70-536 MCTS .NET Instrumentation Chapter10 #17

Hey Now,

Studying for the 7-536 Microsoft exam & made some note for Chapter 10 on Instrumentation.

Later,

Catto

Chapter 10 Instrumentation

Lesson 1 Logging Events

Instrumentation = Logging & measuring what happens on in apps.

The windows event log mechanisms is a convenient for devs to record info that maybe useful to users

Many ways to log info, but the event log mechanism provides a clean, way to handle the task.

Use the source property of the Eventlog to define where info is from

Use the EventLogEntryType to specify what type of entry the output will be

Primary object for interacting with the event log system is the EventLog class in the System.Diagnostics namespace

Although the Eventlog class provides functionality it uses many resources & should be used judiciously

Many security vulnerabilities can be raised when using EventLog objects. Avoid using them in partial trust environments

Use the Clear method to remove all entries in an event log

The Message property of the EventLogEntry is used to read back the info that was written to the EventLog object.

Lesson 2 Debugging & Tracing

The debug & trace classes are tools devs can use to examine execution of apps

Write, Writeline, Writeif & WriteLineIf methods all can be used to send output to attached listener objects

The Assert method of the Debug & Trace classes can be used to test a condition of code

Listener objects are used as receptacles for debug & trace info

If no listener object is specified, the DefaultTraceListener is used

XMLTraceListener can be used to output details in XML format

The TraceSource class allows the dev to specify info about the source of the trace info

The TraceSwitch allows the dev to manipulate every aspect of the TraceSource class.

Lesson 3 Monitoring Performance

A Process is an executing app with a unique identifier to differentiate from other processes.

The Start method of the Process class allows apps to be started programmatically. The GetProcesses method of the Process class returns info on all running processes on pc. GetProcessByName or GetProcessByID can be used to get a single process info.

To pass values into the constructor of the Main method, command line arguments can be specified.

The StackTrace object provides detailed info about the state of execution for an app. StackFrame objects make up the StackTrace object. StackFrame objects are intended to support the .NET framework & should not be used directly.

Because String objects reference types. There is a potential security risk when storing passwords. SecureString class is used to store sensitive data.

PerformanceCounter objects are mechanisms that allow specific measurements of an app resource utilization.

Lesson 4 Detecting Management Events

WMI is a component of the Windows OS that provided monitoring functionality

EventQuery class is used in .NET to represent a WMI query

Win32_Service object can be use to query info about windows services

ManagementQuery base class is used a foundation of all management query objects.

The ManagementObjectSearcher is used to query system resources though WMI

Chapter 10 Summary

Windows Event logging is an excellent way to record info on apps.

Debug & Trace classes allow info to be tracked

Listener Objects provide a location Debug & Trace output

Windows Management Instrumentation WMI & the System.Management namespace provide a framework for querying on system resources.

DebuggerVizualizerAttribute & DebuggerPRoxyType are new attributes in VS05 to help debug.

70-536 .NET MCTS Security Section #16

Hey Now Everybody,

This is some content from the security section from the 70-536 MS .NET exam. I’ve been studing this, please take a look & feel free to comment.

Thx,

Catto

5. Improving the security of the .NET Framework by security features

1. You are developing an internal Windows Forms-based inventory management application. One form you have created has a control named managerControl that should be visible only if users are a member of the CONTOSO\Managers group. Which of the following code segments is the most effective way to implement this?

' VB

Dim user As WindowsPrincipal = New WindowsPrincipal(WindowsIdentity.GetCurrent)

If user.IsInRole("CONTOSO\Managers") Then

managerControl.Visible = True

Else

managerControl.Visible = False

End If

Explanation: Ch 12 Lesson 3

The best way to make decisions based on group memberships is to create a WindowsPrincipal object and call WindowsPrincipal.IsInRole. In this example, you should make the managerControl visible if the user is part of the CONTOSO\Managers group.

You should use PrincipalPermission.Demand only when you want to halt processing if the user does not meet security requirements, because the method call throws an exception. Although you could catch the exception, using an If statement is better programming style.

Although this code sample correctly calls WindowsPrincipal.IsInRole, it makes the control visible if the user is NOT a member of the CONTOSO\Managers group.

You should use PrincipalPermission.Demand only when you want to halt processing if the user does not meet security requirements, because the method call throws an exception. Although you could catch the exception, using an If statement is better programming style. Additionally, it makes the control visible if the user is NOT a member of the CONTOSO\Managers group.

1. Which of the following declarations would cause the runtime to throw an exception if the assembly lacked permission to print to the LPT1 port?

' VB

<Assembly:PrintingPermission(SecurityAction.RequestMinimum)>

Explanation: CH 11 Lesson 3

Use the PrintingPermissionAttribute to declare printing permission requirements. In this case, you should specify SecurityAction.RequestMinimum to cause the runtime to throw an exception if the assembly does not have permission to print.

The .NET Framework provides PrintingPermissionAttribute. Use FileIOPermissionAttribute when you need to declare permissions for the file system. Additionally, you cannot specify a specific port in this way.

1. You are writing an internal application. Your IT department is responsible for defining permissions that different groups have to the configuration files your application uses. They have provided you the

following requirements:

• * Members of the Administrators group can modify the file and its permissions.
• * Members of the Power Users group can edit the file, but cannot change its permissions.
• * Members of the Users group can view the file, but cannot edit it.
• * Guests cannot read or edit the file.
• Which of the following code samples efficiently creates a file with the proper permissions?
  • ' VB
  • Dim fs As FileSecurity = New FileSecurity
  • fs.AddAccessRule(New FileSystemAccessRule(New NTAccount("Administrators"), FileSystemRights.FullControl, AccessControlType.Allow))
  • fs.AddAccessRule(New FileSystemAccessRule(New NTAccount("Power Users"), FileSystemRights.Modify, AccessControlType.Allow))
  • 
    
  • fs.AddAccessRule(New FileSystemAccessRule(New NTAccount("Users"), FileSystemRights.Read, AccessControlType.Allow))
  • fs.AddAccessRule(New FileSystemAccessRule(New NTAccount("Guests"), FileSystemRights.FullControl, AccessControlType.Deny))
  • System.IO.File.Create("config.xml", 1000, FileOptions.None, fs)
• Explanation: Ch 12 Lesson 2
• To create a file with the specified permissions, you need to add four access rules to a FileSecurity object: Administrators with FullControl, Power Users with Modify, Users with Read, and Guests with FullControl/Deny.
• This code sample grants the Guests group the right to Delete the file. Although they will not be able to view or edit the file, Guests will still be able to remove the file. Additionally, while you can add both an Allow and Deny permission for Power Users, this is not the most efficient way to prevent Power Users from modifying privileges. Instead, you can simply specify the Modify permission.
1. Which of the following code samples imperatively demands that the current user is a member of the local Users group? (Choose all that apply.)

' VB

System.AppDomain.CurrentDomain.SetPrincipalPolicy(PrincipalPolicy.WindowsPrincipal)

Dim myPerm As PrincipalPermission = New PrincipalPermission(Nothing, "Users", True)

myPerm.Demand()

' VB

System.AppDomain.CurrentDomain.SetPrincipalPolicy(PrincipalPolicy.WindowsPrincipal)

Dim myPerm As PrincipalPermission = New PrincipalPermission(Nothing, "BUILTIN\Users", True)

myPerm.Demand()

Explanation: Ch 11 Lesson 3

To perform an imperative security demand for membership in a built-in Microsoft Windows group, you must first set the default principal policy to the Windows principal by calling

SetPrincipalPolicy(PrincipalPolicy.WindowsPrincipal). Then construct a PrincipalPermission object specifying the group name. To specify the group name, you can provide just the group name, or you can preface the group name with either "BUILTIN\" or the computer name and a backslash. Finally, call the PrincipalPermission.Demand method.

If you do not set the principal policy to the Windows principal by calling SetPrincipalPolicy(PrincipalPolicy.WindowsPrincipal), imperative security checks will fail.

1. You are writing a method for internal use within your organization. Per instructions from your IT department, only users who are members of the domain group CONTOSO\Developers should be able to run your method. Which of the following code samples would prevent users who are not members of the Developers domain group from running your method?

' VB

Dim i As WindowsIdentity = WindowsIdentity.GetCurrent

Dim currentPrincipal As WindowsPrincipal = New WindowsPrincipal(i)

If Not currentPrincipal.IsInRole("CONTOSO\Developers") Then

Throw New SecurityException("You must be a Developer")

End If

Explanation: Ch 12 Lesson 1

To check which domain groups a user is in, create a WindowsPrincipal object based on WindowsIdentity.GetCurrent(). Then check WindowsPrincipal.IsInRole using just the domain name, a backslash, and the group name.

WindowsIdentity does not have an IsInRole method. Instead, you should create a WindowsPrincipal object. Additionally, you must prepend the domain name to the group name when using WindowsPrincipal.IsInRole to determine domain group memberships.

1. You are writing a method for internal use within your organization. Per instructions from your IT department, only users who are members of the local Administrators group should be able to run your method. Which of the following code samples would prevent users who are not members of the local Administrators group from running your method?

' VB

Dim i As WindowsIdentity = WindowsIdentity.GetCurrent

Dim currentPrincipal As WindowsPrincipal = New WindowsPrincipal(i)

If Not currentPrincipal.IsInRole("Administrators") Then

Throw New SecurityException("You must be an Administrator")

End If

Explanation: Ch12 Lesson 1

To check which groups a user is in, create a WindowsPrincipal object based on WindowsIdentity.GetCurrent(). Then check WindowsPrincipal.IsInRole using just the group name. When testing for built-in roles, use WindowsBuiltInRole.

WindowsIdentity does not have an IsInRole method. Instead, you should create a WindowsPrincipal object. Additionally, you should not prepend LOCAL\ to the group name when using WindowsPrincipal.IsInRole.

1. Which of the following If statements correctly identifies whether the current assembly has permission to read the C:\Boot.ini file?

' VB

If SecurityManager.IsGranted _

(New FileIOPermission(FileIOPermissionAccess.Read, "C:\Boot.ini")) Then

Explanation: Ch 11 Lesson 3

Use SecurityManager.IsGranted to imperatively determine whether the current process has a specific permission.

You must provide a Permission object to SecurityManager.IsGranted. You cannot provide a FileIOPermissionAccess enumeration.

SecurityManager.CheckExecutionRights only determines whether the process must have System.Security.Permissions.SecurityPermissionFlag.Execution to execute.

1. You are writing an application that analyzes database information and creates an XML summary. All users in the Contoso domain should be able to view the report. Additionally, members of the Domain Admins group should be able to modify or delete the file.

Which of the following code samples creates a text file with the proper permissions?

' VB

Dim admins As NTAccount = New NTAccount("CONTOSO", "Domain Admins")

Dim users As NTAccount = New NTAccount("CONTOSO", "Domain Users")

Dim adminsRule As FileSystemAccessRule = New FileSystemAccessRule(admins, FileSystemRights.FullControl, AccessControlType.Allow)

Dim usersRule As FileSystemAccessRule = New FileSystemAccessRule(users, FileSystemRights.Read, AccessControlType.Allow)

Dim fs As FileSecurity = New FileSecurity

fs.AddAccessRule(adminsRule)

fs.AddAccessRule(usersRule)

System.IO.File.Create("summary.xml", 1000, FileOptions.None, fs)

Explanation: Ch 12 Lesson 2

First you should create an instance of NTAccount for the user or group that you need to add an access control entry for. Then create an instance of FileSystemAccessRule with the account, the file system rights, and the access control type. Next create a FileSecurity instances and add the access rule to the FileSecurity instance. Finally, create your file using one of the overloaded constructors that allows specifying file security.

You cannot add rules to an instance of FileSecurity using the FileSecurity constructor.

This code sample incorrectly grants Read access to Domain Admins, and grants Full Control access to Domain Users.

This code sample grants the Domain Users group the ReadPermissions access level, which allows them to view the permissions assigned to a file but not to open the file as the requirements demand.

1. You need to establish a Secure Sockets Layer (SSL) session with a remote server. The security policy at our organization requires you to validate the server's SSL certificate. Which of the following code samples most efficiently validates the certificate?

' VB

Sub Main()

Dim client As TcpClient = New TcpClient("www.contoso.com", 443)

Dim sslStream As SslStream = New SslStream(client.GetStream, False, _

AddressOf ValidateServerCertificate, Nothing)

' TODO: Communicate with server

sslStream.Close()

End Sub

Public Function ValidateServerCertificate(ByVal sender As Object, ByVal _

certificate As X509Certificate, ByVal chain As X509Chain, ByVal _

sslPolicyErrors As SslPolicyErrors) As Boolean

If sslPolicyErrors = sslPolicyErrors.None Then

Return True

End If

Return False

End Function

Explanation: Ch 12 Lesson 1

To validate a certificate, use the overloaded SslStream constructor that allows you to provide a RemoteCertificateValidationCallback delegate. In the delegate, which must accept several parameters to match the delegate signature, return true if the certificate is valid or false if the certificate is not valid.

1. Your IT department has requested your assistance. They have asked you to write a console application that analyzes the C:\Boot.ini file to determine whether it is properly configured. The IT department will deploy your tool with administrative privileges, and you want to minimize the risk that the application will be abused to perform another task. Which of the following attributes would you use to minimize the security risk by limiting the assembly's privileges so that it can only access the C:\Boot.ini file?

' VB

<Assembly: FileIOPermissionAttribute(SecurityAction.RequestOptional, Read := "C:\boot.ini")>

Explanation: Chapter 11 Lesson 3

For declarative security attributes, use SecurityAction.RequestOptional to list only CAS permissions your application should have. Additionally, you might want to use SecurityAction.RequestMinimum to cause the runtime to throw an exception if the assembly lacks the required permission.

SecurityAction.PermitOnly cannot be used in declarative attributes.

SecurityAction.RequestMinimum causes the runtime to throw an exception if the runtime lacks the listed permissions. However, it does not cause the runtime to reduce the assembly's permissions.

1. Per instructions from your IT department, you need to configure your application's configuration file with the following security settings:

* Users must be able to read, but not modify, the configuration file.

* Administrators must be able to edit the configuration file.

* An event must be added to the event log each time an administrator modifies the file.

Which of the following code samples correctly creates a FileSecurity object to meet these requirements?

' VB

Dim a As NTAccount = New NTAccount("Administrators")

Dim u As NTAccount = New NTAccount("Users")

Dim ar1 As FileSystemAccessRule = New FileSystemAccessRule(a, FileSystemRights.FullControl, AccessControlType.Allow)

Dim ar2 As FileSystemAccessRule = New FileSystemAccessRule(u, FileSystemRights.Read, AccessControlType.Allow)

Dim ar3 As FileSystemAuditRule = New FileSystemAuditRule(a, FileSystemRights.Modify, AuditFlags.Success)

Dim fs As FileSecurity = New FileSecurity

fs.AddAccessRule(ar1)

fs.AddAccessRule(ar2)

fs.AddAuditRule(ar3)

Explanation: Ch 12 Lesson 2

You need to create two instances of FileSystemAccessRule to create the Discrectionary Access Control Lists (DACLs) for Administrators and Users, and one instance of FileSystemAuditRule to create the System Access Control List (SACL) for Administrators.

You cannot create an instance of FileSystemAccessRule to enable auditing. You must use FileSystemAuditRule.

You must call FileSecurity.AddAccessRule to add instances of type FileSystemAccessRule, and FileSecurity.AddAuditRule to add instances of type FileSystemAuditRule.

1. You are writing an internal application. Your IT department is responsible for defining permissions that different groups have to the registry keys your application uses. IT has requested only a single change to the default registry permissions: they want the Guests local group to be explicitly denied all access.

Which of the following code samples properly sets the permissions to the HKEY_CURRENT_USER\Software\MyApp key?

' VB

Dim g As NTAccount = New NTAccount("Guests")

Dim rar As RegistryAccessRule = New RegistryAccessRule(g, RegistryRights.FullControl, AccessControlType.Deny)

Dim rs As RegistrySecurity = New RegistrySecurity()

rs.AddAccessRule(rar)

Dim rk As RegistryKey = Registry.CurrentUser.OpenSubKey("Software\MyApp", True)

rk.SetAccessControl(rs)

rk.Close()

Explanation: Ch 12 Lesson 2

To modify registry permissions, first create a RegistryAccessRule instance with the correct permissions. Then create a RegistrySecurity instance, and add the access rule. Finally, create an instance of RegistryKey and call the RegistryKey.SetAccessControl method.

Setting the hive using Registry.Users is incorrect; the requirements specify that you should use Registry.CurrentUser for the HKEY_CURRENT_USER hive.

You cannot create an instance of RegistryKey using a RegistryHive because the runtime cannot automatically perform the conversion.

You cannot create an instance of RegistryKey using a RegistryHive because the runtime cannot automatically perform the conversion. Additionally, you need to specify AccessControlType.Deny.

• You are creating an assembly that needs to store private data to the disk. To protect the private data, you are encrypting it using asymmetric encryption. Below are the tasks you should perform to create & store a private encryption key.

1. Create a CSParameters object

2. Specify the CspParameters KeycontainerName properly

3. Create an RSACryptoServiceProvider object using the overloaded constructor the

4. Set the RSACryptoServiceProvider.PersistKeyInCsp property to true

• Explanation Ch12 Lesson 3:
• To store private keys persistently, you must create a CspParameters object, specify the CspParameters.KeyContainerName property, use that CspParameters object to create an RSACryptoServiceProvider object, and then set the RSACryptoServiceProvider.PersistKeyInCsp property to true.
• You cannot use the blank RSACryptoServiceProvider constructor and then later define the CspParameters object. You must specify the CspParameters object during the RSACryptoServiceProvider construction.
• You do not need to set the RSACryptoServiceProvider.ExportParameters property to true. chapter 5 stuff
• You need to modify MS Windos access control security for a namesd mutex. Below are the selected tasks that you’d perform to modify Windows access control security for a named mustex:

1. Create an instance of the Mutex class
2. Create an instance of the MutexSecurity class using Mutex.GetAccessControl()
3. Add access rules to the MutexSecurity class
4. Call Mutex.SslAccessControl()

• Explanation Ch 12 Lesson 2:
• To modify Windows access control security for a named mutex, use the Mutex.GetAccessControl method to get the MutexSecurity object. Modify the security object by adding and removing rules, and then use the Mutex.SetAccessControl method to reattach it.
• The following is the order the security policies are applied to your assembly:
  • Enterprise
  • Machine
  • User
  • Application Domain
  • Explanation: Ch 11 Lesson 1
    • The Enterprise level is the highest security policy level, describing security policy for an entire enterprise. Enterprise security policy can be configured by using the Active Directory directory ser
    • Machine policy, the second security policy level, applies to all code run on a particular computer. User policy is the third level, and it defines permissions on a per-user basis. The runtime evaluate
    • Enterprise, Machine, and User levels separately, and it grants an assembly the minimum set of permissions granted by any of the levels (known as the intersection of the permission sets). Finally, the runtime evaluates the Application Domain security policy.
• Tls – Tls is the SslProtocol enumeration will you specify when you are creating a service that accepts incoming SSL connections. All valid clients will be based on the .NET Framework 2.0 You want to ensure that only the most secure communications will be allowed, however, all clients must be able to connect to your service.
  • SslProtocols.Tls is the most secure conection protocol supported by .NET Framework 2.0 & clients.
  • SslProtocols.Ssl3 & SslProtocols. Ssl2 have been superseded by SslProtocols.Tls
  • SslProtocols.Default allows both SSL 3.0 & TLS 1.0 communications . In the case it is not necessary to allow SSL 3.0 communications.
• The internet permission set is in effect because the runtime applies the most restrictive set of permissions. The internet permission set is more restrictive than the Everything or the FullTrust permission.
• DSACryptoServiceProvider – class is the class you can use to sign a message with a digital signature & prove that the message originated from an office.
  • DSACryptoServiceProvider provides asymmetric digital signatures, which is the best way to prove that a message is genuine.
  • MD5 & SHA256 are hashing algorithms, which you can use to generate a unique key based on the contents of a file.
  • RijndaeManaged, DES, RC2 & TripleDes are all symmetric encryption classes.
  • RSACryptoServiceProvider provides asymmetric encryption it cannot be used to sign messages.
• RijndaeManaged symmetric cryptography class valid key lengths:
  • 256 bits
  • 128 bits
    • The RijndaeManaged class can use key lengths of 128 through 256 bits in 32-bit increments
• You have written an app that specifies SACLs on a registry key so that events will be added to the Security event log if a user modifies a value. What else do you need to do to enable auditing?
  • 1 Open the Local Security Policy console
  • 2. Expand Local Policies & select Audit Policy
  • 3 Set Audit Object Access to Success
    • Object auditing is disabled by default because it negatively affects system performance, However, you must enable it uing the Local Security Policy or a domain Group Policy object for file oor registry auditing to occur. The requirements state that you want an event logged if a user successfully modifies a key so you should set the Audit Object Acess policy to Success.
    • Setting the Audit Object access to Failure would only log unsuccessful attemplss to modify the registry key which would not meet the requirements.
• Caspol-machine –addfulltrust App.exe – is the command that adds the App.exe assembly to the full trust list for the machine policy.
  • use the machine & addfulltrust arguments with the Caspol.exe command-line tool to add an assembly to the full trust list for the machine policy.
  • The user argument adds the assembly to the user full trust list, not the machine full trust list
  • You cannot use the addgroup argument to add an assembly to the full trust list.
• Caspol.exe – is the tool that you would use to examine and modify code access security policies from a batch file.
  • You can use the Code Access Security Policy tool (Caspol.exe) to examine & modify Machine User & Enterprise level code access security policies. Although the .NET Framework Configuration tool is the most convenient tool to use for manual configuration, Caspol provides similar functionality at the command line or within a batch file.
  • Use StoreAdm.exe to manage isolated storage
  • Use Sn.exe to manage strong names
  • Use GacUtil.exe to manage the global assembly cache
• The following classes provide symmetric encryption:
  • TripleDes
  • RC2
  • RijndaeManaged
  • DES
    • RijndaeManaged, DES, RC2 & TripleDes are all semmetric encryption classes.
    • DSACryptoServiceProvider provides asymmetric digital signatures
    • RSACryptoServiceProvider provides asymmetric encryption
• The following classes you could use to create a unique identifier for a file:
  • MD5
  • SHA256
    • MD5 & SHA256 are hashing algorithms, which you can use to generate a unique key based on the contents of a file.
    • RijndaeManaged, Des, RC2 & TripleDes are all symmetric encryption classes
    • DSACryptoServiceProvider provides asymmetric digital signatures
    • RSACryptoServiceProvider provides asymmetric encryption
• AES – You are creating an SslStream object to transfer data encrypted access a network. You want to use the most secure encryption protocol available. Of the types available in the CipherAlgorithmType enumeration which should you choosse? AES
  • Of the options fiven, AES is the most secure encryption algorithm.
  • MD5 is a hashing algorithm and is not part of the CipherAlgorithmType enumeration
• DES – is the System Security Cryptography class that would indicate that the dev was using weak encryption that could potentially be cracked in a short amount of time
  • The Data Encryption Standard (DES) is a symmetric encryption algorithm that uses relatively short key lengths that are vulnerable to creacking attacks. For that reason it should be avoided.
  • RijndaeManaged an implementation of Advanced Encryption Standard (AES) is a strong government encryption standard & is the only .NET Framework symmetric encryption class that is fully managed. All other encryption classes call unmanaged code. Decause of this RijndaeManaged is the preferred choice when your app will be running in a partially trusted environment.
  • RC2 is an ecryption standard designed to replace DES that uses variable key sizes. It is more secure than DES
  • Triple=DES is the .NET Framework implementation of the Triple Des (3DES) symmetric encryption algorithm it essentially applies the DES algoritym three times. It is approximately twice s strong as standard DES
• ZoneMembershipCondition class - would be used to test whether an assembly was located on the intranet.
  • The ZoneMembershipCondition class determines whether an assembly belongs to a code group by testing its zone. To test for the intranet zone, create an instance of ZoneMembershipConditoin using the SecureZone.Intranet enumeration.
  • The GacMembershipCondition class determines whether an assembly belongs to a code group by testing its global assembly cache membership
  • The SiteMembershipCondition class determines whether an assembly belongs to a code group by testing the site from which it originated.
  • The Url MembershipConditio class determines whether an assembly =belongs to a code griop by testing its URL. While the function is very similar , use UrlMembershipcondition for assemblies rretrieved using HTTP.
• Execution – is the permission set that provides the fewest privileges while still allowing an assembly to run.
  • The Executio permission set enables an assembly to run while granting no additional permissions.
  • The mInternet permission set grants a restricted set of permissions to an assembly. Generally you can run an assembly with this permission set with very little risk. Even malicious assemblies should not be able to cause any seriouse damage when run with this permission set. Howeever, the internet permission set does grant privileges beyond those provided by the Executios permission set.
  • Local Intranet permission set grants a generous set of permissions to assemblies, including the ability to print & access the event log.
  • The Nothing permission set grants no permission to an assembly. thie assembly will not even be allowed to run.
  • The FullTrust permission set exempts an assembly from CAS permission checks.
• What classes or interfaces would you use to implement most efficiently the custom user management system?
  • GenericPrincipal
  • GnericIdentity
    • Using WindowsIdentity and WindowsPrincipal would require an Active Directory domain
    • You could implement Identity & IpPrincipal, but that would require writing more code than it would if you used GenericIdentity & CenericPrincipal
• FullTrust – is the permission set that provides the best performance
  • The FullTrust permission set examples an assembly from CAS permission checks, which improves performance.
  • All other permission sets require the runtime to perform security checks, which has a performance impact.
• CodeAccessPermissionPermitOnly – you would use to limit the permissions available to a portion of a method by declaring only the permission the code segment should have.
  • Use CodeAccessPermission.PermitOnly to imperatively reduce permissions when a section of a method requires fewer permissions than the rest of the method. This is particularly important when calling objects created by third parties.
  • SecurityActionPermitOnly declarations limit the permissions available to a method by specifying only the permissions the method should have SecurityAction.PermistOnly is similar to CodeAccessPermissions.PermitOnly, except it is declarative rather than imperative.
  • SecurityAction.Deny declarations refine the permissions available to a method by eliminating specific named permissions. It cannot be used imperatively
  • Use CodeAccesspermission.Assert when you want to allow partially trusted code to call a method that requires permission the caller might lack.
• The following asymmetric encryption scenarios you woulud need to store a key pair:
  • Signing documents to prove authenticity
  • Storing an encrypted file for later retrieval
  • Storing encrypted data in a database
    • You must store a key pair any time a file is going to be decrypted at a later date. Without the key pair decryption cannot occur. When signing documents, you must store the key pair so that the key pair can be used to validate the signature later.
    • You do not need to store a key pair when transferring encrypted data across a network. In the circumstance, you can destroy the keys after the network communication has completed.
• The following identifies the username of the security context in which the current assembly is running:
  • System.Environment.UserName
  • System.Environment.GetEnvironmentVariable(username”)
    • You can retrieve the current username w/ System.Environment.UserNmae or Systme.Environment.GetEnvironmentVariable(“username”). Of those two, you should choose the System.Environment.UserName whenever possible.
    • System.Environment.UserDomainName retrieves the domain name
    • WindowsIdentity.GetCurrent() retrieves both the domain & login name
    • System.Environment.GetEnvironmentVariable(userdomain) retrieves the domain name
• ApplicationDirectoryMembershipCondition – class you would use to test whether an assembly was located in a specific folder.
  • The pplicationDirectoryMembershipCondition class determines whether an assembly belongs to a code group by testing its application directory
  • The GacMembershipCondition class determines whether an assembly belongs to a code group by testing its globacl assembly cache membershiop
  • The SiteMembershipCondition class determines whether an assembly belongs to a code group by testing the site from which it originated.
  • The UrlMembershipCondition class determines whether an assembly belongs to a code group by testing its URL> while the function is very similar use UrlMembershipCondition for assemblies retrieved using HTTP
• IApplicationTrustManager is the interface you would implement if you need to create a custom trust manager to enable your organi9zation to use custom logic when determining whether a .NET app should be executed & which permissions should be granted to the application.
  • Trust managers musth implement the IApplicatinTrustManager interface. The host calls the DetermineApplicationTrust method in the trust manager to determine whether an app should be executed & which permissions should be granted to the app.
  • IMembershipCondition defines the teest to determine whether a code assembly is a member of a code group. wheile
• DSACryptoServiceProvider – class provides asymmetric digital signatures.
  • DSACryptoServiceProvider provides asymmetric digital signatures
  • RSACryptoServiceProvider provides asymmetric encryption, it does not provide digital signatures
  • RijndaeManaged, DeES, RC2 & TripleDES asre all symmetric encryption classes.
• The following permissions are available with the Internet permission set:
  • Open the File dialog box
  • Store a file in isolated storage
    • Assemblies running with the Internet permission set do have the right to open the File dialog box or store a file in isolated storage
    • Assemblies running with the Internet permission set do not have the right to examine environment variables, analyze performance counters or send requests to Web sites.
• SslStream.IsMutuallyAuthenticated method – can be used to checkm when you need to establish a Secure Sockets Layer (SSL) session with a remote server. The security policy at your organization requires both the client & the sever to provide a valid certificate for authentication before communication begin.
  • SslStream.IsMutallyAuthenticated gets a Boolean value that indicates whether both the server & client have been authenticated.
  • SslStream.IsSigned gets a Boolean value that indicates whether the data sent using the stream is signed. It does not indicate whether both the client & server were authenticated.
  • SslStream.IsServer gets a Boolean value that indicates whether the local side of the connection used by the SslStream was authenticated as the server. It does not indicate whether both the client & server were authenticated.
  • SslStream.IsAuthenticated gets a Boolean value that indicates whether authentication was successful. It does not indicate whether both the client & server were authenticated.
  • SslStream.IsEncrypted gets a Boolean value that indicates whether the SslStream uses data encryption. It does not indicate whether both the client & server were authenticated.
• IMembershipCondition interface is what you would want to implement when you need to override the standard logic used to determine whether an assembly is a member of a code group.
  • IMembershipCondition defines the test to determine whether a code assembly is a member of a code group.
  • Trust mangers must implement the IAppicationTrustManager interface. The host calls the DetermineApplicationTrust method in the trust manager to determine whether an app should be executed & which permissions should be granted to the app. You cannot use IApplicationTrustManager to alter the logic used to determine whether an assembly is a member of a code group.
  • IIdentifyPermissionFactory is used to provide custom identity permission logic. You cannot use IIdentityPermissionFactory to alter the logic used to determine whether an assembly is a member of a code group
  • IIDentity is an identity object that represents the user. It might be uses as evidence, however you cannot use IIdentity to alter the logic used to determine whether an assembly is a member of a code groiup.
• RijndaeManaged symmetric cryptography class should be used when you are creating an assembly & need to encrypt data.

SQL Server Management Studio Hotkeys ShortcutKeys Most Used

Hey Now,

This is the list of SQL Server Management Studio Hotkeys / Shortcut keys which are most useful in my opinion. Often there are hotkey lists that has so many, here we have a list of the top O(n) to increase our productivity.

The SQL Saturday #16 is in South FLA is this weekend & I'm out of town so won't be attending. The event triggered me to write this post which is an attempt place some quality SSMS content public.

SSMS Hotkeys Top O(n)
1. F8 Object Explorer - We are always searching servers, tables & sp's

2. T-SQL in Query Window - We are always executing & checking syntax in a Query window.
a F5 Execute
b Cntl + F5 parse to check syntax

3. Tab Navigation - I'm a tabbed browserer
a Ctrl+Tab Tab Switcher
b Alt+F, C Close Tab
c Ctrl+Shift+Tab reverse Tab Switcher

4. Using Stored Procedures - When a stored proc is highlighted in Object explorer
a Right Click, Y Modify SP from object explorer (right click button between right alt & right Ctrl)
b Right Click, E Execute SP from object explorer

5. Ctrl + N Open new Query Window - nuff said

6. -- Comments -- How to comment / uncomment quickly
a Cntl + K, Cntl + C - Comment highlighted rows
b Cntl + K, Cntl + U - uncomment selected row or rows

7 Open Table in Design View - Design view is user friendly sometime helps
a right click o open table
b right click table in object explorer
c '08 e for edit
'05 o for open table
d Ctrl+1, Ctrl+2, Ctrl+3 opening dialog, Criteria, SQL panes

8 right click x Execute (in design view)

9 Alt+F, Enter -- Connect to Server - Always have to connect to a server

10 Full Screen classic studio hotkey combo Enjoy full screen it's stream lined
a Shift + Alt + Enter Full Screen
b Alt U Non Full Screen

11 Ctrl + Alt + L Open Solution Explorer

12 Alt + V, L = Template explorer SSMS '08 it's a nice resource for us

13 Scripting - IWe have to script many things such as tables sp's Here is how when the item is selected in object explorer
right click, s,
a, c To script stored procs to clipboard

14 Ctrl-Shift-A / Alt-Shift-A: add new item to project

15 Cntl + M Include Actual Execution Plan - great to refine & speedup T-SQL

16 F4 properties not used much for me in ssms but vs very often

The next post regarding SSMS has to involve some more T-SQL since it is the best feature of SQL Server IMHO.

Bye 4 now!
Catto

Windows 7 Top Features - Win7

Hey Now,
Windows 7 is now in RTM & I’ve been enjoying using the RC’s & beta’s for a few months. There are many new features in Windows 7 so let’s take a look at a few of the best that we’ll use.

1. Performance
2. Screen Captures
3. Taskbar / Jumplists
4. Rotating Desktop Pix
5. Snap Windows in Half
6. Wireless Networks


1. Performance – I wish I has some technical proof but all that I’ve read & heard is that the performace is better. Where I feel the OS is greatly imporved is the startup, shutdown, restart, hibernate speeds. I’m always hibernating my notebook & I really like how fast it boots up now compared to vista after while it’s hibernated like a bear.

2. Screen Cap (Problem Steps Recorder & snipping tool )
Problem Steps Recorder – This to me is very slick & useful. Great for help desks for details on issues & creating training documentation. It’s a screen capture application built into Windows 7 where a user click start, then performs any task on the PC, then clicks stop, selects a folder to store the file into. The file will include an easily readable MHTML file which can be viewed in a browser. The file will include so much information such as keystrokes, screenshots, slideshow & other information such as date & system info.
The Snipping tool easily screen captures a region.

3. Task Bar Change – This I feel is the biggest change people will use daily & notice. The new taskbar is kinda like a quickstart / taskbar combo. A user is able to pin icon to the taskbar similar to as we could pin shortcuts to our quicklaunch.
Jump lists – To go along with the task bar changes there are Jump Lists. When you right click on an icon in the taskbar the user gets a jump list where you can select to navigate to. If there are multiple word documents or browsers such as FireFox, you can select & preview the task you wish to switch to.

4. Rotating Desktop Backround Pix – This is a feature an average user will really like & say really? A user can select a folder of pix & then the desktop backround will rotate every 3 minutes (or you can choose the frequency) . This is nice since you won’t get board of the same desktop backround.

5. Snap Windows in Half – This feature is good too since you can quickly resize a window vertically & it will dock it to take up ½ of the screen. This way a user can have two windows on the same screen visable where the screen is split vertically one window on the left & the other on the right. Nice to move files or Office app on the left & browser on right. Kinda the benefit of multiple monitors only on one.

6. Wireless networks Improvements – It’s easier to view & connect the wireless networks. In the system tray there is an icon (five bars in a row increasingly larger) where with one click you can view the network you connected to & view the available networks.

7. Power Options – There are more power options which is nice when youa re on a notebook or even for you desktop to hibernate after 30 minutes of non useage then starts up really quickly

8. Drivers – Much improved since all the drivers for vista work

9. Touch Screen – Windows 7 has the ability to use touch screen. This sounds good, I”ve never used it & think this will not be used often by the average user or even power user.

A few areas where I feel Win7 could be improved is
1. Usable Memory - My experience Win7 doesn't detect all of the RAM installed on the PC easily. Win7 64bit I've heard works better @ detecting the memory & there are some reg hacks. Some examples, I've installed Win7 on 2 pcs one with 4 GB RAM & the other with 8 GB RAM. When looking @ the usable memory detected the first displays 2.25GB RAM & the other displays 3 GB ram.

2. The name Windows 7 to me wasn't very good for SEO & it's kinda confusing for the average person. They get it confused with IE7 & when searching for topics if the OS was called anything not windows seven such as Windows Orange or Windows asdf then when searching for content a user searching would be distracted with other content that searching for a Windows 7 brings. Anyhow I feel the name could have been improved for these 2 reasons.

3. When using taskbar buttons not combines the user should be able to taskbar shuffle the buttons. This would be a nice feature.

So Windows 7 is a current OS so let us enjoy some of the top nice features.

Bye for Now,
Catto

Firefox 3.5 - Your Default browser?

Firefox 3.5 - Your Default browser?

Hey Now,

So today is the day, Firefox 3.5 is released & of course like many millions of people around the world I downloaded & installed it. Firefox has been my default browser for some time now. Browsers are the most used windows application & I use many all day everyday. 

Firefox 3.5 new features include:

Faster fox - the browser measured faster
Private Browsing just like all other browsers Ctrl + Shift + P I use this when shopping for diamonds for my wife.
Undo Tab Ctrl + Shift + T Similar to Ctrl + T for new tab
Video with HTML 5 - HTML 5 is around the corner & this will help everyone browse more efficently such as links within video.
TraceMonkey JavaScript engine - this is spuposed to be faster the the previous SpiderMonkey. 
Geo-Location - from my understanding it will know where your located
Tab Tearing - I'm not a fan I find myself not using this even in Chrome

Firefox Add-on's are my favorite feature still about Firefox including the latest version 3.5. They allow us to customize our browser. Listed below is a top 10 Catto Firefox add-ons that I like use all the time. 

1 Hide Menubar - provides more realastate & hides menubar it just works
2 Speed Dial - Stellar add-on. Easily open frequently used pages. Use Cntl+1 to 3 load your favorite page.
3 FoxTab - Super slick way to switch tabs Ctrl+Shift (similar to vista task switcher) 
4 Firebug - Very important dev tool F12 baby
5 Web Developer - many dev tools 
6 Google Preview - displays thumbnail of page on Google search
7 Cooliris - The best way to view pix
8 Coolpreviews - easily quickly view a link with out opening it$
9 Download Status Bar - places downloads on the status bar neatly
10 Personas for Firefox - Change look easily
11 Colorzilla - web dev tool to pick colors

This a just 10 of my favorite add-on's. Add-ons are easily still my favorite Firefox feature 

That is all there is .. there is no more!

Catto

Window 7 Tiki Hut Event

Hey Now Everybody,

There was a Microsoft TechNet event The Tiki Hut Road Show on Windows 7 which I attendend on May 28th 2009. It was a great session where Blain Barton & Shervin 'da bomb' Shakibi presented all about Windows 7. Windows 7 is the next Microsoft Operating System
Before there was 95, 98, XP, now there's Vista soon there will be Windows 7. I've been running a virtual machine with windows 7 on it to test. Today I received the dvd & plan to install it where this version on my physical will time bomb June 1st 2010. When installing any OS on the physicall drive my preference is to fresh install & delete all my previous data.
One of the features that caught my eye was the ease of VPN (direct access). Another was a screen capture application called record problem recorder. It reminded me of a snag-it type application where you can record what steps are taken then it produces a zip file which when opened will display all the steps taken while recording including screen shots & text fo the steps. This would be ideal for help desk or documenting a training.

This was a Technet event & the MSDN event is later in June. My preference is to hear more about the development side vs. the IT Pro side therefore I enjoy the content on MSDN events a little more. At the same time this was an excellent event. IE8 is the default browser which is what I think most people will notice along with the task bar features.
As always there were some great people there including some sponsers such as Sherstaff. I saw a few of my friends there & had a great time. That's all there is there is no more.

Bye for now,

Catto

FileSystemWatcher 70-536 Microsoft .NET Certification Post #15

FileSystemWatcher 70-536
Microsoft .NET Certification
Post #15

Hey Now Everybody,

Please feel free to check out my MCTS 70-536 reference page on Chris Catto.com. It’s a page with a summary of all of my posts.


• FileSystemWatcher.Created – occurs when a file or directory in the specified path is created.
o When you are writing an app that needs to process files when they are added to a folder. FileSystemWatcher.Created is the event you should be respond to.
o FileSystemWatcher.Changed only occurs when an existing file is modified.
o FileSystemWatcher.Deleted occurs when a file is removed.
o FileSystemWatcher.Renamed occurs when a file is renamed


As always all comments welcome.

That’s all there is there is no more, Bye for now!

Catto