Building Secure Microsoft ASP.NET Applications (Paperback
暫譯: 建立安全的 Microsoft ASP.NET 應用程式 (平裝本)

Summary

Your guide to authentication, authorization, and secure communication.

Building secure distributed Web applications can be challenging. It usually involves integrating several different technologies and products—yet your complete application will only be as secure as its weakest link. This guide presents a practical, scenario-driven approach to designing and building security-enhanced ASP.NET applications for Microsoft® Windows® 2000 and version 1.1 of the Microsoft .NET Framework. It focuses on the key elements of authentication, authorization, and secure communication within and across the tiers of distributed .NET Web applications.

This guide focuses on:
• Authentication—to identify the clients of your application
• Authorization—to provide access controls for those clients
• Secure communication—to help ensure that messages remain private and are not altered by unauthorized parties

Who should read this guide:
Middleware developers and architects who build or plan to build .NET Web applications using ASP.NET, XML Web Services, Enterprise Services (COM+), .NET Remoting, or Microsoft ADO.NET

About “Patterns and Practices”:
Patterns & Practices contain specific recommendations illustrating how to design, build, deploy, and operate architecturally sound solutions to challenging business and technical scenarios. The technical guidance is reviewed and approved by Microsoft engineering teams, consultants, and Product Support Services, and by partners and customers.

Note: Includes complete sample on the Web.

Table of Contents

Acknowledgements	xxiii
Preface	xxv
CHAPTER 1   Introduction	1
The Connected Landscape	1
The Foundations	2
Authentication	2
Authorization	2
Secure Communication	3
Tying the Technologies Together	3
Design Principles	4
Summary	6
CHAPTER 2   Security Model for ASP.NET Applications	7
.NET Web Applications	7
Logical Tiers	8
Physical Deployment Models	9
Implementation Technologies	10
Security Architecture	11
Security Across the Tiers	12
Authentication	13
Authorization	16
Gatekeepers and Gates	17
Introducing .NET Framework Security	20
Code Access Security	20
Principals and Identities	21
WindowsPrincipal and WindowsIdentity	23
GenericPrincipal and Associated Identity Objects	23
ASP.NET and HttpContext.User	24
Remoting and Web Services	24
Summary	25
CHAPTER 3   Authentication and Authorization Design	27
Designing an Authentication and Authorization Strategy	28
Identify Resources	28
Choose an Authorization Strategy	28
Choose the Identities Used for Resource Access	29
Consider Identity Flow	30
Choose an Authentication Approach	31
Decide How to Flow Identity	31
Authorization Approaches	32
Role Based Authorization	32
Resource Based Authorization	33
Resource Access Models	33
The Trusted Subsystem Model	33
The Impersonation / Delegation Model	35
Choosing a Resource Access Model	36
Flowing Identity	38
Application vs. Operating System Identity Flow	38
Impersonation and Delegation	38
Role-Based Authorization	40
.NET Roles	40
Enterprise Services (COM+) Roles	42
SQL Server User Defined Database Roles	42
SQL Server Application Roles	42
.NET Roles versus Enterprise Services (COM+) Roles	43
Using .NET Roles	44
Choosing an Authentication Mechanism	47
Internet Scenarios	49
Intranet / Extranet Scenarios	50
Authentication Mechanism Comparison	51
Summary	51
CHAPTER 4   Secure Communication	53
Know What to Secure	54
SSL/TLS	55
Using SSL	55
IPSec	56
Using IPSec	56
RPC Encryption	57
Using RPC Encryption	57
Point to Point Security	58
Browser to Web Server	58
Web Server to Remote Application Server	59
Application Server to Database Server	59
Choosing Between IPSec and SSL	61
Farming and Load Balancing	61
More Information	61
Summary	61
CHAPTER 5   Intranet Security	63
ASP.NET to SQL Server	64
Characteristics	64
Secure the Scenario	65
The Result	65
Security Configuration Steps	66
Analysis	68
Q&A	69
Related Scenarios	70
ASP.NET to Enterprise Services to SQL Server	71
Characteristics	72
Secure the Scenario	72
The Result	73
Security Configuration Steps	74
Analysis	76
Pitfalls	77
ASP.NET to Web Services to SQL Server	77
Characteristics	78
Secure the Scenario	78
The Result	79
Security Configuration Steps	79
Analysis	82
Pitfalls	84
Q&A	84
ASP.NET to Remoting to SQL Server	85
Characteristics	85
Secure the Scenario	85
The Result	86
Security Configuration Steps	87
Analysis	89
Pitfalls	90
Flowing the Original Caller to the Database	91
ASP.NET to SQL Server	92
ASP.NET to Enterprise Services to SQL Server	93
The Result	94
Analysis	98
Pitfalls	99
Summary	99
CHAPTER 6   Extranet Security	101
Exposing a Web Service	102
Characteristics	102
Secure the Scenario	103
The Result	103
Security Configuration Steps	104
Analysis	107
Pitfalls	108
Q&A	108
Exposing a Web Application	109
Scenario Characteristics	109
Secure the Scenario	110
The Result	111
Analysis	113
Pitfalls	115
Summary	115
CHAPTER 7   Internet Security	117
ASP.NET to SQL Server	118
Characteristics	118
Secure the Scenario	119
The Result	120
Security Configuration Steps	120
Analysis	122
Pitfalls	124
Related Scenarios	124
ASP.NET to Remote Enterprise Services to SQL Server	125
Characteristics	126
Secure the Scenario	127
The Result	128
Security Configuration Steps	128
Analysis	132
Pitfalls	133
Related Scenarios	133
Summary	134
CHAPTER 8   ASP.NET Security	135
ASP.NET Security Architecture	135
Gatekeepers	137
Authentication and Authorization Strategies	139
Available Authorization Options	140
Windows Authentication with Impersonation	141
Windows Authentication without Impersonation	143
Windows Authentication Using a Fixed Identity	145
Forms Authentication	145
Passport Authentication	147
Configuring Security	147
Configure IIS Settings	149
Configure ASP.NET Settings	149
Secure Resources	152
Secure Communication	155
Programming Security	155
An Authorization Pattern	156
Creating a Custom IPrincipal class	158
Windows Authentication	159
Forms Authentication	160
Development Steps for Forms Authentication	162
Forms Implementation Guidelines	165
Hosting Multiple Applications Using Forms Authentication	166
Cookieless Forms Authentication	166
Passport Authentication	167
Custom Authentication	168
Process Identity for ASP.NET	168
Use a Least Privileged Account	168
Avoid Running as SYSTEM	169
Using the Default ASPNET Account	169
Impersonation	172
Impersonation and Local Resources	172
Impersonation and Remote Resources	172
Impersonation and Threading	172
Accessing System Resources	173
Accessing the Event Log	173
Accessing the Registry	174
Accessing COM Objects	174
Apartment Model Objects	174
Accessing Network Resources	176
Using the ASP.NET Process Identity	176
Using a Serviced Component	177
Using the Anonymous Internet User Account	178
Using LogonUser and Impersonating a Specific Windows Identity	180
Using the Original Caller	180
Accessing Files on a UNC File Share	181
Accessing Non-Windows Network Resources	181
Secure Communication	182
Storing Secrets	182
Options for Storing Secrets in ASP.NET	184
Consider Storing Secrets in Files on Separate Logical Volumes	184
Securing Session and View State	185
Securing View State	185
Securing Cookies	185
Securing SQL Session State	185
Web Farm Considerations	188
Session State	188
DPAPI	188
Using Forms Authentication in a Web Farm	188
The <machineKey> Element	189
Summary	190
CHAPTER 9   Enterprise Services Security	193
Security Architecture	193
Gatekeepers and Gates	195
Use Server Applications for Increased Security	196
Security for Server and Library Applications	197
Code Access Security Requirements	197
Configuring Security	198
Configuring a Server Application	198
Configuring an ASP.NET Client Application	205
Configuring Impersonation Levels for an Enterprise Services Application	206
Programming Security	207
Programmatic Role-Based Security	207
Identifying Callers	208
Choosing a Process Identity	208
Avoid Running as the Interactive User	208
Use a Least-Privileged Custom Account	209
Accessing Network Resources	209
Using the Original Caller	210
Using the Current Process Identity	210
Using a Specific Service Account	211
Flowing the Original Caller	211
Calling CoImpersonateClient	212
RPC Encryption	213
More Information	213
Building Serviced Components	213
DLL Locking Problems	213
Versioning	214
QueryInterface Exceptions	215
DCOM and Firewalls	215
More Information	215
Calling Serviced Components from ASP.NET	216
Caller’s Identity	216
Use Windows Authentication and Impersonation Within
the Web-based Application	216
Configure Authentication and Impersonation within Machine.config	216
Configuring Interface Proxies	216
Security Concepts	219
Enterprise Services (COM+) Roles and .NET Roles	220
Authentication	221
Impersonation	222
Summary	224
CHAPTER 10   Web Services Security	225
Web Service Security Model	225
Platform/Transport Level (Point-to-Point) Security	226
Application Level Security	227
Message Level (End-to-End) Security	227
Platform/Transport Security Architecture	229
Gatekeepers	230
Authentication and Authorization Strategies	231
Windows Authentication with Impersonation	231
Windows Authentication without Impersonation	233
Windows Authentication Using a Fixed Identity	235
Configuring Security	236
Configure IIS Settings	236
Configure ASP.NET Settings	237
Secure Resources	237
Disable HTTP-GET, HTTP-POST	237
Secure Communication	238
Passing Credentials for Authentication to Web Services	238
Specifying Client Credentials for Windows Authentication	239
Calling Web Services from Non-Windows Clients	241
Proxy Server Authentication	242
Flowing the Original Caller	242
Default Credentials with Kerberos Delegation	243
Explicit Credentials with Basic or Forms Authentication	245
Trusted Subsystem	248
Flowing the Caller’s Identity	249
Configuration Steps	249
Accessing System Resources	250
Accessing Network Resources	250
Accessing COM Objects	251
More Information	251
Using Client Certificates with Web Services	251
Authenticating Web Browser Clients with Certificates	252
Using the Trusted Subsystem Model	252
Secure Communication	255
Transport Level Options	256
Message Level Options	256
Summary	256
CHAPTER 11   .NET Remoting Security	259
.NET Remoting Architecture	259
Remoting Sinks	260
Anatomy of a Request When Hosting in ASP.NET	262
ASP.NET and the HTTP Channel	263
.NET Remoting Gatekeepers	264
Authentication	265
Hosting in ASP.NET	265
Hosting in a Windows Service	266
Authorization	267
Using File Authorization	267
Authentication and Authorization Strategies	268
More Information	269
Accessing System Resources	269
Accessing Network Resources	270
Passing Credentials for Authentication to Remote Objects	270
Specifying Client Credentials	270
Flowing the Original Caller	273
Default Credentials with Kerberos Delegation	274
Explicit Credentials with Basic or Forms Authentication	276
Trusted Subsystem	280
Flowing the Caller’s Identity	281
Choosing a Host	282
Configuration Steps	282
Secure Communication	284
Platform Level Options	284
Choosing a Host Process	285
Recommendation	285
Hosting in ASP.NET	285
Hosting in a Windows Service	286
Hosting in a Console Application	287
Remoting vs. Web Services	288
Summary	289
CHAPTER 12   Data Access Security	291
Introducing Data Access Security	291
SQL Server Gatekeepers	293
Trusted Subsystem vs. Impersonation/Delegation	293
Authentication	295
Windows Authentication	295
SQL Authentication	301
Authenticating Against Non-SQL Server Databases	303
Authorization	304
Using Multiple Database Roles	304
Secure Communication	305
The Options	306
Choosing an Approach	306
Connecting with Least Privilege	307
The Database Trusts the Application	307
The Database Trusts Different Roles	307
The Database Trusts the Original Caller	308
Creating a Least Privilege Database Account	308
Storing Database Connection Strings Securely	310
The Options	310
Using DPAPI	310
Using Web.config and Machine.config	314
Using UDL Files	314
Using Custom Text Files	316
Using the Registry	316
Using the COM+ Catalog	316
Authenticating Users against a Database	317
Store One-way Password Hashes (with Salt)	317
SQL Injection Attacks	319
Auditing	323
Process Identity for SQL Server	324
Summary	325
CHAPTER 13   Troubleshooting Security Issues	327
Process for Troubleshooting	327
Searching for Implementation Solutions	328
Troubleshooting Authentication Issues	329
IIS Authentication Issues	329
Using Windows Authentication	330
Using Forms Authentication	331
Kerberos Troubleshooting	331
Troubleshooting Authorization Issues	331
Check Windows ACLs	331
Check Identity	331
Check the <authorization> Element	332
ASP.NET	333
Enable Tracing	333
Configuration Settings	333
Determining Identity	334
Determining Identity in a Web Page	334
Determining Identity in a Web service	336
Determining Identity in a Visual Basic 6 COM Object	336
.NET Remoting	337
More Information	337
SSL	338
More Information	338
IPSec	338
Auditing and Logging	339
Windows Security Logs	339
SQL Server Auditing	339
IIS Logging	340
Troubleshooting Tools	341
File Monitor (FileMon.exe)	341
Fusion Log Viewer (Fuslogvw.exe)	341
ISQL.exe	342
Windows Task Manager	342
Network Monitor (NetMon.exe)	343
Registry Monitor (regmon.exe)	343
WFetch.exe	343
Visual Studio .NET Tools	344
WebServiceStudio	344
Windows 2000 Resource Kit	344
Index of How Tos	345
ASP.NET	345
Authentication and Authorization	345
Cryptography	345
Enterprise Services Security	345
Web Services Security	346
Remoting Security	346
Secure Communication	346
How To:  Create a Custom Account to Run ASP.NET	347
ASP.NET Worker Process Identity	347
Impersonating Fixed Identities	348
Notes	348
Summary	349
1. Create a New Local Account	349
2. Assign Minimum Privileges	349
3. Assign NTFS Permissions	350
4. Configure ASP.NET to Run Using the New Account	352
How To: Use Forms Authentication with Active Directory	353
Requirements	353
Summary	353
1. Create a Web Application with a Logon Page	354
2. Configure the Web Application for Forms Authentication	355
3. Develop LDAP Authentication Code to Look Up the User in Active Directory	356
4. Develop LDAP Group Retrieval Code to Look Up the User’s Group Membership	357
5. Authenticate the User and Create a Forms Authentication Ticket	358
6. Implement an Authentication Request Handler to Construct a GenericPrincipal Object	360
7. Test the Application	362
How To: Use Forms Authentication with SQL Server 2000	363
Requirements	364
Summary	364
1. Create a Web Application with a Logon Page	364
2. Configure the Web Application for Forms Authentication	365
3. Develop Functions to Generate a Hash and Salt value	366
4. Create a User Account Database	367
5. Use ADO.NET to Store Account Details in the Database	368
6. Authenticate User Credentials Against the Database	369
7. Test the Application	371
Additional Resources	372
How To: Create GenericPrincipal Objects with Forms Authentication	373
Requirements	374
Summary	374
1. Create a Web Application with a Logon Page	374
2. Configure the Web Application for Forms Authentication	商品描述(中文翻譯) 摘要 您的身份驗證、授權和安全通信指南。 建立安全的分散式 Web 應用程式可能具有挑戰性。這通常涉及整合幾種不同的技術和產品，但您的完整應用程式的安全性將僅取決於其最薄弱的環節。本指南提供了一種實用的、以情境為驅動的方式，來設計和構建針對 Microsoft® Windows® 2000 和 Microsoft .NET Framework 1.1 的安全增強 ASP.NET 應用程式。它專注於分散式 .NET Web 應用程式內部及跨層的身份驗證、授權和安全通信的關鍵要素。 本指南專注於： • 身份驗證——識別您的應用程式的客戶端 • 授權——為這些客戶端提供訪問控制 • 安全通信——幫助確保消息保持私密且不被未經授權的方篡改 誰應該閱讀本指南： 中介軟體開發人員和架構師，他們正在構建或計劃構建使用 ASP.NET、XML Web Services、Enterprise Services (COM+)、.NET Remoting 或 Microsoft ADO.NET 的 .NET Web 應用程式。 關於「模式與實踐」： 模式與實踐包含具體建議，說明如何設計、構建、部署和運營架構合理的解決方案，以應對具有挑戰性的商業和技術情境。這些技術指導經過 Microsoft 工程團隊、顧問和產品支持服務，以及合作夥伴和客戶的審查和批准。 注意：包括完整的網頁範例。 目錄 致謝 xxiii 前言 xxv 第一章 介紹 1 連接的環境 1 基礎 2 身份驗證 2 授權 2 安全通信 3 技術整合 3 設計原則 4 總結 6 第二章 ASP.NET 應用程式的安全模型 7 .NET Web 應用程式 7 邏輯層 8 物理部署模型 9 實作技術 10 安全架構 11 跨層的安全性 12 身份驗證 13 授權 16 守門人和門 17 介紹 .NET Framework 安全性 20 代碼訪問安全性 20 主體和身份 21 WindowsPrincipal 和 WindowsIdentity 23 GenericPrincipal 和相關身份物件 23 ASP.NET 和 HttpContext.User 24 遠程和 Web 服務 24 總結 25 第三章 身份驗證和授權設計 27 設計身份驗證和授權策略 28 識別資源 28 選擇授權策略 28 選擇用於資源訪問的身份 29 考慮身份流 30 選擇身份驗證方法 31 決定如何流動身份 31 授權方法 32 基於角色的授權 32 基於資源的授權 33 資源訪問模型 33 受信子系統模型 33 模擬/委派模型 35 選擇資源訪問模型 36 流動身份 38 應用程式與作業系統身份流 38 模擬和委派 38 基於角色的授權 40 .NET 角色 40 企業服務 (COM+) 角色 42 SQL Server 用戶定義的數據庫角色 42 SQL Server 應用程式角色 42 .NET 角色與企業服務 (COM+) 角色 43 使用 .NET 角色 44 選擇身份驗證機制 47 互聯網情境 49 內部網路/外部網路情境 50 身份驗證機制比較 51 總結 51 第四章 安全通信 53 了解需要保護的內容 54 SSL/TLS 55 使用 SSL 55 IPSec 56 使用 IPSec 56 RPC 加密 57 使用 RPC 加密 57 點對點安全 58 瀏覽器到 Web 伺服器 58 類似商品 VIP 95折 $2,380 $2,261 Enterprise Services with the .NET Framework : Developing Distributed Business Solutions with .NET Enterprise Services 50折 $875 Visual Basic .NET Developer's Guide to ASP.NET, XML and ADO.NET VIP 95折 $1,870 $1,777 Programming Windows Security (Paperback) VIP 95折 $1,890 $1,796 Programming ASP.NET, 2/e VIP 95折 $1,530 $1,454 Microsoft SQL Server 2005: Changing the Paradigm (SQL Server 2005 Public Beta Edition) VIP 95折 $2,040 $1,938 The .NET Developer's Guide to Windows Security VIP 95折 $1,870 $1,777 CYA Securing IIS 6.0 (Paperback) VIP 95折 $1,890 $1,796 SQL Server 2005 Reporting Services in Action (Paperback) VIP 95折 $2,040 $1,938 Microsoft .NET Server Solutions for the Enterprise VIP 95折 $1,700 $1,615 Programming Data-Driven Web Applications with ASP.NET (Paperback)