assembly, and then use code access security to further limit which code can call your code. Use a structured exception handling method to prevent sensitive information from spreading beyond the current trust boundary and develop more reliable code. Avoid common problems, especially the input file name and URL.
For more information about how to improve the security of managed code, see "Build Secure assembly" units. For more information about how to effectively use code access security to further improve security, see the "code access security practices" unit. For information on executing a managed Code Review, see the Security Code Review unit.
How to handle exceptions safely
Do not display details of internal systems or applications, such as stack tracing and SQL statement fragments. Make sure that such information is not allowed to spread beyond the end user or the current trust boundary.
Security failure in an exception event ensures that the application rejects access and does not stay insecure. Do not record sensitive or private data, such as passwords, to avoid harm. When an exception is recorded or reported, if your input is included in the exception message, verify or clear it. For example, if an HTML error message is returned, encode the output to avoid Script Injection.
For more information, see the "Exception Management" section in "building secure assembly" and "building secure ASP. NET pages and controls.
How to perform security review for managed code
Use Analysis tools (such as FxCop) to analyze binary sets and ensure they comply with. NETFramework design guidelines. Fix all security defects identified by analysis tools. Use a text search tool to scan the source code library of hard-coded secrets (such as passwords. Then, review the specific application elements, including Web pages and controls, data access code, Web Services, and service components. Pay special attention to the defects in SQL injection and cross-site scripting.
We also need to review access security technologies using sensitive code, such as link statements and assertions. For more information, see the "Code Review" unit.
How to ensure the security of the developer Workstation
You can use one method to ensure the security of the workstation. Ensure the security of your account, protocol, port, service, sharing, files and directories, and registry. Most importantly, keep your workstation updated with the latest patches. If you run Internet Information Service (IIS) on Microsoft Windows _ XP or Windows 2000, run IISLockdown. IIS configuration for IISLockdown application security, and install the URLScan Internet Security Application Programming Interface (ISAPI) filter, which is used to detect and reject Potential Malicious HTTP requests. For example, you may need to modify the default URLScan configuration so that you can debug Web applications during development and testing.
For more information, see "how to ensure the security of the developer workstation" in the "how to do" section of this Guide ".
How to combine code access security and ASP. NET
With. NET Framework 1.1, you can set ASP. NET trust level in Machine. config or Web. config. These trust levels use code access security to restrict resources that ASP. NET applications can access, such as file systems, registries, networks, and databases. In addition, they provide application isolation.
For. for more information about how to use code access security, develop partially trusted Web applications, and sandbox privileged code, see "in ASP.. NET.
For more information about the basics of code access security, see the "code access security practices" unit.
For details about code access security issues that need to be considered during code development and hosting, see "code access security" for "building secure service components", "building secure Web Services", "Building Secure Remote components", and "building secure data access "note.
How to write code with minimum Permissions
You can restrict the operations that the code can perform, regardless of the account used to run the code. By configuring policies or writing code, you can use code access security to restrict the resources and operations allowed by the Code. If the Code does not need to access a certain resource or perform some sensitive operations (such as calling unmanaged code), you can use declarative security attributes to ensure that the Code is not granted by the Administrator.
For more information, see the "code access security practices" unit.
How to restrict files I/O
Code access security can be used to restrict the Assembly's ability to access file system regions and execute I/O. For example, you can restrict a Web application so that it can only execute file I/O under its virtual directory hierarchy. You can also restrict file I/O to a specific directory. This can be done by programming or configuring code access security policies.
For more information, see "file I/O" in the "code access security practices" unit and "Media Trust" in the "use code access security in ASP. NET" unit ". For more information about configuring code access security policies, see "How to Use CAS policies to constrain an assembly ".
How to Prevent SQLInjection
Use a parameterized stored procedure for data access. Make sure that the type and length of the input value are checked. Parameters are also considered as safe text values and unexecutable code in the database. If you cannot use stored procedures, use SQL statements with parameters. Do not establish SQL statements by connecting SQL commands and input values. Make sure that the application logs on to the database with the minimum permissions to restrict its functionality in the database.
For more information about SQL injection and further countermeasures, see "SQL injection" in the "Build Secure Data Access" unit ".
How to Prevent Cross-Site Scripting
Verify the input type, length, format, and range, and encode the output. If the output includes input (including Web Input), encode the output. For example, encode form fields, query string parameters, and cookies, and encode the input read from a database (especially a shared database) that cannot assume its data is secure. Encode the input field in the free format that needs to be returned to the client in HTML, and then selectively clear the allowed elements (for example, for formatting <B> Or mark.
For more information, see "Cross-Site Scripting" in the "Building ASP. NET pages and controls" unit ".
How to manage secrets
It is best to find an alternative to avoid Storing confidential information. If they must be stored, do not store them in plaintext in source code or configuration files. Use the Data Protection Application Programming Interface (DPAPI) to encrypt the secret to avoid key management issues.
For more information, see "building secure ASP.. NET page and control "unit" sensitive data "," Build Secure assembly "unit" encryption "and" ensure ASP. and processes, sessions, and identifiers ".
How to securely call unmanaged code
Pay special attention to the parameters passed to unmanaged APIs and unmanaged APIs to prevent potential buffer overflow. Verify the length of input and output string parameters, check the array boundary, and be especially careful with the length of the file path. Use a custom permission statement to protect access to unmanaged resources before you assert the permissions of unmanaged code. If you useSuppressUnmanagedCodeSecurityAttributeTo improve performance, please use it with caution.
For more information, see the "unmanaged code" section in "Build Secure assembly" and "code access security practices.
How to perform safe input verification
Restrict, deny, and clear input because it is easier to verify data of known valid types, modes, and ranges than to verify data by searching for known error characters. Verify the data type, length, format, and range. Use a regular expression for string input. To perform a type check, use the. NET Framework type system. Sometimes, you may need to clear the input. One example is to encode the data to ensure its security.
For input verification design policies, see "input verification" in the "Guidelines for Designing Secure Web Applications" unit ". For implementation details, see "building secure ASP. NET pages and controls, Build Secure Web Services, Build Secure Remote components, and build secure data access.
How to ensure the security of form Authentication
Divide Web sites to isolate public accessible pages that anonymous users can access and restricted pages that require authentication. Secure Sockets Layer (SSL) is used to protect form authentication creden。 and form authentication cookies. Restrict session survival time and ensure that authentication cookies are transmitted only over HTTPS. Encrypt the authentication cookie. Do not keep it on the client computer or use it for personalized purposes. Use a separate cookie for personalization.