Microsoft-Implementing Security for Applications with Microsoft Visual Basic .NET

You are an application developer for your company. You are conducting a code review of an assembly written by another developer. The assembly is named MyAssembly.exe. The assembly is for an application that accesses data in a Microsoft SQL Server database. All users of the application have access to the database by using their Microsoft Windows user accounts. The assembly contains the following code segment. Dim userid As String Dim password As String userid = "sa" password = "" Dim sqlConnection As New SqlConnection Dim connectionString As String connectionString = "data source=myserver" connectionString &= ";initial catalog=myDatabase" connectionString &= ";user id=" & userid connectionString &= ";password=" & password sqlConnection.ConnectionString = connectionString sqlConnection.Open() You need to improve the security of the code segment. What should you do?

You are an application developer for your company. You are developing an application that will be distributed to partner companies that do business with your company. The partner companies must be able to verify the authenticity of the application's assemblies before they will install the application. You need to ensure that the assemblies meet the requirements of the partner companies. You want your solution to minimize the number of additional configuration steps required by the partner companies. What should you do?

You are an application developer for your company. You are testing an application that was developed by another developer. The application maintains its own list of authorized users. Each user is assigned a security level of 1, 2, or 3. When a new user account is created, the security level for that user is entered into a text box. The new user account information is saved in a Microsoft SQL Server table by using a stored procedure. You verify that user accounts that have any of the three security levels can perform only the intended actions within the application. You need to identify any security vulnerabilities in the portion of the application that creates new user accounts. What should you do first?

You are an application developer for your company. You are developing an ASP.NET Web application on your Microsoft Windows XP Professional client computer. Your computer has IIS 5.1 installed and is hosting the development project. Your computer also has the most recent version of the Microsoft .NET Framework installed. The completed application will run under IIS 6.0. You need to ensure that your testing activities accurately reflect the security configuration of the production environment. What should you do before testing the application?

You are an application developer for your company. You create an ASP.NET Web application that is hosted on an intranet Web server named Server1. The application is configured to use Forms authentication. The application requires users to log on by using a user name and password. The application stores user names and passwords in a Microsoft SQL Server database that is located on a database server named Server2. The login pages for the application use SSL/TLS encryption. No other pages in the application use SSL/TLS. You need to test the application to find out if unauthorized users can view user name and password information. What should you do?

You are an application developer for your company. You develop an ASP.NET Web application that is installed on a server named Server1. Server1 has IIS 5.0 installed. The Web application is configured to use Anonymous authentication in IIS. The Web.config file contains the following code segment. The Machine.config file contains the following code segment. The application implements security based on the following code segment. Dim myIdentity As String Dim validAccess As Integer validAccess = 0 myIdentity = WindowsIdentity.GetCurrent().Name.ToString() If (myIdentity = "Server1\ASPNET") Then validAccess = 1 End If For testing purposes, you display the value of the validAccess variable in a label. When you run the application, you discover that the value of validAccess is 0. You need to ensure that validAccess has a value of 1. What should you do?

You are an application developer for your company. You develop an application that uses an external class library. You run the Permissions View tool on the class library and receive the following output. Microsoft (R) .NET Framework Permission Request Viewer. Version 1.1.4322.573 Copyright (C) Microsoft Corporation 1998-2002. All rights reserved. minimal permission set: optional permission set: refused permission set: Not specified You need to add corresponding attributes in your application. Which code segment should you use?

You are an application developer for your company, which is named Proseware, Inc. You are developing an ASP.NET Web application that users in the accounting department will use to process payroll reports and view payroll reports. The application will use Integrated Windows authentication to authenticate all users. Because payroll data is confidential, only users in the accounting department will be granted access to the application. All employees in the accounting department belong to a specific Active Directory group. However, users in the IT department can add themselves to various Active Directory groups in order to troubleshoot resource access problems. These IT department users must not be granted access to the ASP.NET Web application. The following rules can be used to distinguish between users in the accounting department and users in the IT department: All users in the accounting department are members of a group named Proseware\Accounting. Some users in the IT department are members of the Proseware\Accounting group. All users in the IT department are members of a group named Proseware\Domain Admin. No users in the accounting department are members of the Proseware\Domain Admin group. You need to configure URL authorization for the application by adding an element to the Web.config file in the application root. Which element should you use?

You are an application developer for your company. You develop an ASP.NET Web application for the company's intranet. The application accesses data that is stored in a Microsoft SQL Server database. The application authenticates users by using Windows authentication, and it has impersonation enabled. You configure database object permissions based on the identity of the user of the application. You need to provide the user's identity to the SQL Server database. What should you do?

You are an application developer for your company. You are implementing an ASP.NET Web application that uses Forms authentication. User names and passwords are stored in a Microsoft SQL Server database. The application includes the following method, which returns a value of True if the user provides a user name and password that are found in the database. Private Function VerifyPassword(ByVal userName As String, _ ByVal password As String) As Boolean You configure your application to redirect unauthenticated requests to a page named Logon.aspx. This page includes text boxes for entering a user name and password, and it includes a Logon button. You need to write the code to authenticate a user. What should you do?