Enterprise Library Test Guide - Willy .Net

More documents

Recommendations

Info

Using the Test Cases 245 This is the code that caused the problems. public static ProtectedKey Read(string protectedKeyFileName, DataProtectionScope dpapiProtectionScope) { using (FileStream stream = new FileStream(protectedKeyFileName, FileMode. Open)) { return Read(stream, dpapiProtectionScope); } } Solution To solve the first problem, the Read method was modified so that it read the symmetric key only once from the file and then cached the key in a static collection. Subsequent reads retrieved the file from the cache, which greatly reduced the performance overhead. To solve the second problem, the Read method was modified to use constructors that included the FileShare.Read enumeration. This allowed multiple users to concurrently read the file. The following is the code that solved both the performance problem and the concurrency problem. public static ProtectedKey Read(string protectedKeyFileName, DataProtectionScope dpapiProtectionScope) { string completeFileName = Path.GetFullPath(protectedKeyFileName); if (cache[completeFileName] != null) return cache[completeFileName]; using (FileStream stream = new FileStream(protectedKeyFileName, FileMode.Open, FileAccess.Read, FileShare.Read)) { ProtectedKey protectedKey = Read(stream, dpapiProtectionScope); cache[completeFileName] = protectedKey; return protectedKey; } } Verification Running the test case again after applying the preceding code verified that the cost of reading a key from a file was within acceptable limits. In addition, concurrent users could now read the file. Security Testing The goals of security testing are the following: ● ● ● Identify the potential threats to the application blocks. Identify the vulnerabilities of the application blocks. Provide counter measures to these threats and vulnerabilities.
246 Enterprise Library Test Guide In general, threats can be classified as spoofing identity, tampering with data, repudiation, information disclosure, denial of service, and elevation of privileges. To learn more about these threats, see Threat Modeling Web Applications on MSDN in the Microsoft patterns & practices Developer Center. General Security Tests All the application blocks are required to request code access security permissions for the appropriate assemblies. Code access security allows code to be trusted to varying degrees depending on where the code originates and on other aspects of the code’s identity. Test Case The application blocks use reflection in multiple places to create domain objects. The test case was to review the code in the AssemblyInfo file to determine whether the application block requests permission to use reflection. This permission is necessary for the application block to run in low-trust environments. (The AssemblyInfo file contains information such as attributes, files, resources, types, versioning information, and signing information for modifying an assembly’s metadata.) Problem The test case revealed that the ReflectionPermission class that controls access to the metadata was not defined in the AssemblyInfo file. This class defines the set of permissions that are required for application block assemblies to run in low-trust environments. When the application block runs in a low-trust environment, the system administrator must explicitly grant those permissions that allow the application block to run. The explicit permission to use reflection allows the ObjectBuilder subsystem to use reflection and access private class members and metadata. Solution The solution was to add a ReflectionPermission object with the necessary permissions to the AssemblyInfo file. The following code shows how to do this. [assembly: ReflectionPermission(SecurityAction.RequestMinimum, MemberAccess = true)] Verification Examining the AssemblyInfo file after applying the preceding code showed that it included a ReflectionPermission object.
Page 1 and 2:
Enterprise Library Test Guide
Page 3 and 4:
ISBN 0-7356-2389-9 Information in t
Page 5 and 6:
iv Contents Testing the Logging App
Page 8 and 9:
Introduction Enterprise Library Tes
Page 10 and 11:
Introduction This section provides
Page 12 and 13:
Introduction Performing Code Revie
Page 14 and 15:
Introduction Setting Up the Crypto
Page 16:
Introduction Acknowledgments The f
Page 19 and 20:
12 Enterprise Library Test Guide Pr
Page 21 and 22:
14 Enterprise Library Test Guide De
Page 23 and 24:
16 Enterprise Library Test Guide Co
Page 25 and 26:
18 Enterprise Library Test Guide Th
Page 27 and 28:
20 Enterprise Library Test Guide Te
Page 30 and 31:
Testing the Caching Application Blo
Page 32 and 33:
Testing the Application Block 25 Pr
Page 34 and 35:
Testing the Application Block 27 Af
Page 36 and 37:
Testing the Application Block 29 Co
Page 38 and 39:
Page 40 and 41:
Page 42 and 43:
Page 44 and 45:
Testing the Application Block 37 Te
Page 46 and 47:
Testing the Application Block 39 Te
Page 48 and 49:
Testing the Cryptography Applicatio
Page 50 and 51:
Page 52 and 53:
Page 54 and 55:
Page 56 and 57:
Page 58 and 59:
Page 60 and 61:
Page 62 and 63:
Testing the Data Access Application
Page 64 and 65:
Page 66 and 67:
Page 68 and 69:
Page 70 and 71:
Page 72 and 73:
Page 74 and 75:
Testing the Exception Handling Appl
Page 76 and 77:
Testing the Enterprise Library Core
Page 78 and 79:
Page 80 and 81:
Page 82 and 83:
Page 84 and 85:
Page 86 and 87:
Page 88 and 89:
Page 90:
Page 93 and 94:
86 Enterprise Library Test Guide Ta
Page 95 and 96:
88 Enterprise Library Test Guide De
Page 97 and 98:
Page 99 and 100:
Page 101 and 102:
Page 103 and 104:
Page 105 and 106:
Page 108 and 109:
Testing the Security Application Bl
Page 110 and 111:
Page 112 and 113:
Page 114 and 115:
Page 116 and 117:
Page 118 and 119:
Page 120 and 121:
Page 122 and 123:
Page 124 and 125:
Page 126 and 127:
Page 128:
Page 131 and 132:
124 Enterprise Library Test Guide E
Page 133 and 134:
126 Enterprise Library Test Guide A
Page 135 and 136:
128 Enterprise Library Test Guide T
Page 137 and 138:
130 Enterprise Library Test Guide N
Page 139 and 140:
132 Enterprise Library Test Guide I
Page 141 and 142:
Page 143 and 144:
Page 145 and 146:
Page 147 and 148:
Page 149 and 150:
Page 151 and 152:
144 Enterprise Library Test Guide C
Page 153 and 154:
Page 155 and 156:
Page 157 and 158:
150 Enterprise Library Test Guide D
Page 159 and 160:
152 Enterprise Library Test Guide U
Page 161 and 162:
Page 163 and 164:
156 Enterprise Library Test Guide D
Page 166 and 167:
Testing for Globalization Best Prac
Page 168 and 169:
Page 170 and 171:
Page 172:
Page 175 and 176:
168 Enterprise Library Test Guide S
Page 177 and 178:
Page 179 and 180:
172 Enterprise Library Test Guide S
Page 181 and 182:
174 Enterprise Library Test Guide A
Page 183 and 184:
Page 185 and 186:
Page 187 and 188:
180 Enterprise Library Test Guide l
Page 189 and 190:
182 Enterprise Library Test Guide
Page 191 and 192:
184 Enterprise Library Test Guide
Page 193 and 194:
Page 195 and 196:
Page 197 and 198:
Page 199 and 200:
192 Enterprise Library Test Guide I
Page 201 and 202: 194 Enterprise Library Test Guide O
Page 203 and 204: 196 Enterprise Library Test Guide I
Page 207 and 208: 200 Enterprise Library Test Guide P
Page 209 and 210: 202 Enterprise Library Test Guide C
Page 215 and 216: 208 Enterprise Library Test Guide T
Page 223 and 224: 216 Enterprise Library Test Guide Y
Page 225 and 226: 218 Enterprise Library Test Guide A
Page 227 and 228: 220 Enterprise Library Test Guide
Page 235 and 236: 228 Enterprise Library Test Guide t
Page 237 and 238: 230 Enterprise Library Test Guide F
Page 241 and 242: 234 Enterprise Library Test Guide R
Page 243 and 244: 236 Enterprise Library Test Guide L
Page 247 and 248: 240 Enterprise Library Test Guide G
Page 249 and 250: 242 Enterprise Library Test Guide S
Page 251: 244 Enterprise Library Test Guide S
Page 255 and 256: 248 Enterprise Library Test Guide t
Page 259 and 260: 252 Enterprise Library Test Guide V
Page 263 and 264: 256 Enterprise Library Test Guide S
Page 265 and 266: 258 Index requirements, 55 scalabil
Page 267 and 268: 260 Index initialization cost, 171
Page 269: 262 Index Total Transactions value,
show all

Enterprise Library Test Guide - Willy .Net

Create successful ePaper yourself

Delete template?

Save as template?