Enterprise Services (.NET 1.1) Performance Guidelines - Security

From Guidance Share
Jump to navigationJump to search

- J.D. Meier, Srinath Vasireddy, Ashish Babbar, and Alex Mackman

Use a Trusted Server Model if Possible

With the trusted server model, a serviced component uses its fixed process identity to access downstream resources instead of flowing the security context of the original caller with impersonation. Since all database calls from the middle tier use the same process identity, you gain the maximum benefit from connection pooling. For a server application, you configure the process run as identity, using the Component Services tool. For a library application, the identity is determined by the account used to run the client process. With the trusted server model, the downstream resources authenticate and authorize the process identity.

Avoid Impersonation in the Middle Tier

Middle tier impersonation is generally performed to flow the original caller's identity to the back-end resource. It allows the back-end resource to authorize the caller directly because the caller's identity is used for access. You should generally avoid this approach because it prevents the efficient use of connection pooling and it does not scale.

If you need to audit the caller at the back end, pass the original caller's identity through a stored procedure parameter. Authorize the original caller in the application's middle tier using Enterprise Service roles.

Use Packet Privacy Authentication Only if You Need Encryption

If you need to ensure that packets have not been tampered with in transit between the caller and serviced component, and you do not need encryption, then use AuthenticationOption.Integrity. If you need to ensure the privacy of data sent to and from a serviced component, you should consider using AuthenticationOption.Privacy.

However, do not use this option if your application is located in a secure network that uses IPSec encryption to protect the communication channels between servers. You can configure the packet privacy authentication level using the following assembly-level attribute.

  [assembly: ApplicationAccessControl(Authentication =