Lesson 1: Minimizing Risk When Calling External Components in .NET

Creation QR Code 2d barcode in .NET Lesson 1: Minimizing Risk When Calling External Components

Lesson 1: Minimizing Risk When Calling External Components
QR Code JIS X 0510 Generation In VS .NET
Using Barcode drawer for .NET framework Control to generate, create QR image in Visual Studio .NET applications.
www.OnBarcode.com
Read QR Code JIS X 0510 In Visual Studio .NET
Using Barcode decoder for Visual Studio .NET Control to read, scan read, scan image in .NET applications.
www.OnBarcode.com
10-9
Barcode Drawer In .NET
Using Barcode generation for Visual Studio .NET Control to generate, create bar code image in VS .NET applications.
www.OnBarcode.com
Scan Bar Code In VS .NET
Using Barcode recognizer for .NET framework Control to read, scan read, scan image in Visual Studio .NET applications.
www.OnBarcode.com
G10NS1
Generate QR Code ISO/IEC18004 In C#.NET
Using Barcode drawer for .NET Control to generate, create QR-Code image in .NET applications.
www.OnBarcode.com
Painting QR Code ISO/IEC18004 In .NET Framework
Using Barcode printer for ASP.NET Control to generate, create QR image in ASP.NET applications.
www.OnBarcode.com
G10NS2
Paint QR In Visual Basic .NET
Using Barcode encoder for Visual Studio .NET Control to generate, create QR image in VS .NET applications.
www.OnBarcode.com
Create 2D Barcode In Visual Studio .NET
Using Barcode maker for Visual Studio .NET Control to generate, create Matrix 2D Barcode image in .NET framework applications.
www.OnBarcode.com
G10NS3
Generate Barcode In .NET Framework
Using Barcode creator for .NET Control to generate, create bar code image in VS .NET applications.
www.OnBarcode.com
Encoding Linear In .NET
Using Barcode generation for .NET framework Control to generate, create Linear image in Visual Studio .NET applications.
www.OnBarcode.com
10-10
GS1 DataBar Truncated Generation In Visual Studio .NET
Using Barcode maker for .NET framework Control to generate, create GS1 DataBar Limited image in .NET applications.
www.OnBarcode.com
Encode Bookland EAN In VS .NET
Using Barcode printer for VS .NET Control to generate, create ISBN image in .NET applications.
www.OnBarcode.com
10
GS1 128 Drawer In None
Using Barcode drawer for Software Control to generate, create GS1 128 image in Software applications.
www.OnBarcode.com
Draw GS1 - 13 In Visual C#.NET
Using Barcode generation for .NET Control to generate, create EAN13 image in .NET applications.
www.OnBarcode.com
Improving Security When Using External Components and Services
Print QR Code In Objective-C
Using Barcode encoder for iPad Control to generate, create QR Code image in iPad applications.
www.OnBarcode.com
PDF417 Printer In C#
Using Barcode drawer for Visual Studio .NET Control to generate, create PDF 417 image in VS .NET applications.
www.OnBarcode.com
Evaluate the risks associated with each of the applications, and then answer Misty s questions.
Encoding Denso QR Bar Code In Objective-C
Using Barcode printer for iPhone Control to generate, create QR Code image in iPhone applications.
www.OnBarcode.com
Making Code-128 In Objective-C
Using Barcode printer for iPad Control to generate, create Code 128 Code Set A image in iPad applications.
www.OnBarcode.com
Exercise
Make Code 39 In None
Using Barcode encoder for Office Word Control to generate, create Code 3 of 9 image in Office Word applications.
www.OnBarcode.com
Making Barcode In Objective-C
Using Barcode creator for iPhone Control to generate, create barcode image in iPhone applications.
www.OnBarcode.com
Answer the following questions to provide your assessment of the risks of each appli cation. 1. What risks are associated with the Teller application 2. What can be done to mitigate the risks associated with the Teller application 3. What risks are associated with the Reporting application 4. What can be done to mitigate the risks associated with the Reporting application 5. What risks are associated with the Web site 6. What can be done to mitigate the risks associated with the Web site
Lesson Summary
There is a security risk associated with calling third-party components, because you cannot be certain the code is secure and, depending on the type of compo nent, the component might be exempt from CAS checks. To limit the risk of calling unmanaged code, validate all input and output, create a managed wrapper class, and instruct users not to run your application with administrator privileges. To verify that an external DLL called by your application has not been modified, import the DLL using the absolute path to the DLL, and compare the hash of the DLL at that location to a known good hash stored in your source code.
Lesson 2: Maximizing Security for Web Services
10-11
Lesson 2: Maximizing Security for Web Services
Web services are the preferred way for applications to communicate across a network. Web services resemble standard browser-oriented Web applications, but they make it simple for a wide variety of clients to call methods on the Web service server and retrieve data that can be easily processed by the client application. Just like any Web server, a Web service requires security. Specifically, the standard security elements of authentication, authorization, and encryption should be used to protect any Web ser vice that is not intended to be publicly available. This lesson teaches how to create Web service servers and clients that take advantage of the security features built into the .NET Framework and the Web Services Enhance ments (WSE) extension.
See Also
This lesson assumes that you have experience working with Web services. If you do not, visit Microsoft s Web Services Development Center at http://msdn.microsoft.com /webser vices/.
After this lesson, you will be able to
Build a Web services server that requires authentication based on the standard .NET
Framework and a client capable of submitting credentials.
Describe the purpose of WS-Security and the capabilities it adds to standard Web ser-
vices.
Describe Web Services Enhancements (WSE) and why you might want to use it. List the most important classes provided by WSE. Use WSE to add standards-based authentication to a Web service.
Estimated lesson time: 40 minutes
How to Authenticate a Web Service Client
You can authenticate a Web service client in two ways: using the user s current credentials from her current desktop session, or using alternate credentials. To pass to the Web service the user credentials from the user s current desktop session, set the System.Web .Services.Protocols.SoapHttpClientProtocol.Credentials object to System.Net.CredentialCache .DefaultCredentials. The following code sample creates a new SoapHttpClientProtocol object based on an imaginary Web service located at http://www.northwindtraders.com /EmployeeServices, and configures the object to use the current user s credentials:
10-12
10
Improving Security When Using External Components and Services
C# VB
com.northwindtraders.www.EmployeeServices server =
new com.northwindtraders.www.EmployeeServices();
server.Credentials = System.Net.CredentialCache.DefaultCredentials;
Dim server As com.northwindtraders.www.EmployeeServices =
New com.northwindtraders.www.EmployeeServices
server.Credentials = System.Net.CredentialCache.DefaultCredentials
This code causes the user s user name and password to be added to the HTTP headers. Microsoft Internet Information Services (IIS) uses these headers for authentication in exactly the same way it authenticates a user who enters a user name and password when prompted by a Web browser. Explicitly providing credentials is only slightly more complicated. The following code sample from a console application gathers the user s credentials from command-line arguments and prepares a SoapHttpClientObject object to present those credentials:
// Prompt for a username and password
Console.WriteLine(@"Enter username in the format domain\username: );
string username = Console.ReadLine();
Console.WriteLine( Enter password: );
string password = Console.ReadLine();
// Create the Web services object
com.northwindtraders.www.EmployeeServices server =
new com.northwindtraders.www.EmployeeServices();
// Create a credentials object and assign it the user s credentials NetworkCredential credentials = new NetworkCredential(username, password); // Now, assign that value to the Web service s credentials
server.Credentials = credentials;
Copyright © OnBarcode.com . All rights reserved.