Saturday, January 10, 2009

To understand the Windows Security

There are many references existing in MSDN to talk about Windows Security. Some of them are for the new users, but some of them are for experienced users or even programmers. Moreover, they explain the concepts in different ways for different version of Windows or .NET Framework. It's still frustrating to search through all those documents and check them one by one.

During search the fundamental comprehensive documents, I found this link is quite useful:
[MS-SECO]: Windows Security Overview
Not only you can learn the overall fundamental knowledge of Windows security online, but you can aslo download the whole topics in PDF format from the link side to read offline.

Actually, when you go upper level of the we site, you will find that link provides many documents for all Windows protocols:
Windows Protocols

And Microsoft keeps updating those documents!

Thursday, January 8, 2009

Reference links about "Role-Based Security, Principal, and Identity" of .NET Framework

Here are some basic important links to explain the security concepts of Windows.


.NET Securiy Overview (Althought it applies to .NET Framework 1.1)
http://msdn.microsoft.com/en-us/library/aa302422.aspx

Security Policy Model:
http://msdn.microsoft.com/en-us/library/ck90k585.aspx

Security Permissions:
http://msdn.microsoft.com/en-us/library/5ba4k1c5(VS.80).aspx
  1. Code Access Permissions: http://msdn.microsoft.com/en-us/library/h846e9b3(VS.80).aspx

  2. Identity Permissions: http://msdn.microsoft.com/en-us/library/d3wktt6a(VS.80).aspx

  3. Role-Based Security Permissions: http://msdn.microsoft.com/en-us/library/7sxk9k2h(VS.80).aspx

What is "Principal"?
http://msdn.microsoft.com/en-us/library/axt6w9h8(VS.80).aspx

Principal and Identity Objects:
http://msdn.microsoft.com/en-us/library/ftx85f8x(VS.80).aspx

The principal object encapsulates:
  • An identity object: .NET Framework identity objects represent users.
  • A role: Roles represent membership and securiy contexts. A SecurityContext object captures all security-related information for a logical thread, including the information contained in the WindowsIdentity and CompressedStack objects.
.NET Framework application grant rights to the principal based on its identiy or, more commonly, its role membership.

What is "Evidence"?
http://msdn.microsoft.com/en-us/library/7y5x1hcd(VS.80).aspx

Security Context:
http://msdn.microsoft.com/en-us/library/system.security.securitycontext(VS.80).aspx

Credentials Management:
http://msdn.microsoft.com/en-us/library/aa374789(VS.85).aspx

Tuesday, December 30, 2008

Interoperating with COM - Using COM from the .NET Framework (5)

How to Implement Callback Functions

Sometimes, you need to implement a function inside a managed application for unmanaged function to call to complete the task. That is a "Callback" function.

Calls to a callback function pass indirectly from a managed application, through a DLL function, and back to the managed implementation. Basically, you create a callback function in your managed application, and then call the DLL function with passing a pointer to the callback function as an argument.


Callback functions are ideal for use in situations in which a task is performed repeatedly. For example, The EnumWindows function enumerates through all existing windows on your computer, calling the callback function to perform a task on each window:

//One clue that this function requires a callback is the presence of the lpEnumFunc argument. It is common to see the lp (long pointer) prefix combined with the Func suffix in the name of arguments that take a pointer to a callback function.
BOOL EnumWindows(WNDENUMPROC lpEnumFunc, LPARAM lParam)

Simple steps:
  1. Create a function to handle callback task.
  2. Create a delegate for this function.
  3. Create a prototype for the COM unmanaged function, and specify the delegate as the callback function argument.
  4. Call the COM unmanaged function.
Example:
using System;
using System.Runtime.InteropServices;
//step 2
public delegate bool CallBack(int hwnd, int lParam);
public class EnumReportApp
{
//step 3
[DllImport("user32")]
public static extern int EnumWindows(CallBack x, int y);
public static void Main()
{
//step 4
CallBack myCallBack = new CallBack(EnumReportApp.Report);
EnumWindows(myCallBack, 0);
}
//step 1
public static bool Report(int hwnd, int lParam)
{
Console.Write("Window handle is ");
Console.WriteLine(hwnd);
return true;
}
}
For more information, please refer to MSDN:
Callback Functions
How to: Implement Callback Functions

Sunday, December 28, 2008

Interoperating with COM - Using COM from the .NET Framework (4)

How to Pass Structures to unmanaged functions

When you called unmanaged functions in managed code, you might need to pass structures as parameters. Typically, the CLR controls the physical layout of the data fields of a class or structure in managed memory. However, sometimes, you might need to specify the layout of a structure when passing it, and you can do that by using the StructLayout and FieldOffset attributes. (Both are in the namespace "System.Runtime.InteropServices")

Whe using StructLayout attribute, the LayoutKind.Sequential is used to force the data members to be laid out sequentially in the order they appear. You also can use LayoutKind.Explicit to control precise position of each data member by applying FieldOffset attribute to each data member. If you want to give CLR full cotrol of the layout and the sequence of the fields, you can use LayoutKind.Auto instead.

Here is an example:
using System.Runtime.InteropServices;

[StructLayout(LayoutKind.Sequential)]
public struct Point{
public int x;
public int y;
}

[StructLayout(LayoutKind.Explicit)]
public struct Rect{
[FieldOffset(0)]public int left;
[FieldOffset(4)]public int top;
[FieldOffset(8)]public int right;
[FieldOffset(12)]public int bottom;
}

class Example()
{
[DllImport("user32.dll")]
public static extern bool PtInRect(ref Rect r, Point p);
}

Here is the reference link from MSDN about StructLayoutAttribute:
http://msdn.microsoft.com/en-us/library/system.runtime.interopservices.structlayoutattribute.aspx

Thursday, December 25, 2008

Interoperating with COM - Using COM from the .NET Framework (3)

How to Call Unmanaged DLLs Using DLLImport

Except adding a reference to unmanaged DLLs in Visual Studio, you also can import an unmanaged DLL programmatically.

Using (C#) or Imports (VB.NET) System.Runtime.InteropServices namespace and then use the DllImport attribute to import an unmanaged DLL.

Here is a sample in C# (from MSDN):
using System;
using System.Runtime.InteropServices;

class Example
{
// Use DllImport to import the Win32 MessageBox function.
[DllImport("user32.dll")]
public static extern int MessageBox(IntPtr hWnd, String text, String caption, uint type);

static void Main()
{
// Call the MessageBox function using platform invoke.
MessageBox(new IntPtr(0), "Hello World!", "Hello Dialog", 0);
}
}
Also, you can use DLLImportAttribute's fields to have more control of the external functions. For example, if you want to call the MessageBox function using the new method name, you can specify the new function name using the EntryPoint property.

using System;
using System.Runtime.InteropServices;

class Example
{
// Use DllImport to import the Win32 MessageBox function.
[DllImport("user32.dll", EntryPoint = "TestMessageBox")]
public static extern int MessageBox(IntPtr hWnd, String text, String caption, uint type);

static void Main()
{
// Call the TestMessageBox function using platform invoke.
TestMessageBox(new IntPtr(0), "Hello World!", "Hello Dialog", 0);
}
}
For more information about DLLImportAttribute members, please visit here: http://msdn.microsoft.com/en-us/library/system.runtime.interopservices.dllimportattribute_members.aspx

Interoperating with COM - Using COM from the .NET Framework (2)

How to Import a Type Library Using the Type Library Importer (Tlbimp.exe)

You can use the Type Library Importer (Tlbimp.exe) to create an interop assembly which will allow your .NET application to use a type defined in it.

How to use Tlbimp.exe:
  1. Open a Visual Studio Command Prompt (under the "Visual Studio Tools" menu of the "Start" menu)
  2. Use "Tlbimp.exe /?" or "Tlbimp /help" to see the usage message.
  3. Sample:
    Tlbimp.exe C:\test\MSO9.dll (By default, it will generate the file base on the name of the type library contained within the original COM dll file.)
    Tlbimp.ee C:\test\MSO9.dll /out:NewNameOffice.dll (Or you can use /out to specify the name of output file.)
  4. The namespace of the imported library uses the same name as that of the library from which it was created by default. You can use this to change the namespace:
    Tlbimp.exe MSO9.dll /namespace:MyNewNameSpace

After you create the new assembly dll by using Tlbimp.exe, you can then add a reference to it and use the types just as you would use a native .NET Framework type.

For more information about Tlbimp.exe, you can visit here: http://msdn.microsoft.com/en-us/library/tt0cf3sx.aspx

Monday, December 22, 2008

Interoperating with COM - Using COM from the .NET Framework (1)

How to Add a Reference to a COM Library or Type Library

COM libraries contain classes, methods, and types.
COM types are defined in a type library which can be a stand-alone .tlb file or can be embedded in a .dll, .exe, .ocx, or .olb file.

The easiest way to access a COM library or type library file in . NET framework application is to add a reference to it from Visual Studio, and then you can use the methods in it.
  1. Open your project or create a new project in Visual Studio.
  2. Go to "Project" menu, click "Add Reference". (Or right-click "References" folder of your project, and select "Add Reference".)
  3. Click "COM" tab, and select a COM component from the list
  4. Or you can click "Browse" tab to select a file. Then click OK.
After you add a reference to the COM component, Visual Studio will automatically create a assembly version of that COM file with Interop.*.dll name. For example, if you add MSO9.dll (Microsoft Office 9.0 Object Library) to the reference, VS will create a Interop.Office.dll, while "Office" is the namespace of the COM file.

Moreover, you can see the new reference in your References folder of your project. You can double-click it to open it in Object Browser to see its namespace, methods, classes...etc.