C# Cookbook, 2nd Edition

Problem: You have an existing class that contains sensitive data and you do not want clients to have direct access to any objects of this class. Instead, you want an intermediary object to talk to the clients and to allow access to sensitive data ba...

Problem: You have a string you want to be able to encrypt and decryptperhaps a password or software keywhich will be stored in some form accessible by users, such as in a file, the registry, or even a field, that may be open to attack from malicious...

Problem: You have sensitive information that must be encrypted before it is written to a file that might be in a nonsecure area. This information must also be decrypted before it is read back in to the application. Solution: Use multiple crypt...

Problem: You will be using the cryptography classes in the FCL to encrypt and/or decrypt data. In doing so, you want to make sure that no data (e.g., seed values or keys) is left in memory for longer than you are using the cryptography classes. Hack...

Problem: You have some text that will be sent across a network to another machine for processing. It is critical for you to verify that this text remains intact and unmodified when it arrives at its destination. Solution: Calculate a hash valu...

Problem: You need to create a class to isolate other developers on your team from the details of adding a hash to a string, as well as the details of using the hash to verify if the string has been modified or corrupted. Solution: The followin...

Problem: You need a random number with which to generate items such as a sequence of session keys. The random number must be as unpredictable as possible so that the likelihood of predicting the sequence of keys is as low as possible. Solution:...

Problem: You need to store settings data about individual users for use by your application and keep this data isolated from other instances of your application run by different users. Solution: You can use isolated storage to establish per-us...

Problem: You want to assert that at a particular point in the call stack, a given permission is available for all subsequent calls. However, doing this can easily open a security hole to allow other malicious code to spoof your code or to create a b...

Problem: You are distributing an assembly, but you want to ensure that nobody can tamper with the internals of that assembly. This tampering could result in its use to gather sensitive information from a user or to act as a backdoor mechanism in att...

Problem: When your assembly requests optional permissions (such as asking for disk access to enable users to export data to disk as a product feature) using the SecurityAction. RequestOptional flag, it might or might not get those permissions. Regar...

Problem: Someone attacking your assembly will first attempt to find out as many things as possible about your assembly and then use this information in constructing the attack(s). The more surface area you give to attackers, the more they have to wo...

Problem: You need to obtain the security rights and/or audit information for a file or registry key. Solution: When obtaining security/audit information for a file, use the static GetAccessControl method of the File class to obtain a System.Se...

Problem: You need to change the security privileges of either a file or registry key programmatically. Solution: The code shown in Example 17-17 grants and then revokes the ability to perform write actions on a registry key. Example 17-17. Gr...

Problem: You need to store sensitive information, such as a Social Security number, in a string. However, you do not want prying eyes to be able to view this data in memory. Solution: Use the SecureString object. To place text from a stream ob...

Problem: You want to use the TCP server in Recipe 16.1 to communicate with the TCP client in Recipe 16.2. However, you need the communication to be secure. Solution: Replace the NetworkStream class with the more secure SslStream class on both ...

Problem: You need to encrypt data within a web.config file programmatically. Solution: To encrypt data within a web.config file section, use the following method: public static void EncryptWebConfigData(string appPath, ...

Problem: You need more information as to why a SecurityException was thrown. Solution: Use the new properties available on the SecurityException object, shown in Table 17-2. Table 17-2. SecurityException PropertiesPropertyDescriptionActionThi...

Problem: You want to make sure that your UnicodeEncoding or UTF8Encoding class detects any errors, such as an invalid sequence of bytes. Solution: Use the constructor for the UnicodeEncoding class that accepts three parameters: UnicodeEnco...

Problem: You want more security when manipulating an unmanaged file handle than a simple IntPtr can provide. Solution: Use the Microsoft.Win32.SafeHandles.SafeFileHandle object to wrap an existing unmanaged file handle: public static void ...