.Net Basics & Security
|
|
- Tyler Reed
- 8 years ago
- Views:
Transcription
1 .Net Basics & Security Juli 2004 Pae 1
2 Aenda Indroduction to.net Framework Basics of C# Lanuae Hello World Sample IL-Decompilation Native Code.Net Security Model Remotin ASP.NET Web Services Juli 2004 Pae 2
3 Introduction What is.net? Microsoft.NET is a set of software technoloies for connectin information, people, systems, and devices. It s a software platform that offers a lanuae-neutral environment for writin prorams that can easily and securely interoperate..net Framework, the core component: Common Lanuae Runtime (CLR) Base Class Library (BCL) Application Hello World App BCL CLR ASP.NET ADO.NET Web-Services GC Security JIT-Compiler.NET Framework OS Windows Juli 2004 Pae 3
4 Introduction - Basic Concept Goal: x prorammin lanuae for 1 (x) platforms C#, C++, VB, Java, Perl Sourcecode compiled in Common Intermediate Lanuae (CIL) Common Lanuae Runtime (CLR) compiles CIL with JIT compiler in native code and executes it. C# C++ VB Java Perl compiled Common Intermediate Lanuae (CIL) JIT compiled Native Code executes Windows Juli 2004 Pae 4
5 Introduction.NET Framework Common Lanuae Infrastructure (CLI) Specifies the CLR and the BCL / FCL ISO Standard since Dec (ISO/IEC 23271).NET Framework 1.1 is an implementation of the CLI standard Common Intermediate Lanuae (CIL) Output from.net Compilers 240 Operation Codes are defined Codes in binary form Input for JIT Compiler Juli 2004 Pae 5
6 Introduction.NET Framework Common Lanuae Runtime (CLR) Runtime Environment for manaed.net Code Contains: - JIT-Compiler - Class Loader - Memory Manaement with Garbae Collection - Basic Classes with System Functions - Code Access Security - Type Checkin and Code Verification - Garbae Collector (GC) Base or Framework Class Library (BCL/FCL) BCL, old Name for FCL, used in Beta Versions of the.net Framework 1.0 FCL is an extension of the BCL Juli 2004 Pae 6
7 Introduction Assemblies Assembly = Unit for Distribution, Versionin + Security Sample Multi File Assembly Multi File Assembly (MFA) Modul MFA.exe Manifest Metadaten Modul M1.mod Metadaten CIL - Code CIL - Code Modul M2.mod Sound.mp3 Imae.if Metadaten CIL - Code Assembly = loical unit, Module = physical unit Juli 2004 Pae 7
8 Introduction Assemblies Sample Build-Hierarchy *.cs = Source File *.mod = Module File (Binary File with IL-Code) *.exe = Portable Executable File *.dll = Dynamic Link Library Juli 2004 Pae 8
9 C# Lanuae Basics of C# Lanuae A short overview Juli 2004 Pae 9
10 C# Lanuae Introduction C# was developed for the.net framework C# is quite similar to Java It consists of 70% Java, 10% C++, 5% VB, 15% new Features from Java Object Oriented (sinle class inheritance only) Interfaces Exceptions Threads Namespaces (like Packaes) Stron Typechecks Garbae Collection Reflection Dynamic Code Loadin Juli 2004 Pae 10
11 C# Lanuae Introduction Features from C++ Operator Overloadin Pointers (only in unsafe code) some syntactical details New Features Referenceparameters Objects (Structs) on the stack Blockmatrix Enumerations Deleates Indexers Boxin/Unboxin Versionin some more Juli 2004 Pae 11
12 Hello World Sample Hello World Sample What we need to build a Hello World proram Juli 2004 Pae 12
13 Hello World Preconditions What we need to run a.net application Computer with one of the followin OS: - MS Windows 2003 Server - MS Windows XP - MS Windows 2000 / Server - MS Windows ME - MS Windows 98 - MS Windows NT 4.0 (SP 6a) Microsoft.NET Framework Redistributable Packae - Current Version: Free download available on (23 MB) - Check if the.net Framework isn t already installed: Start -> Control Panel -> Software Juli 2004 Pae 13
14 Hello World Preconditions What we need to develop a.net application Computer with one of the followin OS: - MS Windows 2003 Server - MS Windows XP (Professional is required to run ASP.NET) - MS Windows 2000 (SP 2 recommended) Microsoft.NET Framework Software Development Kit (SDK) - Current Version: Free download available on (108 MB) - Install first the.net Framework Redistributable Packae -.NET Framework SDK and Redistributable Packae are already included in the Microsoft Visual Studio.NET 2003 Juli 2004 Pae 14
15 Hello World Developer Tools Available Developer Tools Microsoft Visual Studio.NET Borland C# Builder Borland Delphi for.net SharpDevelop - Opensource und Freeware Webmatrix for ASP.NET Juli 2004 Pae 15
16 Hello World Developer Tools Hello World Sample with Sharp Develop Juli 2004 Pae 16
17 IL - Decompilation IL - Decompilation How we can decompile IL code Juli 2004 Pae 17
18 IL-Decompilation - Tool Decompile.NET IL Code with ildasm.exe Included in.net SDK under..\microsoft.net\sdk\v1.1\bin\ildasm.exe Decompile.NET IL Code into real source code with: Anakrino (open source) Salamander $ Juli 2004 Pae 18
19 IL-Decompilation - Countermeasures Possible countermeasures Code obfuscatin IL-Code compile to native code.net Obfuscator Product Samples Dotfuscator PreEmptive Solutions $395 Demeanor for.net WiseOwl $799 Compiler Product Sample Salamander.NET Protector Remotesoft $ Juli 2004 Pae 19
20 Native Code Native Code manaed vs. unmanaed code / native calls Juli 2004 Pae 20
21 Native Code un-/manaed Code Manaed Code IL Code, Executed by the CLR Contains metadata about the code All.NET lanuaes are compiled in manaed code C++ can be compiled in manaed or unmanaed code Manaed Data Allocated and released by the CLR / Garbae Collector Access only by manaed code Unmanaed Code Native executed Code Unmanaed Data Allocated and released not by the CLR Juli 2004 Pae 21
22 Native Code un-/manaed Code Unsafe manaed code Only partial manaed by the CLR Manaed C++ code or C# code in an unsafe block is called unsafe manaed code Allows pointers Assembler code ( asm ) not allowed ->native calls Sample: unsafe public void AnUnsafeMethode(int* p) { *p = 5; } public void AMethode() { unsafe //an unsafe block { Console.Writeln(sizeof(int)); } } Juli 2004 Pae 22
23 Native Code Native Calls Native Calls C# allow calls of native functions The native code is unmanaed and not observed by the CLR! Sample: usin System.Runtime.InteropServices; class Test { [DllImport("user32.dll")] static extern int MessaeBox(int hwnd, strin txt, strin capt, int type); } void Main() { int res = MessaeBox(0, "Isn't that cool?", "", 1); } Juli 2004 Pae 23
24 Security Model.NET Security Model The mechanism and their confiuration Juli 2004 Pae 24
25 Security Model Overview Two Security Concepts Code Access Security Role Based Security real permissions Code Access Security: Permission dependin on assembly Role Based Security: Permission dependin on user role Juli 2004 Pae 25
26 Security Model CAS Code Access Security (CAS) Specify the permissions Policy Levels Assembly X Enterprise Machine User Assembly X Evidence URL Zone Publisher Hash Security Manaer PermissionSet FileIO CodeAccess Reflection Reistry Juli 2004 Pae 26
27 Security Model CAS Security Policy Level all code Nothin Zone: MyComputer SomeCaution URL: SSW Zone: Internet Internet URL: file://c:/trusted/* Full Trust Publisher: Microsoft Microsoft Publisher: Microsoft SomeCaution Microsoft (PermissionSet) FileDialoPermission:Open SecurityPermission:Execution Juli 2004 Pae 27
28 Security Model Confiuration.NET Confiuration Policy Levels PermissionSets Code Groups Juli 2004 Pae 28
29 Security Model Stack Walk Security Stack Walk Every function have to check the permissions of its callers before it accesses a particular resource. If all callers have the permission ranted, the function continues. If only one of the callers don't have the permission, an exception is thrown Juli 2004 Pae 29
30 Security Model Stack Walk Stack Walk initiation A stack walk is normally initiated by a Library which access secure critical resources. Sample: public void AMethode() { CodeAccessPermission p; p = new FileIOPermission(FileIOPermissionAccess.Read, c:\\f.txt ); p.demand(); dosomethin(); } or in a declarative way: [ FileIOPermission(SecurityAction.Demand,Read= c:\\f.txt )] public void AMethode() { dosomethin(); } Juli 2004 Pae 30
31 Security Model Stack Walk Stack Walk Modifiers Developers have the opportunity to modify the stack walk. 3 modifiers are available: - Assert: rants permission to callin code -> abort, positiv - Deny: stack walk will fail -> abort, neativ - PermitOnly: denies everythin except the specified permission -> abort, neativ Sample: static void Main(strin[] ars) { Strin f FileIOPermission p = new FileIOPermission(FileIOPermissionAccess.Write,f); p.demand(); //ok, if the necessary permissions are ranted p.deny(); p.demand(); //ok, because the Deny has no effect in the current method CheckDeny(p); //failed, because the Deny p.assert(); CheckDeny(p); //failed, because a Deny overwrites an Assert } Juli 2004 Pae 31
32 Security Model RBS Role Based Security, the second security layer Has Assembly XY the permission to access Drive C:\? Is our user allowed to access Drive C:\?.NET s abstract useridentities and roles IIdentity: Interface which represents a user IPrincipal: Interface which represents the roles Each principal belons to one identity Juli 2004 Pae 32
33 Security Model RBS Each thread belons to one principal Thread knows his principal -> principal knows his identity Use the classes PrincipalPermission and PrincipalPermissionAttribute to check the permissions: static void Methode1() { } GenericIdentity i = new GenericIdentity("testuser"); strin[] roles = { read", write"}; Thread.CurrentPrincipal = new GenericPrincipal(i, roles); Method2(); [PrincipalPermissionAttribute(SecurityAction.Demand, Name= testuser )] static void Methode2() { PrincipalPermission p = new PrincipalPermission(null, read", true); p.demand(); } Juli 2004 Pae 33
34 Security Model RBS Implementations of the Interfaces IIdentity and IPrincipal GenericIdentity / GenericPrincipal (Defaultimplementation) WindowsIdentity / WindowsPrincipal (Windows User/Roles) static void Method1() { } AppDomain.CurrentDomain.SetPrincipalPolicy( PrincipalPolicy.WindowsPrincipal); [PrincipalPermissionAttribute(SecurityAction.Demand, Name=@ TEST\user )] static void Methode2() { } //secret code CustomIdentity / CustomPrincipal (Customized Impl.) Juli 2004 Pae 34
35 Security Model RBS Chane current User Sample with Win32 Api function LoonUser: static bool SetUser(strin user, strin domain, strin pwd) { int token = 0; if(loonuser(user, domain, pw, 3, 0, out token) == false) { return false; } WindowsIdentity id = new WindowsIdentity(token); Thread.CurrentPrincipal = new WindowsPrincipal(id); return true; } Sample with Impersonate function: static void impersonateidentity(windowsidentity identity) { } identity.impersonate(); //Now the code has the operation system rihts of the user //represented by identity. Juli 2004 Pae 35
36 Remotin.NET Remotin.NET over the Network Juli 2004 Pae 36
37 Remotin - AppDomains Application Domains / Processes / Threads CLR abstracts OS-Processes and works with application domains ( virtual processes ) AppDomains are containers for assemblies One AppDomain contains one or more assemblies Juli 2004 Pae 37
38 Remotin - AppDomains Inter application domain method calls -> Remotin Method calls outside the AppDomain requires marshalin Juli 2004 Pae 38
39 Remotin Marshalin Marshalin by Reference (MBR) Remote object from class System.MarshalByReference extended Executed only in AppDomain in which it was instantiated (no copy) Client calls methods over a proxy object Client ets the proxy object by the activation Marshalin by Object (MBO) Remote object must be serializable (Attribut [Serializable]) A local copy from the remote object is instantiated Juli 2004 Pae 39
40 Remotin Architecture Remotin Architecture Juli 2004 Pae 40
41 Remotin Components Proxy Stub Offers the methods from the remote object to the client Forwards calls from client to the formatter Invokes on the server side the remote object Formatters Serialise / deserialise the data in SOAP or binary format SOAP Formatter (default HTTP Channel) Binary Formatter (default TCP Channel) Channels HTTP Channel TCP Channel Juli 2004 Pae 41
42 Remotin RO-Classification Server Activated Objects Well-Known Objects Instantiated and published by the Server Sinleton Confiuration: - one object for all clients - synchronized access - -> bad scalability - lobal state Sinle-Call Confiuration: - new object for each call - ood scalability - stateless Juli 2004 Pae 42
43 Remotin RO-Classification Client Activated Objects The client activates the object on the server Each client has its own remote object on the server Lifetime Lease is defined by the client If the lifetime is expired, the arbae collector will kill the instance Juli 2004 Pae 43
44 Remotin RO-Classification Client Activated Objects Identification Which objects belons to which client? Solved with objects identifier Below a sample of object activation and invocation of the method SayHello() : Client Server create instance of the class HelloWorld object id: CGUYrSh0zKKkbPEoLNr7P_k_1.rem create object invoke methode SayHello() from object with id: CGUYrSh0zKKkbPEoLNr7P_k_1.rem answer: Hello World invoke method SayHello Juli 2004 Pae 44
45 Remotin Security Model.NET Remotin doesn t offer an own security model All information are transferred as plain text! For a crypted channel use: IPSec and/or SSL (HTTPS) For authentication and authorisation use: ASP.NET / IIS Hostin Juli 2004 Pae 45
46 ASP.NET ASP.NET Dynamic web paes in.net / IIS Security Juli 2004 Pae 46
47 ASP.NET - Overview ASP.NET is a component of the.net framework which supports dynamic websites ASP.NET is comparable to JSP Pae sample: Lanuae= C# Debu= false %> <script runat= server > strin text = Guten ta ; void Pae_Load(Object sender, EventArs e) { int hour = DateTime.Now.Hour; if( hour < 12 ) { text = Guten Moren ; } } </script> <html><head></head><body> <p><font Face= Arial Color= blue > <%= text %> </Font></p> </body> </html> Juli 2004 Pae 47
48 ASP.NET Pae Request Pae Request cycle Parse ASPX Enine Generate Codebehind class 1. Request fo. Requests ASPX File Instantiate Gen d Pae Class Compile Response Response Pae DLL Instantiate, Process and Render Juli 2004 Pae 48
49 ASP.NET State Manaement Session State Session identifier: - Cookie - URL Rewritin User data on Server in HttpSessionState Object stored Three possibilities to store session data: - IncPro: data stored on aspnet_wp.exe process - StateServer: WinNT/2000 Service - SQLServer: Microsoft database Application State Application data stored in HttpApplicationState Juli 2004 Pae 49
50 ASP.NET Object Model ASP.NET Object Model Juli 2004 Pae 50
51 ASP.NET Authentication Four different authentication possibilities Windows Authentication - Basic Auth - Diest Auth - Interated Windows Auth (NTLM, Kerberos) Forms Authentication - Loin pae - User and password isn t checked on the server but in your own code Passport Authentication - External administration of user and passwords with a MS.NET Passport Server Client Certificate Juli 2004 Pae 51
52 ASP.NET Controls HTML server controls Objects inside a web formular Executes the actions on server side Lanuae= C# Debu= true %> <script runat= server > void Btn_Click(Object Src, EventArs E) { mylable.text = Hallo Welt"; } </script> <html> <body> <form action= test.aspx runat= server > <asp:button text= OK onclick= Btn_Click runat= server /> <asp:label id= mylable runat= server /> </form> </body> </html> Juli 2004 Pae 52
53 ASP.NET Input Validation Input Validation with controls There are five predefined controls: RequiredFieldValidation Control - It makes sure that the user inputs a value The CompareValidator Control - It compares two value The RaneValidator Control - Checks if the value is in the iven rane The ReularExpressionValidator Control - Checks if the input matches with the reular expression The CustomValidator Control - Makes it possible to write our own function which validates the input Juli 2004 Pae 53
54 ASP.NET Input Validation Sample with a ReularExpressionValidator Control: <asp:textbox id="textbox1" runat="server"/> <asp:reularexpressionvalidator id="valreex runat="server" ControlToValidate="textbox1" ValidationExpression=.*@.*\..* ErrorMessae="* Not a valid address." display="dynamic">* </asp:reularexpressionvalidator> Validation Summary Collects all the error messaes of all the non-valid controls and put them in a tidy list. <asp:validationsummary id="valsummary" runat="server" HeaderText="Errors: showsummary="true" DisplayMode="List" /> Juli 2004 Pae 54
55 Web Services Web Services Overview / Sample / Security Juli 2004 Pae 55
56 Web Services Overview SOAP (Simple Object Access Protocol) XML based protocol for data transport Uses mostly HTTP as underlyin transport protocol WSDL (Web Service Description Lanuae) Describes a web service: Available methods, Protocol, Ports.. UDDI (Universal Description, Discovery and Interation) Index of available web services DISCO (Discovery of web services) ~ UDDI Microsoft service Juli 2004 Pae 56
57 Web Services Sample ASP.NET infrastructure supports web services -> MS IIS Create file in the web folder with the extension.asmx Sample TimeService.asmx : <%@WebService Lanuae= C# Class= TimeService %> usin System.Web.Services; [WebService(Namespace= )] public class TimeService : WebService { [WebMethod (Description= Returns the current time )] public strin GetTime() { return System.DateTime.Now.ToLonTimeStrin(); } } Juli 2004 Pae 57
58 Web Services Sample Client proxy eneration based on the WSDL Use the wsdl.exe tool form the.net SDK to enerate the proxy source wsdl.exe option parameters: /l[anuae]: prorammin lanuae /n[amespace]: namespace of the enerated proxy /o[ut]: name of the enerated source file /u[sername]: username for authentication /p[assword]: password for authentication /d[omain]: domain for authentication TimeService proxy eneration sample: wsdl /n:timeclient /o:timeclientproxy.cs Juli 2004 Pae 58
59 Web Services Security Model Transport Level Security (Point to Point) Authentication and authorisation supported from IIS SSL and/or IPSec used for secure transport Application Level Security (Custom) User credentials for authentication in SOAP header SSL and/or IPSec used for secure transport Messae Level Security (End to End) SOAP Messae is encrypted Use diital sinatures (X.509 Certificates, Kerberos tickets) You can use any transport Juli 2004 Pae 59
60 Web Services Security Spec. Global Web Service Architecture (GXA) New WS security specifications Based on W3C specs. Driven by IBM, Microsoft and others Specs in standardisation process by W3C, Oasis and IETF Specs in buildin block system: WS-Security: base for all security mechanism WS-Policy: framework to define ws policies WS-Trust: trust enine which enforce the policy Web Service Enhancement 2.0 (WSE) Toolkit Partial implementation of GXA specs. Free download for MS Visual Studio.NET Juli 2004 Pae 60
61 References General references Book: Die.NET-Technoloie, dpunkt.verla 2002, ISBN Native Code Security Model (.NET vs Java Security) Juli 2004 Pae 61
62 References Remotin ASP.NET (ASP.NET vs STRUTS) Web Services Juli 2004 Pae 62
Web services can convert your existing applications into web applications.
i About the Tutorial Web services are open standard (XML, SOAP, HTTP, etc.) based web applications that interact with other web applications for the purpose of exchanging data Web services can convert
More informationCreating Form Rendering ASP.NET Applications
Creating Form Rendering ASP.NET Applications You can create an ASP.NET application that is able to invoke the Forms service resulting in the ASP.NET application able to render interactive forms to client
More informationWeb Services in.net (1)
Web Services in.net (1) These slides are meant to be for teaching purposes only and only for the students that are registered in CSE4413 and should not be published as a book or in any form of commercial
More informationIntroducing the.net Framework 4.0
01_0672331004_ch01.qxp 5/3/10 5:40 PM Page 1 CHAPTER 1 Introducing the.net Framework 4.0 As a Visual Basic 2010 developer, you need to understand the concepts and technology that empower your applications:
More informationCopyright 2012, Oracle and/or its affiliates. All rights reserved.
1 OTM and SOA Mark Hagan Principal Software Engineer Oracle Product Development Content What is SOA? What is Web Services Security? Web Services Security in OTM Futures 3 PARADIGM 4 Content What is SOA?
More informationC#5.0 IN A NUTSHELL. Joseph O'REILLY. Albahari and Ben Albahari. Fifth Edition. Tokyo. Sebastopol. Beijing. Cambridge. Koln.
Koln C#5.0 IN A NUTSHELL Fifth Edition Joseph Albahari and Ben Albahari O'REILLY Beijing Cambridge Farnham Sebastopol Tokyo Table of Contents Preface xi 1. Introducing C# and the.net Framework 1 Object
More informationHardening Security in ASP.NET Applications & Services. Rick G. Garibay
Hardening Security in ASP.NET Applications & Services Rick G. Garibay Agenda Identities & Resources Security Design & Deployment Models Gatekeepers & Gates Resource Access Models Authentication Authorization.NET
More information24 BETTER SOFTWARE MARCH 2008 www.stickyminds.com
veer images 24 BETTER SOFTWARE MARCH 2008 www.stickyminds.com Web services the foundation of today s service-oriented architecture (SOA) are self-contained, modular applications that can be described,
More informationUNIQUE Business for SaaS
UNIQUE The solution for your business with more control and security when accessin your Cloud network. UNIQUE enables secure access control of all remote desktop structures and web services in the Cloud
More informationPUTTING THE PIECES OF.NET TOGETHER. Wade Harvey 8/25/2010
PUTTING THE PIECES OF.NET TOGETHER Wade Harvey 8/25/2010 Welcome What are the obstacles? 1. There are a lot of pieces 2. The pieces are scattered out in many different places on the computer 3. Lots of
More informationSecuring Web Services Using Microsoft Web Services Enhancements 1.0. Petr PALAS PortSight Software Architect petrp@portsight.com www.portsight.
Securing Web Services Using Microsoft Web Services Enhancements 1.0 Petr PALAS PortSight Software Architect petrp@portsight.com www.portsight.com Agenda What is WSE and Its Relationship to GXA Standards
More informationIBM SPSS Collaboration and Deployment Services Version 6 Release 0. Single Sign-On Services Developer's Guide
IBM SPSS Collaboration and Deployment Services Version 6 Release 0 Single Sign-On Services Developer's Guide Note Before using this information and the product it supports, read the information in Notices
More informationUNIQUE Identity Access Management
Manaement UNIQUE Manaement The IAM solution for your company with more control and security when accessin your corporate network. UNIQUE Manaement enables secure access control of all remote desktop structures
More informationDynamic Web Programming BUILDING WEB APPLICATIONS USING ASP.NET, AJAX AND JAVASCRIPT
Dynamic Web Programming BUILDING WEB APPLICATIONS USING ASP.NET, AJAX AND JAVASCRIPT AGENDA 1. Introduction to Web Applications and ASP.net 1.1 History of Web Development 1.2 Basic ASP.net processing (ASP
More informationSecure Authentication and Session. State Management for Web Services
Lehman 0 Secure Authentication and Session State Management for Web Services Clay Lehman CSC 499: Honors Thesis Supervised by: Dr. R. Michael Young Lehman 1 1. Introduction Web services are a relatively
More informationhttp://msdn.microsoft.com/en-us/library/4w3ex9c2.aspx
ASP.NET Overview.NET Framework 4 ASP.NET is a unified Web development model that includes the services necessary for you to build enterprise-class Web applications with a minimum of coding. ASP.NET is
More informationIIS 6: The Complete Reference
IIS 6: The Complete Reference Hethe Henrickson Scott Hofmann HLllHB DarmStddt McGraw-Hill/Osborne New York Chicago San Francisco Lisbon London Madrid Mexico City urn1111 iiurnii, f H 15905980 Seoul Singapore
More informationWeb Services for Management Perl Library VMware ESX Server 3.5, VMware ESX Server 3i version 3.5, and VMware VirtualCenter 2.5
Technical Note Web Services for Management Perl Library VMware ESX Server 3.5, VMware ESX Server 3i version 3.5, and VMware VirtualCenter 2.5 In the VMware Infrastructure (VI) Perl Toolkit 1.5, VMware
More informationSecure Identity Propagation Using WS- Trust, SAML2, and WS-Security 12 Apr 2011 IBM Impact
Secure Identity Propagation Using WS- Trust, SAML2, and WS-Security 12 Apr 2011 IBM Impact Robert C. Broeckelmann Jr., Enterprise Middleware Architect Ryan Triplett, Middleware Security Architect Requirements
More information.NET Overview. David Smith. Today s s Topics. Why am I here? A tool. Microsoft s s Vision for.net
.NET Overview David Smith Microsoft Student Ambassador CS Major Michigan State University Today s s Topics Why I m I m here. Exciting Demo IssueVision What is.net? Why learn.net? Look into the Demo Old
More informationCICS Web Service Security. Anthony Papageorgiou IBM CICS Development March 13, 2012 Session: 10282
Web Service Security Anthony Papageorgiou IBM Development March 13, 2012 Session: 10282 Agenda Web Service Support Overview Security Basics and Terminology Pipeline Security Overview Identity Encryption
More informationWEB SERVICES SECURITY
WEB SERVICES SECURITY February 2008 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced in whole or in part without
More informationTIBCO Spotfire Web Player 6.0. Installation and Configuration Manual
TIBCO Spotfire Web Player 6.0 Installation and Configuration Manual Revision date: 12 November 2013 Important Information SOME TIBCO SOFTWARE EMBEDS OR BUNDLES OTHER TIBCO SOFTWARE. USE OF SUCH EMBEDDED
More informationPraktikum im Bereich Praktische Informatik Entwicklung eines Ray-Tracing Systems. computer graphics & visualization
Praktikum im Bereich Praktische Informatik Entwicklung eines Ray-Tracing Systems Organizational Weekly Assignments + Preliminary discussion: Tuesdays 15:30-17:00 in room MI 02.13.010 Assignment deadline
More informationIf you are new to.net Welcome!
526286 Ch01.qxd 9/8/03 11:55 PM Page 3 Introducing.NET and ASP.NET Chapter 1 by Bill Evjen If you are new to.net Welcome! If you are a.net Framework 1.0 veteran Welcome to.net version 1.1!.NET 1.0 was
More informationITS. Java WebService. ITS Data-Solutions Pvt Ltd BENEFITS OF ATTENDANCE:
Java WebService BENEFITS OF ATTENDANCE: PREREQUISITES: Upon completion of this course, students will be able to: Describe the interoperable web services architecture, including the roles of SOAP and WSDL.
More informationHijacking Arbitrary.NET Application Control Flow. Topher Timzen
Hijacking Arbitrary.NET Application Control Flow Topher Timzen #whoami Topher Timzen Security Researcher, Intel Security Trainer @TTimzen TopherTimzen.com Overview.NET? Runtime Attacks Modify Control Flow
More informationSoftware Requirement Specification Web Services Security
Software Requirement Specification Web Services Security Federation Manager 7.5 Version 0.3 (Draft) Please send comments to: dev@opensso.dev.java.net This document is subject to the following license:
More informationWeb Services with ASP.NET. Asst. Prof. Dr. Kanda Saikaew (krunapon@kku.ac.th) Department of Computer Engineering Khon Kaen University
Web Services with ASP.NET Asst. Prof. Dr. Kanda Saikaew (krunapon@kku.ac.th) Department of Computer Engineering Khon Kaen University 1 Agenda Introduction to Programming Web Services in Managed Code Programming
More informationChapter 1: General Introduction What is IIS (Internet Information Server)? IIS Manager: Default Website IIS Website & Application
Chapter 1: General Introduction What is IIS IIS Website & Web Application Steps to Create Multiple Website on Port 80 What is Application Pool What is AppDomain What is ISAPI Filter / Extension Web Garden
More informationDesign and Functional Specification
2010 Design and Functional Specification Corpus eready Solutions pvt. Ltd. 3/17/2010 1. Introduction 1.1 Purpose This document records functional specifications for Science Technology English Math (STEM)
More informationWEB SERVICES. Revised 9/29/2015
WEB SERVICES Revised 9/29/2015 This Page Intentionally Left Blank Table of Contents Web Services using WebLogic... 1 Developing Web Services on WebSphere... 2 Developing RESTful Services in Java v1.1...
More informationQ Lately I've been hearing a lot about WS-Security. What is it, and how is it different from other security standards?
MSDN Home > MSDN Magazine > September 2002 > XML Files: WS-Security, WebMethods, Generating ASP.NET Web Service Classes WS-Security, WebMethods, Generating ASP.NET Web Service Classes Aaron Skonnard Download
More informationTIBCO Spotfire Platform IT Brief
Platform IT Brief This IT brief outlines features of the system: Communication security, load balancing and failover, authentication options, and recommended practices for licenses and access. It primarily
More informationPassword Reset Server Installation Guide Windows 8 / 8.1 Windows Server 2012 / R2
Password Reset Server Installation Guide Windows 8 / 8.1 Windows Server 2012 / R2 Last revised: November 12, 2014 Table of Contents Table of Contents... 2 I. Introduction... 4 A. ASP.NET Website... 4 B.
More informationITDUMPS QUESTION & ANSWER. Accurate study guides, High passing rate! IT dumps provides update free of charge in one year!
ITDUMPS QUESTION & ANSWER Accurate study guides, High passing rate! IT dumps provides update free of charge in one year! HTTP://WWW.ITDUMPS.COM Exam : 70-549(C++) Title : PRO:Design & Develop Enterprise
More informationXIA Configuration Server
XIA Configuration Server XIA Configuration Server v7 Installation Quick Start Guide Monday, 05 January 2015 1 P a g e X I A C o n f i g u r a t i o n S e r v e r Contents Requirements... 3 XIA Configuration
More informationJBoss SOAP Web Services User Guide. Version: 3.3.0.M5
JBoss SOAP Web Services User Guide Version: 3.3.0.M5 1. JBoss SOAP Web Services Runtime and Tools support Overview... 1 1.1. Key Features of JBossWS... 1 2. Creating a Simple Web Service... 3 2.1. Generation...
More informationPassword Reset PRO. Quick Setup Guide for Single Server or Two-Tier Installation
Password Reset PRO Quick Setup Guide for Single Server or Two-Tier Installation This guide covers the features and settings available in Password Reset PRO version 3.x.x. Please read this guide completely
More information.NET and J2EE Intro to Software Engineering
.NET and J2EE Intro to Software Engineering David Talby This Lecture.NET Platform The Framework CLR and C# J2EE Platform And Web Services Introduction to Software Engineering The Software Crisis Methodologies
More information.NET Overview. Andreas Schabus Academic Relations Microsoft Österreich GmbH andreas.schabus@microsoft.com http://blogs.msdn.
Based on Slides by Prof. Dr. H. Mössenböck University of Linz, Institute for System Software, 2004 published under the Microsoft Curriculum License.NET Overview Andreas Schabus Academic Relations Microsoft
More informationJVA-561. Developing SOAP Web Services in Java
JVA-561. Developing SOAP Web Services in Java Version 2.2 A comprehensive look at the state of the art in developing interoperable web services on the Java EE 6 platform. Students learn the key standards
More informationFEATURE COMPARISON BETWEEN WINDOWS SERVER UPDATE SERVICES AND SHAVLIK HFNETCHKPRO
FEATURE COMPARISON BETWEEN WINDOWS SERVER UPDATE SERVICES AND SHAVLIK HFNETCHKPRO Copyright 2005 Shavlik Technologies. All rights reserved. No part of this document may be reproduced or retransmitted in
More informationApplication Development,.NET
Application Development,.NET Orsys, with 30 years of experience, is providing high quality, independant State of the Art seminars and hands-on courses corresponding to the needs of IT professionals. Orsys
More informationUser Identification (User-ID) Tips and Best Practices
User Identification (User-ID) Tips and Best Practices Nick Piagentini Palo Alto Networks www.paloaltonetworks.com Table of Contents PAN-OS 4.0 User ID Functions... 3 User / Group Enumeration... 3 Using
More information7.1. Remote Access Connection
7.1. Remote Access Connection When a client uses a dial up connection, it connects to the remote access server across the telephone system. Windows client and server operating systems use the Point to
More informationWeb Services. Distributed Object Systems 11. Web Services, SOAP and NET. Web Applications. Web Services. Web services vs Distributed Objects
Distributed Object Systems 11 Web Services, SOAP and NET Piet van Oostrum Web Services Some Definitions A Web Service is a software system designed to support interoperable machine-to-machine interaction
More informationCore Feature Comparison between. XML / SOA Gateways. and. Web Application Firewalls. Jason Macy jmacy@forumsys.com CTO, Forum Systems
Core Feature Comparison between XML / SOA Gateways and Web Application Firewalls Jason Macy jmacy@forumsys.com CTO, Forum Systems XML Gateway vs Competitive XML Gateways or Complementary? and s are Complementary
More informationDeveloping Java Web Services
Page 1 of 5 Developing Java Web Services Hands On 35 Hours Online 5 Days In-Classroom A comprehensive look at the state of the art in developing interoperable web services on the Java EE platform. Students
More informationJava Web Services Training
Java Web Services Training Duration: 5 days Class Overview A comprehensive look at the state of the art in developing interoperable web services on the Java EE 6 platform. Students learn the key standards
More informationCode Access Security. 2006 newtelligence AG. Revision: 1.0.1. Michael Willers (michaelw@newtelligence.com)
Code Access Security 2006 newtelligence AG Revision: 1.0.1 Author: Michael Willers (michaelw@newtelligence.com) newtelligence AG, Gilleshütte 99, 41352 Korschenbroich i 1 Introduction... 1 2 Concept of
More informationOkta/Dropbox Active Directory Integration Guide
Okta/Dropbox Active Directory Integration Guide Okta Inc. 301 Brannan Street, 3rd Floor San Francisco CA, 94107 info@okta.com 1-888- 722-7871 1 Table of Contents 1 Okta Directory Integration Edition for
More informationAn Introduction to.net for the J2EE Programmer
An Introduction to.net for the J2EE Programmer Jeroen Frijters Sumatra Software b.v. jeroen@sumatra.nl http://weblog.ikvm.net/ Jeroen Frijters An Introduction to.net for the J2EE Programmer Page 1 Overview.NET
More informationSecurity in the Microsoft.NET Framework. An Analysis by by Foundstone, Inc. and CORE Security Technologies
Security in the Microsoft.NET Framework An Analysis by by Foundstone, Inc. and CORE Security Technologies Security in the Microsoft.NET Framework An Analysis by Foundstone, Inc. and CORE Security Technologies
More informationA Web Services Created Online Training and Assessment Scheme
International Journal of Current Engineering and Technology E-ISSN 2277 4106, P-ISSN 2347 5161 2015 INPRESSCO, All Rights Reserved Available at http://inpressco.com/category/ijcet Research Article Md Mobin
More informationEnabling single sign-on for Cognos 8/10 with Active Directory
Enabling single sign-on for Cognos 8/10 with Active Directory Overview QueryVision Note: Overview This document pulls together information from a number of QueryVision and IBM/Cognos material that are
More informationSecurity IIS Service Lesson 6
Security IIS Service Lesson 6 Skills Matrix Technology Skill Objective Domain Objective # Configuring Certificates Configure SSL security 3.6 Assigning Standard and Special NTFS Permissions Enabling and
More informationA standards-based approach to application integration
A standards-based approach to application integration An introduction to IBM s WebSphere ESB product Jim MacNair Senior Consulting IT Specialist Macnair@us.ibm.com Copyright IBM Corporation 2005. All rights
More informationHow To Write A Report In Xbarl
XBRL Generation, as easy as a database. Christelle BERNHARD - christelle.bernhard@addactis.com Consultant & Deputy Product Manaer of ADDACTIS Pillar3 Copyriht 2015 ADDACTIS Worldwide. All Rihts Reserved
More informationEnabling SSL and Client Certificates on the SAP J2EE Engine
Enabling SSL and Client Certificates on the SAP J2EE Engine Angel Dichev RIG, SAP Labs SAP AG 1 Learning Objectives As a result of this session, you will be able to: Understand the different SAP J2EE Engine
More informationMulti Factor Authentication API
GEORGIA INSTITUTE OF TECHNOLOGY Multi Factor Authentication API Yusuf Nadir Saghar Amay Singhal CONTENTS Abstract... 3 Motivation... 3 Overall Design:... 4 MFA Architecture... 5 Authentication Workflow...
More informationCross-platform IL code manipulation library for runtime instrumentation of.net applications
Cross-platform IL code manipulation library for runtime instrumentation of.net applications master thesis subject for Markus Gaisbauer (0256634) in cooperation with dynatrace software GmbH July 5, 2007
More informationPass4Sure.MB2-701_90Q&A. MB2-701 Extending Microsoft Dynamics CRM 2013
Pass4Sure.MB2-701_90Q&A Number: MB2-701 Passing Score: 800 Time Limit: 120 min File Version: 16.02 http://www.gratisexam.com/ MB2-701 Extending Microsoft Dynamics CRM 2013 I have corrected few questions
More informationCreating and Consuming XML Web Services
Creating and Consuming XML Web Services Creating and Consuming XML Web Services Objectives Understand the motivation and standards for XML Web Services. Create and test an XML Web Service in Visual Studio.NET.
More informationSingle Sign-On Implementation Guide
Salesforce.com: Salesforce Winter '09 Single Sign-On Implementation Guide Copyright 2000-2008 salesforce.com, inc. All rights reserved. Salesforce.com and the no software logo are registered trademarks,
More informationApigee Gateway Specifications
Apigee Gateway Specifications Logging and Auditing Data Selection Request/response messages HTTP headers Simple Object Access Protocol (SOAP) headers Custom fragment selection via XPath Data Handling Encryption
More informationGetting started with OWASP WebGoat 4.0 and SOAPUI.
Getting started with OWASP WebGoat 4.0 and SOAPUI. Hacking web services, an introduction. Version 1.0 by Philippe Bogaerts Philippe.Bogaerts@radarhack.com www.radarhack.com Reviewed by Erwin Geirnaert
More informationBlackBerry Enterprise Service 10. Secure Work Space for ios and Android Version: 10.1.1. Security Note
BlackBerry Enterprise Service 10 Secure Work Space for ios and Android Version: 10.1.1 Security Note Published: 2013-06-21 SWD-20130621110651069 Contents 1 About this guide...4 2 What is BlackBerry Enterprise
More informationColligo Engage Windows App 7.0. Administrator s Guide
Colligo Engage Windows App 7.0 Administrator s Guide Contents Introduction... 3 Target Audience... 3 Overview... 3 Localization... 3 SharePoint Security & Privileges... 3 System Requirements... 4 Software
More informationSymantec Enterprise Security Manager Baseline Policy Manual for CIS Benchmark
Symantec Enterprise Security Manager Baseline Policy Manual for CIS Benchmark For Windows Server 2008 Domain Controllers Version: 3.0.0 Symantec Enterprise Security Manager Baseline Policy Manual for
More informatione-gov Architecture Service Interface Guidelines
1 Introduction... 4 2 Mandatory Standards... 5 2.1 WSDL... 5 2.1.1 Service Definition Layer... 5 2.1.2 Binding Layer... 6 2.2 SOAP... 7 2.3 UDDI... 8 2.3.1 Different types of UDDI registries... 8 2.3.2
More informationAmbientes de Desenvolvimento Avançados
Ambientes de Desenvolvimento Avançados http://www.dei.isep.ipp.pt/~jtavares/adav/adav.htm Aula 17 Engenharia Informática 2006/2007 José António Tavares jrt@isep.ipp.pt 1.NET Web Services: Construção de
More informationTransport Layer Security Protocols
SSL/TLS 1 Transport Layer Security Protocols Secure Socket Layer (SSL) Originally designed to by Netscape to secure HTTP Version 2 is being replaced by version 3 Subsequently became Internet Standard known
More information70-536VB:.NET Framework 2.0 - Application Development Foundation Course Introduction
70-536VB:.NET Framework 2.0 - Application Development Foundation Course Introduction 8m Module 01 - Working with Data Types Working with Data Types Working with Value Types Making Your Own Structures Using
More informationMS Enterprise Library 5.0 (Logging Application Block)
International Journal of Scientific and Research Publications, Volume 4, Issue 8, August 2014 1 MS Enterprise Library 5.0 (Logging Application Block) Anubhav Tiwari * R&D Dept., Syscom Corporation Ltd.
More informationWeb Services Platform Guide
Web Services Platform Guide Copyright NetSuite, Inc. 2005 All rights reserved. August 8, 2006 This document is the property of NetSuite, Inc., and may not be reproduced in whole or in part without prior
More informationAd Hoc Transfer Plug-in for Outlook Installation Guide
IPSWITCH TECHNICAL BRIEF Ad Hoc Transfer Plug-in for Outlook Installation Guide In This Document Installing the Ad Hoc Transfer Plug-in for Outlook...1 Silent Install for Ad Hoc Transfer Plug-in for Outlook...3
More informationMEALS2SHARE Neighborhood Home Cooked Food Sharing Web Application
Grand Valley State University ScholarWorks@GVSU Technical Library School of Computing and Information Systems 2015 MEALS2SHARE Neighborhood Home Cooked Food Sharing Web Application Isha Singh Grand Valley
More informationTridion R5. Business Connector Guide 5.2 SP1
Tridion R5 Business Connector Guide 5.2 SP1 Business Connector Guide 5.2 SP1 Revision CM_BC_52SP1 1999-2007 Tridion Development Lab BV NOTICE: The accompanying software package is confidential and proprietary
More informationmultiple placeholders bound to one definition, 158 page approval not match author/editor rights, 157 problems with, 156 troubleshooting, 156 158
Index A Active Directory Active Directory nested groups, 96 creating user accounts, 67 custom authentication, 66 group members cannot log on, 153 mapping certificates, 65 mapping user to Active Directory
More informationContents. Client-server and multi-tier architectures. The Java 2 Enterprise Edition (J2EE) platform
Part III: Component Architectures Natividad Martínez Madrid y Simon Pickin Departamento de Ingeniería Telemática Universidad Carlos III de Madrid {nati, spickin}@it.uc3m.es Introduction Contents Client-server
More informationAuthor: Gennaro Frazzingaro Universidad Rey Juan Carlos campus de Mostòles (Madrid) GIA Grupo de Inteligencia Artificial
Simple Implementation of a WebService using Eclipse Author: Gennaro Frazzingaro Universidad Rey Juan Carlos campus de Mostòles (Madrid) GIA Grupo de Inteligencia Artificial Contents Web Services introduction
More informationStreamServe Persuasion SP4 Service Broker
StreamServe Persuasion SP4 Service Broker User Guide Rev A StreamServe Persuasion SP4 Service Broker User Guide Rev A 2001-2009 STREAMSERVE, INC. ALL RIGHTS RESERVED United States patent #7,127,520 No
More informationWeb Services Security: OpenSSO and Access Management for SOA. Sang Shin Java Technology Evangelist Sun Microsystems, Inc. javapassion.
Web Services Security: OpenSSO and Access Management for SOA Sang Shin Java Technology Evangelist Sun Microsystems, Inc. javapassion.com 1 Agenda Need for Identity-based Web services security Single Sign-On
More information.NET Security JASON BOCK, PETE STROMQUIST, TOM FISCHER, AND NATHAN SMITH
.NET Security JASON BOCK, PETE STROMQUIST, TOM FISCHER, AND NATHAN SMITH .NET Security Copyright 2002 by Jason Bock, Pete Stromquist, Tom Fischer, and Nathan Smith All rights reserved. No part of this
More informationASP &.NET. Microsoft's Solution for Dynamic Web Development. Mohammad Ali Choudhry Milad Armeen Husain Zeerapurwala Campbell Ma Seul Kee Yoon
ASP &.NET Microsoft's Solution for Dynamic Web Development Mohammad Ali Choudhry Milad Armeen Husain Zeerapurwala Campbell Ma Seul Kee Yoon Introduction Microsoft's Server-side technology. Uses built-in
More informationA Comparison of Web Development Technologies: WebObjects vs. ASP.NET
A Comparison of Web Development Technologies: WebObjects vs. ASP.NET By: Adnan Al-Ghourabi Chairman: Dr. Axel Schreiner Reader: Dr. James Heliotis Department of Computer Science Rochester Institute of
More informationMicrosoft Corporation. Project Server 2010 Installation Guide
Microsoft Corporation Project Server 2010 Installation Guide Office Asia Team 11/4/2010 Table of Contents 1. Prepare the Server... 2 1.1 Install KB979917 on Windows Server... 2 1.2 Creating users and groups
More informationSecret Server Installation Windows Server 2012
Table of Contents Introduction... 2 ASP.NET Website... 2 SQL Server Database... 2 Administrative Access... 2 Prerequisites... 2 System Requirements Overview... 2 Additional Recommendations... 3 Beginning
More informationRun-time Service Oriented Architecture (SOA) V 0.1
Run-time Service Oriented Architecture (SOA) V 0.1 July 2005 Table of Contents 1.0 INTRODUCTION... 1 2.0 PRINCIPLES... 1 3.0 FERA REFERENCE ARCHITECTURE... 2 4.0 SOA RUN-TIME ARCHITECTURE...4 4.1 FEDERATES...
More informationMicrosoft Solutions for Security and Compliance Microsoft Identity and Access Management Series
Microsoft Solutions for Security and Compliance Microsoft Identity and Access Management Series Developing Identity-Aware ASP.NET Applications 2006 Microsoft Corporation. This work is licensed under the
More informationCOMPARISON OF SOAP BASED TECHNOLOGIES:.NET REMOTING AND ASP.NET WEB SERVICES
JOURNAL OF AERONAUTICS AND SPACE TECHNOLOGIES JULY 2006 VOLUME 2 NUMBER 4 (23-28) COMPARISON OF SOAP BASED TECHNOLOGIES:.NET REMOTING AND ASP.NET WEB SERVICES Güray Turkish Air Force Academy Computer Engineering
More informationTable of Contents. Introduction...9. Installation...17. Program Tour...31. The Program Components...10 Main Program Features...11
2011 AdRem Software, Inc. This document is written by AdRem Software and represents the views and opinions of AdRem Software regarding its content, as of the date the document was issued. The information
More informationWeb Security (SSL) Tecniche di Sicurezza dei Sistemi 1
Web Security (SSL) Tecniche di Sicurezza dei Sistemi 1 How the Web Works - HTTP Hypertext transfer protocol (http). Clients request documents (or scripts) through URL. Server response with documents. Documents
More informationIBM WebSphere ILOG Rules for.net
Automate business decisions and accelerate time-to-market IBM WebSphere ILOG Rules for.net Business rule management for Microsoft.NET and SOA environments Highlights Complete BRMS for.net Integration with
More informationEnhancing your Web Experiences with ASP.NET Ajax and IIS 7
Enhancing your Web Experiences with ASP.NET Ajax and IIS 7 Rob Cameron Developer Evangelist, Microsoft http://blogs.msdn.com/robcamer Agenda IIS 6 IIS 7 Improvements for PHP on IIS ASP.NET Integration
More informationLesson 4. An survey of the impact on and use of Web Services in the industry today. Industry 4.1. Industry. 2004 SkillBuilders, Inc. V1.
Industry 4.1 Lesson 4 Industry An survey of the impact on and use of Web Services in the industry today. SKILLBUILDERS Industry 4.2 4.2 Lesson Objectives What companies are using it? Popular SOAP Implementations.NET
More informationSymantec Indepth for. Technical Note
Symantec Indepth for Microsoft.NET postinstallation and configuration Technical Note Symantec Indepth for Microsoft.NET postinstallation and configuration Copyright 2006 Symantec Corporation. All rights
More informationA Java proxy for MS SQL Server Reporting Services
1 of 5 1/10/2005 9:37 PM Advertisement: Support JavaWorld, click here! January 2005 HOME FEATURED TUTORIALS COLUMNS NEWS & REVIEWS FORUM JW RESOURCES ABOUT JW A Java proxy for MS SQL Server Reporting Services
More informationAmbientes de Desenvolvimento Avançados
Ambientes de Desenvolvimento Avançados http://www.dei.isep.ipp.pt/~jtavares/adav/adav.htm Aula 19 Engenharia Informática 2004/2005 José António Tavares jrt@isep.ipp.pt 1 Web services 2 1 Base Line & Emerging
More information