Microsoft-Implementing Security for Applications with Microsoft Visual Basic .NET Set 1

You are an application developer for your company. You develop an application that uses an external class library. You run the Permissions View tool on the class library and receive the following output. Microsoft (R) .NET Framework Permission Request Viewer. Version 1.1.4322.573 Copyright (C) Microsoft Corporation 1998-2002. All rights reserved. minimal permission set: optional permission set: refused permission set: Not specified You need to add corresponding attributes in your application. Which code segment should you use?

You are an application developer for your company. You create a Web application that is used by all users in the company. The application is hosted on the intranet Web server, which is named WebServer. WebServer has IIS 5.0 installed. The Web application is configured to use Integrated Windows authentication. The Web.config file specifies that the authentication mode is set to Windows. The application connects to a Microsoft SQL Server database named DataStore. The database is located on WebServer. The SQL Server computer is configured with SQL Server logins disabled. The database connection code is shown in the following code segment. Dim myConnStr As String myConnStr = "Initial Catalog=""DataStore"";" myConnStr = myConnStr & "Data Source=localhost;Integrated Security=SSPI;" Dim myConn As New SqlConnection(myConnStr) Dim myInsert As String myInsert = "INSERT INTO Customer (CustomerID, Name) Values('123', 'John Doe')" Dim myCmd As New SqlCommand(myInsert) myCmd.Connection=myConn myConn.Open() myCmd.ExecuteNonQuery() myCmd.Connection.Close() When you run the application by using Microsoft Internet Explorer, you receive an error message that reads in part: "Login failed for user WebServer\ASPNET." You need to ensure that the application can run successfully without prompting the user for a user name and password. What should you do?

You are an application developer for your company. You are developing a Windows Forms application. You deploy a supporting assembly named MyAssembly.dll to the global assembly cache. During testing, you discover that the application is prevented from accessing MyAssembly.dll. You need to ensure that the application can access MyAssembly.dll. What should you do?

You are an application developer for your company. You create an ASP.NET Web application. The application allows customers to select items for purchase. During the active session of a customer, data about the quantity and price of items selected by the customer is stored in a cookie on the client computer. You need to test the application for security vulnerabilities. What should you do?

You are an application developer for your company. You develop an ASP.NET Web application for the company's intranet. The application accesses data that is stored in a Microsoft SQL Server database. Access to objects in the database is granted based on the identity of the user of the application. The application uses Windows authentication, and it has impersonation enabled. You need to modify the application so that it also uses a new serviced component. The new component requires applications that call it to have membership in the COM+ role named AuthorizedCallers. The developer who developed the new component creates a new Windows user account named InternalWebAppUser and adds this user account to the COM+ AuthorizedCallers role. The developer instructs you to write your application to access the serviced component by using the security context of this user account. You need to modify your code to call the new serviced component by using the security context of the InternalWebAppUser user account. What should you do?

You are an application developer for your company. You are developing an application that receives signed data. The data is signed by using the RSA encryption algorithm and the SHA1 hash algorithm. You need to write a function that will verify signatures by using RSA public credentials. Which code segment should you use?

You are an application developer for your company, which is a financial services company. You are developing an ASP.NET Web application that will be used by the company's customers. Customers will use the application to access their portfolios and to view business and financial reports. The customers are divided into two categories named Standard and Premier. The Premier customers will have access to an additional set of reports and analysis. You plan to use roles named Standard and Premier to differentiate the two customer categories. The application will use Forms authentication to authenticate all users and assign each authenticated user to either the Standard role or the Premier role. Web pages that are accessible only by Premier customers are in a subfolder named Premier. Web pages that are accessible by both categories of customers are in the application root. You need to configure URL authorization for the application. You plan to achieve this goal by adding configuration elements to the Web.config file in the application root. Which elements should you use?

You are an application developer for your company. You develop a library assembly that contains diagnostic utility classes. This library assembly is installed in the global assembly cache on all client computers on the company network. You develop a Windows Forms application that calls the library assembly. You successfully test the application on your computer, and then you deploy the application to a Web folder on the intranet. Further testing reveals that when you run this application from the intranet, a SecurityException exception is thrown when the application is loading. You need to correct the problem that is causing the SecurityException exception. What should you do?

You are an application developer for your company. You are conducting a code review of a Windows Forms application that was developed by another developer. The application contains code that validates a user's ability to access restricted functionality. A variable named bolElevated contains a value of True when a user logs on by using a user account named Admin. Otherwise, the variable contains a value of False. If a user other than Admin attempts to access the restricted functionality, the application must display an error message. A function named OpenAdmin() displays the user interface for the restricted functionality. The application contains the following code segment. If bolElevated Then OpenAdmin() Else MsgBox "That functionality is restricted." MsgBox "To access restricted functionality, log in as user 'Admin'." End If You need to improve the security of this code segment while maintaining its functionality. You decide to replace the existing code segment. Which code segment should you use?

You are an application developer for your company. You are conducting a code review of an application that was developed by another developer. The application stores both public data and confidential data. The application stores the data in a file on the hard disk of a user's client computer. The following code segment manages the writing of all application data to the file. The array named Data1 contains the public data, and the array named Data2 contains the confidential data. Sub WriteData(ByVal Des As DES, ByVal Data1() As Byte, _ ByVal Data2() As Byte, ByVal FSout As FileStream) Dim CS As New CryptoStream(FSout, Des.CreateEncryptor(), _ CryptoStreamMode.Write) CS.Write(Data1, 0, Data1.Length) CS.Write(Data2, 0, Data2.Length) CS.FlushFinalBlock() End Sub You need to improve the response time of this application, without reducing its security. Any changes you make to the WriteData function will be reflected in the code portion for reading data. What should you do?