Chapter 23: .NET Security

Overview

You're sitting at your machine and you click a button on an application you're using. Behind the scenes, your application responds to the fact that you are attempting to use a feature for which it does not have the relevant module. It connects to the Internet, downloads the module into the Global Assembly Cache, and begins executing, and all without you being prompted.

This kind of behind-the-scenes upgrade functionality will become the norm in the not-too- distant future, but clearly there is a concern here over the security implications relating to what we call mobile code . In clear terms, what evidence do we actually have that the code your computer is downloading can be trusted? How do we know that the module we requested is, in fact, the one that we are receiving? What does the CLR do behind the scenes to ensure, for example, a control on a web site is not reading our private e- mails ?

.NET enforces a security policy around assemblies. It uses the evidence it has about assemblies, for example where they are from or who publishes them, to split the assemblies into groups with similar characteristics. For example, the runtime places all code from the local intranet into a specific group . It then uses the security policy (normally defined by a system administrator using the Code Access Security Policy Tool ( caspol .exe ) command-line utility, or the Microsoft Management Console) to decide what permissions the code should be granted at a very granular level. What do you need to do to enable security on a machine or for a specific application? Nothing - all code automatically runs within the security context of the CLR, although you can turn security off if for some reason you need to.

In addition to high levels of confidence that the code we are executing can be trusted, it is also important to be sure we are permitting the user of our application access to the features they need, but no more. Effective management of users and roles is something else .NET can help us with by virtue of its role-based security.

In this chapter we will look through the features available in .NET to help us manage security, including how .NET protects us from malicious code, how we administer security policies, and how we access the security sub-system programmatically. We will also take a look at deploying .NET applications securely and see a number of short example applications to solidify the concepts in this chapter for you.