So I just read Rob Conery’s blog post on Securing Your Controller Actions in MVC. I was a little perplexed about why guys at Microsoft love to reinvent stuff they have already done. I know Rob Conery is a really smart guy and has a wonderful grasp of the .NET framework, so I would have to assume he knows about what I have outlined below. My only guess is that he just wanted to re-invent something that is already built in to the framework using his own code.

Basically what Rob did was the following, created two attributes for attaching on the MVC Controller Action:

RequiresAuthenticationAttribute

[RequiresAuthentication]public void Index () {
    RenderView(”Index”);
}

RequiresRoleAttribute

[RequiresRole(RoleToCheckFor = "Member")]public void Index () {
    RenderView(”Index”);
}

I have accomplished the same thing using an attribute that has been apart of .NET since 1.0. The attribute is called PrincipalPermissionAttribute and is part of the System.Security.Permission namespace. The best thing about it is that it is integrated in to the run time, so there is no chance of unwanted people getting through. It also accomplishes both of Robs attributes up above, plus more. Using the examples up above I will demonstrate how to use PrincipalPermissionAttribute to secure and protect your Controller Actions.

RequiresAuthenticationAttribute

[PrincipalPermission(SecurityAction.Demand, Authenticated = true)]public void Index () {
    RenderView(”Index”);
}

RequiresRoleAttribute

[PrincipalPermission(SecurityAction.Demand, Role = "Member")]public void Index () {
    RenderView(”Index”);
}

In addition if you were inclined you can restrict things to just one user name with PrincipalPermissionAttribute. So for instance if you wanted to restrict adding and removing roles and their permissions to only the username “SiteAdmin”, you would do the following.

[PrincipalPermission(SecurityAction.Demand, Name = "SiteAdmin")]public void RolesAdmin () {
    RenderView(”RolesAdmin”);
}

As you can see this is very powerful. Built in to the run time, by extending the CodeAccessSecurityAttribute, so it operates at a lower level than Rob’s solution. Only requires the use of one attribute, and throws only one exception called SecurityException.

I really hope that ASP.NET MVC doesn’t turn in to a lets-redo-everything-that-already-works framework, because they still have many issues that they need to achieve before ASP.NET MVC is usable, and focusing on things that are already implemented in the .NET framework doesn’t seem like the right course of action when developing a new offering.

Read the rest of this entry »

Tags: ASP.NET, C#, CodeAccessSecurityAttribute, MVC, PrincipalPermissionAttribute, Security, SecurityException

Posted in ASP.NET, C#, How To, Programming, Rant | | | View blog reactions | 8 Comments »

Just saw this article over at The Register about the virus turning 25.

Elk Cloner, which spread between Apple II computers via infected floppy disks, has the dubious distinction of the first computer virus1 to spread in the wild. The malware is thought to be the work of Rich Skrenta, a 15-year-old high school student from Pittsburgh, who released it in July 1982.

So when ever a fan boy starts talking about how secure OS X is, you can remind the that it was Apple that had the first unsecured computer in the world.

Tags: Apple, Security

Posted in Programming, Rant | | | View blog reactions | No Comments »

Steve Jobs must have been kicking ass and taking names. Because only 3 days after the initial release, of Apple’s Safari Web Browser for Windows that had 6 security bugs known as of this article, Apple has released an updated version, version of the Safari software. According to Engadet the following bugs have been fixed with this new release.

CVE-ID: CVE-2007-3186
Available for: Windows XP or Vista
Impact: Visiting a malicious website may lead to arbitrary code execution
Description: A command injection vulnerability exists in the Windows version of Safari 3 Public Beta. By enticing a user to visit a maliciously crafted web page, an attacker can trigger the issue which may lead to arbitrary code execution. This update addresses the issue by performing additional processing and validation of URLs. This does not pose a security issue on Mac OS X systems, but could lead to an unexpected termination of the Safari browser.

CVE-ID: CVE-2007-3185
Available for: Windows XP or Vista
Impact: Visiting a malicious website may lead to an unexpected application termination or arbitrary code execution
Description: An out-of-bounds memory read issue in Safari 3 Public Beta for Windows may lead to an unexpected application termination or arbitrary code execution when visiting a malicious website. This issue does not affect Mac OS X systems.

CVE-ID: CVE-2007-2391
Available for: Windows XP or Vista
Impact: Visiting a malicious website may allow cross-site scripting
Description: A race condition in Safari 3 Public Beta for Windows may allow cross site scripting. Visiting a maliciously crafted web page may allow access to JavaScript objects or the execution of arbitrary JavaScript in the context of another web page. This issue does not affect Mac OS X systems.

This is a nice turn around time indeed, but my heart goes out to the Safari developers because they probably worked night and day for the last 72 hours, with the watchful eye of Steve Jobs over them. Good job Apple, now get some rest.

So if you feel inclined and don’t think you already have too many web browsers:

Download Safari

Tags: Apple, Internet Browser, Safari, Security

Posted in Programming, Rant | | | View blog reactions | 1 Comment »

Apple has just released a public beta of its Safari browser for Windows yesterday. And there have been already 6 zero day exploits and many, many crashes for the browser. You can read about them here here here and here. Which makes the following image from the Apple website, borrowed from aviv.raffon.net, all the more funny.

Also Apple has the following to say under the Security tab of their website:

Security

Now you can enjoy worry-free web browsing on any computer. Apple engineers designed Safari to be secure from day one.

For starters, Safari uses robust encryption to ensure that your private information stays that way. When you browse a secure site, Safari displays a lock icon in the upper-right corner of the browser. If you want to know more about the credentials of a secure site, click the lock icon and Safari displays detailed information about the site’s security certificate.

Safari supports SSL versions 2 and 3, as well as Transport Layer Security (TLS), the next generation of Internet security. Safari uses these technologies to provide a secure, encrypted channel that protects all your information from online eavesdroppers. And Safari lets you use standards-based authentication such as Kerberos single sign-on and X.509 personal certificates, or proprietary protocols like NTLMv2 to log in to secure sites.

Safari also supports a variety of proxy protocols — services that help firewalls control what flows in and out of the network — including Automatic Proxy configuration, FTP Proxy, Web Proxy (HTTP), Secure Web Proxy (HTTPS), Streaming Proxy (RTSP), SOCKS Proxy, and Gopher Proxy.

I don’t know about you, but it’s one thing to say that you have designed your browser to be secure from day one, but it’s another to actually prove it. Apple has fallen flat on its face with this release, and I know it is only a beta, but Fire Fox and IE have both been in beta before and haven’t nearly had this many problems.

All that I have to say is when you venture out in to the Windows world Apple, where the market share is at 90% you are not protected by your small margins anymore.

Tags: Apple, Internet Browser, Microsoft, Performance, Safari, Security, Windows Vista, Windows XP

Posted in Programming, Rant | | | View blog reactions | 1 Comment »

Many developers use a pattern called ORM or Object Relation Mapping to generate data layers for their application. Many other developers choose to create their own data layers by hand. I have done both and I don’t have a preference of one over the other. With an ORM generator you have an easy to maintain data layer for your applications, when you create one by hand you have much more control of the data layer as far as object creation goes.

Most of the time a business layer will access the data layer in order to provide rules and logic to how the data objects in the data layer are accesses or relate to each other. An example of of how a business layer might relate to data layer is the following. You have a Sales table, a Products table, and a Customers table and objects for each of those in the data layer. In the business layer you may just have an object that is called Checkout that decrements the quantity in the Product table, and then combines the products and customer in the Sales table.

Data integrity is very important in applications like this, you cannot have a sale that is half complete because the revenue numbers would be off for the store. So one problem with keeping all these tables in separate objects is that it is hard to use some of the nice features that SQL provides, like Transactions.

Transactions:

A transaction is a sequence of operations performed as a single logical unit of work. A logical unit of work must exhibit four properties, called the atomicity, consistency, isolation, and durability (ACID) properties, to qualify as a transaction.

Properties of a transaction:

• Atomicity:A transaction must be an atomic unit of work; either all of its data modifications are performed, or none of them is performed.
• Consistency:When completed, a transaction must leave all data in a consistent state. In a relational database, all rules must be applied to the transaction’s modifications to maintain all data integrity. All internal data structures, such as B-tree indexes or doubly-linked lists, must be correct at the end of the transaction.
• Isolation:Modifications made by concurrent transactions must be isolated from the modifications made by any other concurrent transactions. A transaction either recognizes data in the state it was in before another concurrent transaction modified it, or it recognizes the data after the second transaction has completed, but it does not recognize an intermediate state. This is referred to as serializability because it results in the ability to reload the starting data and replay a series of transactions to end up with the data in the same state it was in after the original transactions were performed.
• Durability:After a transaction has completed, its effects are permanently in place in the system. The modifications persist even in the event of a system failure.

Creating Distributed Transactions:

A new feature introduced in the .NET Framework 2.0 is the System.Transactions namespace, which provides support for transactions across different types of transaction managers, which include data sources and message queues. The System.Transactions namespace defines the TransactionScope class, which automatically manages transactions for you.

To create and use transactions, create a TransactionScope block, and specify whether you want to create a new transaction context or enlist in an existing transaction context. You can also exclude operations from a transaction context if appropriate.

You can call multiple data layer objects, which really creates multiple database connection within the same transaction scope. The transaction scope decides whether to create a local transaction or a distributed transaction. The transaction scope, automatically promotes a local transaction to a distributed transaction if necessary, based on the following rules:

• When you create a TransactionScope object, it initially creates a local, lightweight transaction. Lightweight transactions are more efficient than distributed transactions because they do not have the overhead of the Microsoft Distributed Transaction Coordinator (DTC).
• For SQL Server 2005 databases the first connection that you open in a transaction is automatically set as a local transaction. The resource manager then works with the System.Transactions namespace and supports automatic promotion of local transactions to distributed transactions when additional connections are created in the transaction scope.
• For Non SQL Server 2005 database the first connection that you open is automatically promoted to a distributed transaction. This promotion occurs because the resource managers for these Non SQL Server 2005 databases do not support automatic promotion from local to distributed transactions.

Integrating Transactions Into Your Code
So now that we have gone over what a transaction is and the different types of transactions that .NET can use depending on the database you are connecting too. Lets get to an actual example. We will once again use our example of the Store that needs to make a sales and deduct those quantities from the database.

public class ShoppingCart
{
	public Customer Customer { get; }

	public Product[] Products { get; }

	public bool Checkout ()
	{
		try
		{
			// create the transaction scope to guarantee that all the data gets committed to the database
			using (TransactionScope scope = new TransactionScope())
			{
				// create the sale
				Sale sale = new Sale();
				sale.Customer = this.Customer;

				// save the sale to the database
				sale.Save();

				decimal cost = 0.0M;

				foreach(Product p in Products)
				{
					SaleItem item = new SaleItem();
					item.SaleId = sale.SaleId;
					item.ProductId = p.ProductId;

					// subtract one item from quantity
					p.QuantityInStock–;

					// save the product quantity update to the database
					p.Save();

					// add cost of product
					cost += p.Cost;

					// save item to database
					item.Save();
				}

				sale.Cost = cost;

				// save the sale so the cost is reflected in the database
				sale.Save();

				// commit all database changes to database
				// if complete is not called, due to an exception from the code above, the transaction is rolled back
				scope.Complete();
			}
		}
		catch (Exception exc)
		{
			Debug.Write(exc.ToString());
		}
	}
}

What is happening above is two sales commits and a commit for each product. If any of the lines above the scope.Complete() were to throw an exception the TransactionScope using block would immediately exit and the database saves would be rolled back. Like I mentioned before this is done to keep the integrity of the data in the database intact. For instance if I never made it to the part where I updated the sale.Cost the revenue for the store would be out of whack.

Stay tuned I plan on documenting more of the new features coming in .NET 3.0 and .NET 3.5. I hope this post was informative.

Tags: Framework 2.0, Microsoft, Performance, Security, SQL Server

Posted in C#, How To, Programming, SQL | | | View blog reactions | 1 Comment »

Microsoft with out much fan far released service pack 2 for SQL Server 2005. There is a whole laundry list of new features and bug fixes listed on MSDN. However one of the biggest features at least for early adopters is the support for Windows Vista both x86 and x64 versions of the operating system. This release brings with it a great new tools for Windows Vista that are not available for previous operating systems.

Download SQL Server 2005 Service Pack 2

In order to prove Microsoft is really serious about security and that UAC (User Account Control) is here to stay. They don’t automatically grant all Administrators of the machine access to SysAdmin privileges in SQL 2005. The SysAdmin privileges have to be granted on the basis of who needs them, which is common practice in any role based security. The new tool can be found at C:\Program Files (x86)\Microsoft SQL Server\90\Shared\SqlProv.exe and is pictured below. I personally welcome this added level of security and control I have over who has SysAdmin access to SQL Server. Not that I worry about my wife going in and screwing with my data, it is just nice to have control over your computer. Thank you Microsoft for you continued focus on security.

Tags: Microsoft, Security, SQL Server, Windows Vista

Posted in Programming, SQL | | | View blog reactions | 1 Comment »