Contents Overview 1 Overview of Windows 2000 Security 2 Declarative Security 24 Lab 8.1: Implementing Declarative Security 40 Programmatic Security 44 Lab 8.2: Implementing Programmatic Security 52 Setting the Identity of a Server Application 55 Lab 8.3: Assigning a COM+ Application Identity 65 Best Practices 68 Review 70 Module 8: Making Applications Secure Information in this document is subject to change without notice. The names of companies, products, people, characters, and/or data mentioned herein are fictitious and are in no way intended to represent any real individual, company, product, or event, unless otherwise noted. Complying with all applicable copyright laws is the responsibility of the user. No part of this document may be reproduced or transmitted in any form or by any means, electronic or mechanical, for any purpose, without the express written permission of Microsoft Corporation. If, however, your only means of access is electronic, permission to print one copy is hereby granted. Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. Except as expressly provided in any written license agreement from Microsoft, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property.  2000 Microsoft Corporation. All rights reserved. Microsoft, BackOffice, MS-DOS, Windows, Windows NT, Active Directory, PowerPoint, and Visual Basic are either registered trademarks or trademarks of Microsoft Corporation in the U.S.A. and/or other countries. The names of companies, products, people, characters, and/or data mentioned herein are fictitious and are in no way intended to represent any real individual, company, product, or event, unless otherwise noted. Other product and company names mentioned herein may be the trademarks of their respective owners. Module 8: Making Applications Secure i Instructor Notes This module provides students with an overview of the security features available in Microsoft ® Windows ® 2000. Students will learn how to use roles to secure COM+ applications both declaratively and programmatically. Students will also learn how to establish the identity of their COM+ server and select the appropriate level of authentication for their application. After completing this module, students will be able to: ! Describe the major security features and security models provided by the Windows 2000 platform. ! Explain how authentication and authorization works. ! Describe the authentication options available to Internet solutions based on COM+ and Internet Information Services (IIS). ! Implement declarative security by using COM+ roles. ! Implement programmatic security by using security context information. ! Assign an identity to a COM+ application. In the labs, students will secure the Purchase Order Online application declaratively by using COM+ roles. They will also implement programmatic security to determine whether a caller is a member of a particular role. Finally, they will assign an identity to a COM+ application and observe the effect of the new identity. Materials and Preparation This section provides you with the required materials and preparation tasks that are needed to teach this module. Required Materials To teach this module, you need the following materials: ! Microsoft PowerPoint ® file 1907A_08.ppt ! Module 8: Making Applications Secure ! Lab 8.1: Implementing Declarative Security ! Lab 8.2: Implementing Programmatic Security ! Lab 8.3: Assigning a COM+ Application Identity Preparation Tasks To prepare for this module, you should: ! Read all of the materials for this module. ! Complete the labs. ! Read the instructor notes and margin notes for the module. Presentation: 90 Minutes Labs: 75 Minutes ii Module 8: Making Applications Secure Demonstration This section provides demonstration procedures that will not fit in the margin notes or that are not appropriate for the student notes. Creating and Assigning a Role This demonstration shows how to create COM+ roles and to assign them to specific components, interfaces, and methods. It also shows how to add Windows 2000 group and user accounts to COM+ roles. ! To perform the demonstration 1. Open the Component Services tool and select the Purchase Order application. 2. Expand the Purchase Order application and select the Roles folder, which will initially be empty. 3. Right-click, point to New, and then select Role. 4. Enter the role name Senior Manager. Point out that role names tend to be singular, as opposed to Windows 2000 group accounts, which tend to be plural. 5. Click OK to dismiss the Role dialog box. 6. Repeat steps 2 to 5 to add a second role named Junior Manager. 7. Point out that the roles are currently defined at the application level. 8. To assign a role at the component level, select the POBusiness.bus_Order component within the Components folder. Right-click and select Properties. 9. Select the Security tab of the Properties dialog box and explain that the roles list initially displays all of the roles defined within the application (in this case, Senior Manager and Junior Manager). 10. To apply the Senior Manager role to this component, place a check mark next to the Senior Manager role. Explain that this check mark means that the caller must be a member of the Senior Manager role to access the POBusiness.bus_Order component. 11. Click OK to dismiss the Properties dialog box. 12. Now expand the Interfaces folder beneath POBusiness.bus_Order. 13. Select and then right-click the _bus_Order interface and select Properties. 14. Select the Security tab of the Properties dialog box. 15. Explain that the Senior Manager role applied at the component level has been inherited implicitly by the interface. Also explain that additional specific roles may be applied to this particular interface. Module 8: Making Applications Secure iii 16. Place a check mark next to the Junior Manager role to grant junior managers access to the _bus_Order interface. 17. Click OK to dismiss the Properties dialog box. 18. Now expand the _bus_Order interface and then expand the Methods folder. 19. Select and then right-click the Raise method and select Properties. 20. Select the Security tab of the Properties dialog box and explain that roles can be applied at the method level. In this case, because all of the roles have been granted access to the _bus_Order interface, all roles will implicitly be granted access to the Raise method. 21. Click OK to dismiss the Properties dialog box. 22. Explain that roles allow you to apply authorization policies without worrying about precisely which accounts will be a member of a particular role. An administrator typically establishes which accounts will be a member of a particular role at deployment time. 23. Select and expand the Senior Manager role within the Roles folder. 24. Select the Users folder, which will initially be empty. 25. Right-click and point to New, and then select User. 26. From the displayed dialog box, select the Senior Managers group and click Add. 27. Click OK to dismiss the dialog box. 28. Explain that you have associated the Senior Managers Windows 2000 group with the Senior Manager role. Explain that assigning Windows 2000 groups to roles is the recommended approach and as a result one tool—the Active Directory Users and Computers tool—can be used to administer both Windows 2000 and COM+ security. Assigning a COM+ Application Identity This demonstration shows how to configure a COM+ application to run by using a specific Windows 2000 user account, as opposed to using the interactively logged-on user. ! To perform the demonstration 1. Open the Component Services tool and select the Vendor Processing application. 2. Right-click and select Properties. 3. Select the Identity tab on the Properties dialog box. 4. Explain that the Interactive User is the default setting for a new application, but it should generally only be used for debugging purposes. Select the This user option and then click Browse. 5. Select VendorApp from the Select User or Group dialog box and click OK. 6. Click OK to dismiss the Properties dialog box and explain that when the application is next launched, it will run using the VendorApp user account. Explain that the access rights and permissions established for this account will affect the capabilities of the COM+ application. iv Module 8: Making Applications Secure Module Strategy Use the following strategy to present this module: ! Overview of Windows 2000 Security Discuss the Windows 2000 security model and features. While Windows 2000 is fully compatible with previous versions of Windows NT, Windows 98, and Windows 95, the security model has been enhanced considerably, notably by the introduction of the Kerberos authentication protocol and the increased emphasis on Internet-based security technologies. Review the terminology defined in the “Security Terminology and Concepts” topic, including Public Key Cryptography. Discuss how the distributed security model has been designed to support enterprise applications. Explain that security groups can be managed centrally in Active Directory to provide control over access to resources. Explain that Windows 2000 supports multiple security providers for distributed applications. Explain that Windows 2000 also provides a variety of techniques to secure an Internet-enabled COM+ application. Introduce the concepts of authentication and authorization. Explain how these concepts help to answer the two most basic security-related questions: how to prove that a user is who she claims and how to determine which users are allowed to perform particular operations. ! Declarative Security Discuss how to use roles in COM+ applications to implement an authorization policy that controls access to applications, components, interfaces, and methods. Show students how to define roles declaratively by using the Component Services tool. Let them see how COM+ manages much of the authorization process automatically. The demonstration allows you to show students how to use the Component Services tool to define roles and assign them to components and interfaces. It is also used to show how to add Windows 2000 group and user accounts to roles. ! Programmatic Security Explain that students can implement security programmatically in COM+ solutions. By using programmatic security, they can apply additional business logic to the authorization process in circumstances that demand it. ! Setting the Identity of a Server Application Explain that COM+ applications use a default application identity that matches the security settings of the currently logged-on user. The identity determines the user account under which the application will run. The identity affects the privileges and access rights that the application will possess and is also important when the application needs to access a database that cares about the identity of its users. Discuss the advantages of establishing a specific user account for running a COM+ application, rather than relying on the interactive user account. Module 8: Making Applications Secure v Discuss that it is possible to assign a different application identity to a COM+ application to meet specific security requirements. Explain how to set the identity of a COM+ application and refer to Lab 8.3 as an example of how changing the identity will affect an application. Explain that the identity of a COM+ application plays a pivotal role in the various security models. The demonstration allows you to show students how to set the identity of a COM+ application. There is a known problem when assigning an identity to an application that contains a component making a call to a queued component in another application. This scenario results in an error being logged in the Windows Event log with a source of the MSMQ Cryptography API and the queued method will not be called. The issue is currently unresolved. ! Best Practices Summarize the best practices for securing COM+ applications and mention that the practical implementation for most of these practices has been covered in the module. Note THIS PAGE INTENTIONALLY LEFT BLANK THIS PAGE INTENTIONALLY LEFT BLANK Module 8: Making Applications Secure 1 # ## # Overview ! Overview of Windows 2000 Security ! Declarative Security ! Lab 8.1: Implementing Declarative Security ! Programmatic Security ! Lab 8.2: Implementing Programmatic Security ! Setting the Identity of a Server Application ! Lab 8.3: Assigning a COM+ Application Identity ! Best Practices ! Review In this module, you will learn how to implement security in an enterprise solution. You will learn about the security features provided by Microsoft Windows 2000. You will also learn about the fundamental security concepts of authentication and authorization and how authorization policies are established for COM+ applications These policies govern which users should be permitted access to the various parts of the application and are defined by using roles. First, you will review the security features provided by Windows 2000 and will learn about the authentication options available for intranet- and Internet-based solutions. These policies govern which users should be permitted access to the various parts of the application. You will then learn how to implement role- based security and how you can assign roles declaratively and programmatically. You will also learn about the various security models that you can apply to multitier systems. Finally, you will learn about best practices that you should follow when managing security in enterprise solutions. Objectives After completing this module, you will be able to: ! Describe the major security features and security models provided by the Windows 2000 platform. ! Explain how authentication and authorization works. ! Describe the authentication options available to Internet solutions based on COM+ and Internet Information Services (IIS). ! Implement declarative security by using COM+ roles. ! Implement programmatic security by using security context information. ! Assign an identity to a COM+ application. Slide Objective To provide an overview of the module topics and objectives. Lead-in In this module, you will learn how to implement security in COM+ both declaratively and programmatically. 2 Module 8: Making Applications Secure # ## # Overview of Windows 2000 Security ! Distributed Security Model ! Public Key Cryptography ! Centralized Access Control ! Security Providers ! Authentication and Authorization ! Securing an Internet-Based Solution In this section, you will learn about the security features provided by Windows 2000. While Windows 2000 is fully compatible with previous versions of Windows NT ® , Windows 98, and Windows 95, the security model has been enhanced considerably, notably by the introduction of the Kerberos authentication protocol and the increased emphasis on Internet-based security technologies. You will learn about the distributed security model that is designed to support enterprise applications. You will then learn some of the key terminology and concepts of Windows 2000 security, including the concept of public key cryptography. You will learn how you can manage security groups centrally in Active Directory ™ to provide control over access to resources. You will also learn how Windows 2000 supports multiple security providers to support distributed applications. Finally, you will learn about the concepts of authentication and authorization. You will learn how these concepts help to answer the two most basic security- related questions: how to prove that a user is who she claims and how to determine which users are allowed to perform particular operations. This section includes the following topics: ! Distributed Security Model ! Public Key Cryptography ! Centralized Access Control ! Security Providers ! Authentication and Authorization ! Securing an Internet-Based Solution [...].. .Module 8: Making Applications Secure 3 Distributed Security Model Delivery Tip ! Mention that there is glossary of security terms in the student notes so students can review as needed to prepare for this module Windows 2000 Distributed Security Features Active Directory Integration Kerberos Authentication Secure Channels Public Key Infrastructure Smart... implement the SSPI API in a DLL called a Security Support Provider (SSP) Applications written to work with one SSP require few, if any, modifications to work with another SSP The primary SSPs available to COM+ applications are: ! NTLMSSP (NT LAN Manager SSP) ! Kerberos ! Snego (Simple Negotiation) 14 Module 8: Making Applications Secure NT LAN Manager Security Support Provider Prior to Windows 2000,... application for certificate authentication 24 Module 8: Making Applications Secure # Declarative Security ! Overview of Role-Based Security ! Implementing Role-Based Security ! Demonstration: Creating and Assigning a Role In this section, you will learn how to use roles in COM+ applications to implement an authorization policy that controls access to applications, components, interfaces, and methods... operated by the company identified in the certificate Similarly, certificates enable server applications to be confident of a client’s identity When a user connects to a Web site, the server can be assured of the client’s identity if the server receives the client’s certificate Module 8: Making Applications Secure 9 Certificate Authorities The purpose of CAs is to issue certificates used to convey... associated with the secured object to determine whether access should be granted or denied When a user is being granted access, this process also determines the exact access rights granted to the user These rights may or may not be the same as the requested access rights The above illustration shows how the access tokens are used to check security access 12 Module 8: Making Applications Secure Groups in... Directory/Active Directory Programmers Guide/Managing Groups in the Windows 2000 Platform SDK Module 8: Making Applications Secure 13 Security Providers Internet Explorer, Internet Information Server COM+ Directory enabled APPs using ADSI DCOM HTTP Authenticated RPC LDAP SSPI NTLMSSP Kerberos Snego SSPs The security requirements for applications running in an enterprise environment vary greatly, some with Internet... for interactive log on Windows 2000 supports the optional use of smart cards for interactive log on, in addition to passwords Smart cards support cryptography and secure storage for private keys and certificates Module 8: Making Applications Secure ! 5 Single Sign On The primary goal of Single Sign On (SSO) is to ensure that users only have to enter their user name and password (or use a Smart Card)... requirements by using the administrative tool For more information about authentication, see Authentication and Authorization in this module The above illustration shows the relationship between COM+ security, DCOM, and authenticated RPC Module 8: Making Applications Secure 15 Authentication and Authorization ! Authentication $ ! Determining user’s identity Authentication Levels None Connect No authentication;... components Furthermore, roles can be used to restrict access to individual interfaces and methods For more information about role-based security, see Overview of Role-Based Security in this module Module 8: Making Applications Secure 19 Securing an Internet-Based Solution ! Anonymous Authentication User Password Explicit user name IUSR_Computer0 and password Lookup Registered Users ! IIS Anonymous Authentication... application, the client would always appear as IUSR_ 20 Module 8: Making Applications Secure You can use IIS anonymous authentication with a Web-based solution that explicitly prompts the user for a user name (and password) This prompt is typically made on the Web site’s home page This information, when transmitted to the server over a secure link, can then be used for searching a database table . this module. Required Materials To teach this module, you need the following materials: ! Microsoft PowerPoint ® file 1907A_08 .ppt ! Module 8: Making Applications. of the COM+ application. iv Module 8: Making Applications Secure Module Strategy Use the following strategy to present this module: ! Overview of Windows