Chapter 14: Win32 API Overview


Overview

  • Defining Win32 API Usage Requirements

  • Determining How to Use the Windows Security API

  • Understanding How Access Problems Affect the Win32 API

  • Working with the Access Control Editor

  • Working with the Security Configuration Editor

  • Creating an Application That Uses SIDs

  • Developing Applications That Use the DACL and ACE Directly

Writing a managed application means that you rely on the .NET Framework to provide essential application functionality. The managed environment brings with it features such as memory management that developers have always wanted in the Windows programming environment. However, you can’t write every application you want using pure managed code today. The Win32 API is huge. It includes functionality that no one is supposed to use anymore because Microsoft has introduced better features over time. In addition, some Win32 API features are so obscure that Microsoft felt that most developers wouldn’t use them. Finally, because the .NET Framework is so young, Microsoft simply hasn’t had time to implement every possible feature from the Win32 API. For all these reasons and more, you occasionally need to use the Win32 API directly within your application.

Note

This chapter assumes you have some knowledge of how to use the Win32 API. In addition, it only provides information on the security uses of the Win32 API. You can learn more about the Win32 API and its uses in my book .NET Framework Solutions: In Search of the Lost Win32 API (Sybex, 2002).

This book first demonstrated a use for the Win32 API in the “Working Directly with the Domain Controller” section of Chapter 12. However, Chapter 12 doesn’t really discuss the situations in which you would use the Win32 API for security because that chapter focuses on working with Active Directory. This chapter discusses situations in which you’ll find the Win32 API particularly helpful. In addition, it helps you understand which Win32 API functions you should avoid to maintain application security. The chapter then tells you about specific functions that you’ll find helpful and others you must use to accomplish specific tasks.

Many developers don’t realize that the Windows interface provides a number of tools that help check the results of security changes. The next two sections of the chapter discuss the most essential of these security tools, the Access Control Editor and the Security Configuration Editor. Using these tools to check security results can ensure that the security measures you think are in place actually work as anticipated. Unlike code access security and role-based security, the results of using a Win32 API call aren’t always clear.

The remaining sections of the chapter demonstrate various common security tasks. You’ll learn how to work with security identifiers (SIDs), the Security Access Control List (SACL), the Discretionary Access Control List (DACL), and Access Control Entries (ACEs). These four elements form the basis of Win32 API security, so you need to understand all four in order to maintain some level of application security.




.Net Development Security Solutions
.NET Development Security Solutions
ISBN: 0782142664
EAN: 2147483647
Year: 2003
Pages: 168

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net