Sergey Shishkin

on agile software development

Archive for October 2006

ADC2006 – CardSpace Sample

Yesterday on Advanced Developers Conference in Frankenthal, Germany we did a talk with Michael about Identity Metasystem and CardSpace. Michael did a great introduction to the Identity Metasystem, clarified what it is and how do people already use it in their everyday life without even thinking of that term. After that I showed a one-hour-long demo covering Windows CardSpace, information card and security token issuing processes.

Here is a sample that I built. It is based on Garrett Serack‘s STS sample, so you can refer to the original deployment instructions. In the solution you will find a web application CardService, that issues managed information cards to users and verifies SAML security tokens. Card issuing is based on the small newtelligence.CardSpace library, which creates managed information cards with only one line of code from the application configuration and allows easily save the card to a writer, a stream or a file. The Security Token Service was redesigned to hide all the XML manipulations away from the developer. I wish I had some common framework classes to work with RequestSecurityToken messages.

Try the sample and leave your comment!

Advertisements

Written by Sergey Shishkin

19.10.2006 at 16:58

Posted in Uncategorized

Hacking CardSpace

[UPDATED: As Richard Turner explained me, the behavior described below is required due to avoid another critical and really exploitable vulnerability. However, a malicious software running on the user’s machine is able to potentially use this behavior for a spoofing attack. The world itself is not ideal anyway… 🙂 ]

I recently watched an interesting video on channel 9 about Windows CardSpace, its encrypted card store and the private desktop technology that CardSpace uses to protects user’s sensitive data. Couple of hours later I accidentally broke CardSpace protection and accessed my user’s desktop in parallel with running CardSpace UI Agent (Oops :-0 )

The exploited vulnerability was an Open File Dialog which is used e.g. for choosing a picture for a card or a file for backup. When the Open File Dialog opens you can clearly see for a very short moment your desktop, but after it opens you are free to open the start menu using Win button and do whatever you want! See the screenshot:

If you know what does it mean – you know what to do. This vulnerability was found on WinXP SP2 with .NET Framework 3.0 RC1 Runtime and was reproduced on Vista RC1. I am not sure if it is already fixed in the September CTP, but hope that the coming RTM will not have such behavior. We’ll see 😉

Written by Sergey Shishkin

19.10.2006 at 14:34

Posted in Uncategorized

Running CardSpace STS Sample

As I mentioned before, even deploying new CardSpace samples on Vista RC1 is already a challenge. Running samples themselves could also bring up some surprises…

First, the SetSSLCertificate.bat script, that is needed to run the WCF SampleSecurityTokenService, uses the httpcfg.exe utility which was not installed on my machine 😦 However, the netsh utility from Vista now supports http context and can be used to set up required SSL certificate bindings. Here is my version of the script:

rem FIRST CLEAR ANY CERTIFICATE netsh http delete sslcert ipport=0.0.0.0:7001 rem SECOND, SET THE CERT FOR HTTPS to FABRIKAM's CERT (appid = any GUID) netsh http add sslcert ipport=0.0.0.0:7001 certhash=d47de657fa4902555902cb7f0edd2ba9b05debb8 appid={C61EC2E2-BC18-4522-903B-F44A56299787}

Note: appid parameter for the netsh http add sslcert command is required but is used only as a unique identifier of a binding – it has nothing to do with the application that will use the binding. It can be any valid GUID.

Now the service run but only with elevated privileges. To make it less eager for administrative rights, one needs to reserve all services’ endpoints’ URLs for service’s account. That can be done using the netsh http add urlacl command:

rem THIRD, REGISTER NAMESPACE RESOLVATION FOR EACH SERVICE'S ENDPOINT set SERVICE_ACCOUNT=MYCOMPUTER\MyService netsh http add urlacl url=http://+:7000/sample/trust/smartcard/ user=%SERVICE_ACCOUNT% netsh http add urlacl url=https://+:7001/sample/trust/smartcard/mex/ user=%SERVICE_ACCOUNT% netsh http add urlacl url=http://+:7000/sample/trust/selfissuedsaml/ user=%SERVICE_ACCOUNT% netsh http add urlacl url=https://+:7001/sample/trust/selfissuedsaml/mex/ user=%SERVICE_ACCOUNT% netsh http add urlacl url=http://+:7000/sample/trust/usernamepassword/ user=%SERVICE_ACCOUNT% netsh http add urlacl url=https://+:7001/sample/trust/usernamepassword/mex/ user=%SERVICE_ACCOUNT%

Written by Sergey Shishkin

05.10.2006 at 13:11

Posted in Uncategorized

Enterprise Library: Tracing Categories Bug

EntLib Logging Application Block 2.0 disappoints me again and again. 😦 This time I needed to use non-string object as a logical operation identifier at the CorrelationManager.StartLogicalOperation method.

The using scenario "by-design" of course manages the logical operation stack through the EntLibTracer class, which supports only strings as operations identifiers. In my case more flexibility is needed, and I use custom code to manipulate the logical operation stack.

While having tracingEnabled set to true in the configuration, the LogWriter class adds all the logical operation identifiers from the stack to the LogEntry.Categories collection. I find this feature quite controversial, moreover it has an ugly bug!

The private method LogWriter.AddTracingCategories uses foreach loop with string loop variable! Looks like the author of that method never ever read something like "Code Complete" or "Writing Solid Code". Where did he get the confidence that iterating the Stack of objects he will always get strings? :-S Needless to say that the result of this mistake is an InvalidCastException. Here is the fix:

Logging\LogWriter.cs, Line 293, Replace:

              
foreach (string tracingOperation in Trace.CorrelationManager.LogicalOperationStack)
{
    // must take care of logging categories..
    if (!log.Categories.Contains(tracingOperation))
    {
        if (!replacementDone)
        {
            log.Categories = new List<string>(log.Categories);
            replacementDone = true;
        }
        log.Categories.Add(tracingOperation);
    }
}

To:

              
foreach (object operation in Trace.CorrelationManager.LogicalOperationStack)
{
    string tracingOperation = operation.ToString();
    // must take care of logging categories..
    if (!log.Categories.Contains(tracingOperation))
    {
        if (!replacementDone)
        {
            log.Categories = new List<string>(log.Categories);
            replacementDone = true;
        }
        log.Categories.Add(tracingOperation);
    }
}

If you use EntLibTracer class, take care of it as well – it actively exploits the same mistaken assumption. If you do not use it and do not want the operations being populated as Categories for each LogEntry, just disable tracingEnabled in the configuration (and you can leave the LogWriter unfixed then). Happy enterprise development! 😉

Written by Sergey Shishkin

02.10.2006 at 13:24

Posted in Uncategorized