Question about Distributed security for DAL...
-
I thought I would post this question here since it's a pretty good community of experts. The application I am in charge of architecting is an ASP.NET (intranet) web application running on IIS 5 or better - targeted towards .NET environments on Windows 2000 Server and/or Windows 2003 Server. It needs to be able to scale to meet the demand of hundreds or thousands of users (ie. work in a “web farm” environment). I have to be able to support both Oracle and SQL Server as the database that stores the data for the application. Security is an important concern since the application would be getting deployed within organizations that take security fairly seriously. I can count on at least Windows 2000 and at least IE 5.5 being on the desktop, though I’m not sure if the particular browser used to access the application should be much of a concern or not in terms of security. Ok, so here’s what I had in mind: Browser --> IIS --> ASP.NET --> Enterprise Services/COM+ --> SQL Server/Oracle (my thinking is that my data access code would run in the context of a COM+/ES component) I would like to be able to use Impersonation so that I could run the COM+ component under a certain user account (for my app only) and use Trusted_Connection in my connection string to SQL Server/Oracle (with OSAuthent=1; for the Oracle OLEDB driver). My reasons for wanting to do this are that 1) it seems to me like the most secure way to implement the connection and 2) I could use Windows to handle authentication instead of writing my own code to do so. Some questions/concerns I have:
- I don’t hear much mention of using this impersonation technique with COM+/ES components. Is it just not well known or are there drawbacks I don’t know about?
- I’ve been reading some newsgroup posts and it sounds like when using Impersonation you lose performance gained by connection pooling. Does anyone know if this is true or false?
- If the Oracle database is hosted on Unix or Linux, is it still possible to connect using Impersonation?
- Should I look at implementing transport-level security (like SSL) when the users authenticate to IIS?
- Anything else I should be thinking about in regards to the tiers/architecture of this application?
Thanks in advance for any time & energy you can lend to me on this. Feel free to use this in your blog (if you have one) if you think it would help get more suggestions from readers or anything like that. Thanks, Jason Mauss
-
I thought I would post this question here since it's a pretty good community of experts. The application I am in charge of architecting is an ASP.NET (intranet) web application running on IIS 5 or better - targeted towards .NET environments on Windows 2000 Server and/or Windows 2003 Server. It needs to be able to scale to meet the demand of hundreds or thousands of users (ie. work in a “web farm” environment). I have to be able to support both Oracle and SQL Server as the database that stores the data for the application. Security is an important concern since the application would be getting deployed within organizations that take security fairly seriously. I can count on at least Windows 2000 and at least IE 5.5 being on the desktop, though I’m not sure if the particular browser used to access the application should be much of a concern or not in terms of security. Ok, so here’s what I had in mind: Browser --> IIS --> ASP.NET --> Enterprise Services/COM+ --> SQL Server/Oracle (my thinking is that my data access code would run in the context of a COM+/ES component) I would like to be able to use Impersonation so that I could run the COM+ component under a certain user account (for my app only) and use Trusted_Connection in my connection string to SQL Server/Oracle (with OSAuthent=1; for the Oracle OLEDB driver). My reasons for wanting to do this are that 1) it seems to me like the most secure way to implement the connection and 2) I could use Windows to handle authentication instead of writing my own code to do so. Some questions/concerns I have:
- I don’t hear much mention of using this impersonation technique with COM+/ES components. Is it just not well known or are there drawbacks I don’t know about?
- I’ve been reading some newsgroup posts and it sounds like when using Impersonation you lose performance gained by connection pooling. Does anyone know if this is true or false?
- If the Oracle database is hosted on Unix or Linux, is it still possible to connect using Impersonation?
- Should I look at implementing transport-level security (like SSL) when the users authenticate to IIS?
- Anything else I should be thinking about in regards to the tiers/architecture of this application?
Thanks in advance for any time & energy you can lend to me on this. Feel free to use this in your blog (if you have one) if you think it would help get more suggestions from readers or anything like that. Thanks, Jason Mauss
Reference Building Secure ASP.NET Applications: Authentication, Authorization, and Secure Communication on the MSDN site. It'll give you plenty of answers! Briefs on Your questions:
- See the aforementioned link.
- Not sure about that, but impersonation itself is a slight perfomance hit aggregated onto the overall performance. You're switching the user context, so there's an OS hit to set up the impersonation context.
- Yes, as long as the impersonated context/calling machine has access to the 'nix box, either as a native user or via username/password.
- By all means! Eval your data security needs. Keep in mind that just because you're app is in the intranet doesn't mean it's secure. There's always the possiblity someone will hijack the flow of data (d4mn p4ck3t sn1ff3rz!) from within the organization.
- See the aforementioned link.
Ian Mariano - http://www.ian-space.com/
"We are all wave equations in the information matrix of the universe" - me