.Net and Windows Security Part 1

This is three part series. Following is the breakdown of this series:

1. First Part: General Windows Security Concepts
   
2. Second Part: .Net classes for handling windows security
   
3. Third Part: Sample code for adding/deleting user in windows shared folder security
   

Users and Groups

In Windows NT/2000/XP/2003 and now in VISTA every process runs in a security context. Every process is associated with a Windows Identity that is called a prinicipal. Whenever a process access a resource (file, directory, registry, event, mutex ..), principal is checked against resource's access rule. For now you can think resource's access rules as a table which identifies which user/group has which type of rights on the resource. In above line, I mentioned user/group because Windows presents notion of Group. Every user must belong to one or several groups.

Session Logon

A new Session Logon is created as soon as user logs in the system. Session contains security token. Whenever user launches a process (or process launch a new process), new process inherit security token and runs in security context of user or parent process. Windows automatically creates three session logon whenever it starts up: System Session, Local Session and Network Session.

Windows Security Identifier (SID)

Windows internally indentifies each user or group by its SID. It is a unique number and looks like a GUID, but actually this is not GUID. It has certain pattern which conforms to Security Descriptor Definition Language (SDDL). For example SID "S-1-5-21-790525478-1425521274-725345543-500" represent administrator account on my laptop. Usually SID which ends up with 500 belongs to built in administrator group. Windows has some default SIDs which are called Well-Known SIDs. Following list identifies some important Well-Known SIDs:

Anonymous Logon (S-1-5-7)		A user who has connected to the computer without supplying a user name and password.
Authenticated Users (S-1-5-11)		Includes all users and computers whose identities have been authenticated. Authenticated Users does not include Guest even if the Guest account has a password.
Everyone (S-1-1-0)		On computers running Windows XP Professional, Everyone includes Authenticated Users and Guest. On computers running earlier versions of the operating system, Everyone includes Authenticated Users and Guest plus Anonymous Logon.
Terminal Server Users (S-1-5-13)		Includes all users who have logged on to a Terminal Services server that is in Terminal Services version 4.0 application compatibility mode.

Windows Security Descriptor

Window Security Descriptor is the core of window security (at least from the developer point of view) and every resource must have security descriptor as soon as it is created. On msdn, you can find several documents explaining Win32 Security Descriptor in details. Following is the breakdown of SD structure:

• Owner SID
  
• Group (optional, adopted from posix security structure)
  
• Control Flags
  
• DACL (Discretionary access control list)
  
• SACL (System access control list)
  

DACL

DACL is the ordered list/array of Access Control Elements (ACE). ACE is basically the rights or permissions assigned to user or group. There are two type of ACE: Allow and Deny. It can be understand by a very basic example. Suppose a user has only read-allow permission on a directory. This "only read-allow" permission cannot stop him from creating a new file/directory or even from deleting the directory. For proper read only permissions, user must be given "write-deny" permission also. It is important to note that ACEs are evaluated in the order that they are stored in the DACL. Windows does not necessarily evaluate all ACEs during an access right request.

SACL

SACL is another list of ACE. In normal scenarios, developer may not need to handle this list. ACEs in SACL are used for audit permissions. For example: rights grant event should be logged or not.

Office 2007 - I’m Love’n it

Well, besides irresistible sleek user interface, Office 2007 is in true sense a developer's package. I have following point to support my statement:

1. Following OpenXml standards as well as supports MS proprietary format. So being a XML expert, I can play with package in my way.
   
2. Developer Band: Now Word and excel are not toys for only managers. Right!!
   
3. Word: Excellent support for blogging. I can write a complete blog in word and publish it to my blogging site even without going on that (I wrote this blog offline, when I was just going to sleep)
   
4. Outlook: Excellent RSS Feed functionality, you can even have full post as an attachment.
   

Happy Blogging.

Deep Serialization using MemoryStream

I found this quite easy to use MemoryStream and BinaryFormatter object to provide deep copy functionality.

For full article, please visit : http://www.c-sharpcorner.com/UploadFile/sd_surajit/cloning05032007012620AM/cloning.aspx

Following is the code snippet for quick look:

using System.IO;

using System.Runtime.Serialization.Formatters.Binary;

public Class Test : IClonable

{

public Test()

{

}

// deep copy in separeate memory space

public
object Clone()

{

MemoryStream ms = new MemoryStream();

BinaryFormatter bf = new BinaryFormatter();

bf.Serialize(ms, this);

ms.Position = 0;

object obj = bf.Deserialize(ms);

ms.Close();

return obj;

}

}

A Custom Generic Collection which has List as well as Dictionary functionality for Custom Entity Classes

I frequently need a collection which List as well as Dictionary functionality for custom entity classes. So I wrote following generic class which provides the same functionality. There is one prerequisite for this class: Custom entity class should have override function ToString() which actually returns a unique key for this collection. Following is the code for Custom class:

using System;

using System.Collections.Generic;

public
class
CC<T> : IEnumerable<T>

{

public
List<T> List = new
List<T>();

public
Dictionary<string, T> Dict = new
Dictionary<string, T>();

public
void Add(T obj)

{

List.Add(obj);

Dict.Add(obj.ToString(), obj);

}

System.Collections.IEnumerator System.Collections.IEnumerable.GetEnumerator()

{

return PRIVGetEnumerator();

}

IEnumerator<T> IEnumerable<T>.GetEnumerator()

{

return PRIVGetEnumerator();

}

private
IEnumerator<T> PRIVGetEnumerator()

{

foreach (T obj in List)

yield
return obj;

}

public
bool Contains(String key)

{

return (Dict.ContainsKey(key));

}

public
void Remove(String key)

{

Dict.Remove(key);

for (int i = 0; i < List.Count; i++)

{

if (List[i].ToString().Equals(key))

{

List.RemoveAt(i);

break;

}

}

}

public
void RemoveAt(int index)

{

Dict.Remove(List[index].ToString());

List.RemoveAt(index);

}

public T this[int index]

{

get

{

return
this.List[index];

}

set

{

List[index] = value;

if (!Dict.ContainsKey(value.ToString()))

Dict.Add(value.ToString(), value);

}

}

public T this[string key]

{

get

{

return Dict[key];

}

set

{

if (!Dict.ContainsKey(key))

{

Dict[key] = value;

List.Add(value);

}

}

}

public
void CopyTo(T[] array, int index)

{

List.CopyTo(array, index);

}

public
void AddRange(List<T> value)

{

for (int i = 0; (i < value.Count); i = (i + 1))

{

this.Add(value[i]);

}

}

public
Dictionary<string, T>.KeyCollection Keys

{

get

{

return (Dict.Keys);

}

}

public
Dictionary<string, T>.ValueCollection Values

{

get

{

return (Dict.Values);

}

}

}

Following is the example of custom entity class:

using System;

using System.Xml.Serialization;

public
class
Person

{

private
string _id = "";

///
<summary>

/// Set or Get _id

///
</summary>

[XmlElement(ElementName = "Id")]

public
string Id

{

set { this._id = value; }

get { return
this._id; }

}

private
string _FirstName = "";

///
<summary>

/// Set or Get _FirstName

///
</summary>

[XmlElement(ElementName = "FirstName")]

public
string FirstName

{

set { this._FirstName = value; }

get { return
this._FirstName; }

}

private
string _LastName = "";

///
<summary>

/// Set or Get _LastName

///
</summary>

[XmlElement(ElementName = "LastName")]

public
string LastName

{

set { this._LastName = value; }

get { return
this._LastName; }

}

public
override
string ToString()

{

return
this.Id;

}

public Person(string id, string fName, string lName)

{

this.Id = id;

this.FirstName = fName;

this.LastName = lName;

}

}

Finally, following is the code snippet which shows how we can use this custom generic class:

class
Program

{

static
void Main(string[] args)

{

CC<Person> myCC = new
CC<Person>();

myCC.Add(new
Person("1", "Tom", "Hanks"));

myCC.Add(new
Person("2", "Julia", "Roberts"));

myCC.Add(new
Person("3", "Johny", "Depp"));

myCC[1] = new
Person("2", "Orlando", "Bloom");

myCC["4"] = new
Person("4", "Leonardo", "Dacaprio");

myCC.RemoveAt(0);

foreach (Person p in myCC)

Console.WriteLine(p.FirstName);

Console.ReadLine();

}

}

Happy Movies!!!