9. Demonstration 1 Type Safety Investigating .NET Data-Type Safety Using the checked keyword
10.
11.
12.
13.
14.
15. Security Check Stack Walks Call Stack Security System YourAssembly SomeAssembly .NET Framework Assembly Grant: Execute 1. An assembly requests access to a method in your assembly 2. Your assembly passes the request to a .NET Framework assembly 3. The security system ensures that all callers in the stack have the required permissions 4. The security system grants access or throws an exception Grant: ReadFile Grant: ReadFile Permission Demand Security exception Access denied Grant access? Call to ReadFile Call to ReadFile
16.
17.
18. Demonstration 2 Code Access Security Using the .NET Framework Configuration Tool Performing Security Checks Requesting Permissions
19.
20. Sandboxing Privileged Code Partial Trust Web Application Wrapper Assembly Secured Resource Sandboxed Code <trust level_”Medium” originUri_--/> Permissions Demanded then Asserted AllowPartiallyTrustedCallers attribute added Assembly installed into the global assembly cache Resource Access
21.
22.
23.
24.
25.
26.
27.
28. Demonstration 3 Role-Based Security Using Windows Role-Based Security Using Generic Role-Based Security
29.
30. Cryptography Review The .NET Framework provides classes that implement these operations Cryptography Term Description Symmetric Encryption Encrypting and decrypting data with a secret key Asymmetric Encryption Encrypting and decrypting data with a public/private key pair Hashing Mapping a long string of data to a short, fixed-size string of data Digital Signing Hashing data and encrypting the hash value with a private key
41. Demonstration 5 ASP.NET Web Application Security Configuring Forms Authentication Using Validation Controls
42.
43. Message-Level Security XML messages convey security information Credentials Digital signatures Messages can be encrypted Client Transport Service Transport Any Transport XML XML XML XML Security is independent from transport protocol
44.
45. Demonstration 6 Web Services Enhancements Implementing Security for a Web Service