Distributed component-based applications require security, and thus far Microsoft hasn't had a lot of positive feedback about its products' security features. Fortunately, the .NET designers decided to take a new approach, different than traditional OS security, which provides isolation and access control based on user accounts, and also unlike the model used by Java, where code that is not trusted is run in a "sandbox," with no access to critical resources.The .NET Framework provides a fine-grained control of application security.
Security for .NET applications starts as soon as a class is loaded by the CLR. Before the class loader instantiates a class, security information-such as accessibility rules and self-consistency requirements-are checked. Calls to class methods are checked for type safety. If you've ever heard of a security vulnerability caused by a "buffer overrun," you can understand why this is important.With verified code, a method that is declared as taking a 4-byte integer parameter will reject an attempt to call it with an 8-byte integer parameter.Verification also prevents applications from executing code at a random location in memory, a common tactic in buffer overflow exploits.
Additionally, as code requests access to certain resources, the class credentials are verified. .NET security crosses process boundaries and even machine boundaries to prevent access to sensitive data or resources in a distributed application environment. The following are some of the basic elements of the .NET security system:
_ Evidence-based security is a new concept introduced by the .NET Framework. An assembly contains several important pieces of information that can be used to decide what level of access to grant the component. Some of the information used includes what site the component was downloaded from, what zone that site was in, (Internet, intranet, local machine, and so on) and the strong name of the assembly. The strong name refers to an encrypted identifier that uniquely defines the assembly and ensures that it has not been tampered with.
_ The .NET Common Language Runtime further provides security using a Policy-Driven Trust Model Using Code Evidence. It sounds worse than it really is. Essentially this is a system of security policies that can be set by an administrator to allow certain levels of access based on the component's assembly information.The policies are set at three levels: the enterprise, the individual machine, and the user.
_ Calling .NET Framework methods from the Base Class Library get the benefits of built in security. That is, the developer doesn't have to make explicit security calls to access system resources. However, if your components expose interfaces to protected resources, you will be
expected to take the appropriate security measures.
_ Role-based security plays a part in the .NET security scheme. Many applications need to restrict access to certain functions or resources based on the user, and .NET introduces the concepts of identities and principals to incorporate these functions.
_ Authentication and authorization functions are accessed through a single API. It can easily be extended to incorporate application- specific logic as required. Authentication methods include basic operating system user identification, basic HTTP,ASP.NET forms, Digest and Kerberos, as well as the new .NET service,Microsoft .NET Passport.
_ Isolated storage is a special area on disk assigned to a specific assembly by the security system. No access to other files or data is allowed, and each assembly using isolated storage is separated from each other. Isolated storage can be used for a saving a components state, or saving settings, and can be used by components that do not have access to read and write files on the system.
_ A robust set of cryptographic functions that support encryption, digital signatures, hashing, and random-number generation are included in the .NET Framework.
Additionally, the XML Digital Signature specification, under development by the Internet Engineering Task Force (IETF) and the World Wide Web Consortium (W3C), is also available.
The .NET Framework uses these cryptographic functions to support various internal services.The cryptographic objects are also available in the Base Class Library for developers who require this functionality.