DSS Node Security Configuration
Glossary Item Box
DSS User Guide: DSS Security Configuration File
Windows Security: Security Identifiers | Authenticode Signing a DLL
.NET Framework Developer's Guide: Code Access Security | Code Access Security Policy Tool (Caspol.exe) | .NET Framework Configuration Tool (Mscorcfg.msc)
.gif "See Also") |
Microsoft Robotics Developer Studio | Send feedback on this topic |
DSS Node Security Configuration
.gif "Bb870540.hs-note(en-us,MSDN.10).gif") |
In order to enable security the Decentralized Software Services (DSS) node must be configured with the path of a security settings file. If the node does not have this path configured, no security features will be enabled for the node! If no file exists at the path specified, the node runs with authentication required and service assembly loading unrestricted. |
Specifying the Security Settings File
There are three ways in which to specify the security settings file. These are required for enabling security in a DSS node:
- In the application configuration file use the security key to specify the security settings file. See DSS Security Configuration File.
- For DSS Host Tool (DssHost.exe) the programmer can explicitly use the /s command line parameter to specify the security settings file. This will override any value set in the application configuration file.
- For applications using the DssEnvironment class, use the DssEnvironment.Initialize method to pass in a security configuration file when starting the environment. This will override any value set in the application configuration file.
Security Configuration File Format
The security settings file contains three items: AuthenticationRequired, OnlySignedAssemblies, and Users as specified below:
AuthenticationRequired - is a global switch indicating whether authentication is required. This element can be set to either true or false. When it is set to true, the node requires authentication; otherwise the node accepts unauthenticated connections. The default is true.
OnlySignedAssemblies - is a global switch indicating whether only Authenticode-signed assemblies can be loaded. This element can be set to either true or false. When it is set to true, only services that are implemented in assemblies that have been Authenticode-signed will be loaded; otherwise the node will load services in any assembly. The default is false.
Users - is a list of users that have permission to access the node. This list is only relevant if the AuthenticationRequired element has the value true. This is a list of UserPermission records. Each of these records has up to three elements:
| Element | Description |
|---|---|
Rights |
This field specifies the permissions that the user has on the node. In the current version the only permission levels that are understood are all and none |
SID |
This is the standard windows security identifier, SID, for the user, expressed as a Security Descriptor Definition Language (SDDL) string. This element is optional. |
UserName |
This is the user name for the user. This element is optional but a UserPermission record must contain either a SID or a UserName element. |
When creating a security settings file manually, it can be more convenient to use the UserName element to specify the user or group to grant permission to.
|
For well-known users, the UserName is localized on Windows. For example, the UserName, BUILTIN\Administrators, a well known group containing all users who have local machine administrator privileges, will only resolve correctly on an English-language version of Windows. If a security settings file will be used across machines running different languages, the Sid field needs to be used for well known users. As in the example where the last UserPermission record has the Sid, S-1-5-32-544, instead of the UserName, BUILTIN\Administrators. |
Security Settings File Examples
The following example shows a security settings files where the three users ACCOUNT_A, ACCOUNT_B, and S-1-5-32-544 are granted full access:
<?xml version="1.0" ?>
<SecuritySettings xmlns="https://schemas.microsoft.com/robotics/2008/02/security.html">
<AuthenticationRequired>true</AuthenticationRequired>
<OnlySignedAssemblies>false</OnlySignedAssemblies>
<Users>
<UserPermission>
<Rights>All</Rights>
<UserName>ACCOUNT_A</UserName>
</UserPermission>
<UserPermission>
<Rights>All</Rights>
<UserName>ACCOUNT_B</UserName>
</UserPermission>
<UserPermission>
<Rights>All</Rights>
<Sid>S-1-5-32-544</Sid>
</UserPermission>
</Users>
</SecuritySettings>
This is the equivalent default security settings file which is used when there is no file:
<?xml version="1.0"?>
<SecuritySettings xmlns="https://schemas.microsoft.com/robotics/2008/02/security.html">
<AuthenticationRequired>true</AuthenticationRequired>
<OnlySignedAssemblies>false</OnlySignedAssemblies>
<Users />
</SecuritySettings>
This security settings file effectively disables security:
<?xml version="1.0"?>
<SecuritySettings xmlns="https://schemas.microsoft.com/robotics/2008/02/security.html">
<AuthenticationRequired>false</AuthenticationRequired>
<OnlySignedAssemblies>false</OnlySignedAssemblies>
<Users />
</SecuritySettings>
Security Manager Service
When a DSS node is started with a security settings file specified, the security manager service is always started. The security manager service provides mechanisms for the end user to manipulate security settings through a web interface, and also for the programmatic modification of security settings from another service using Decentralized Software Services Protocol.
The primary security settings, AuthenticationRequired and OnlySignedAssemblies, are only read at node startup. Changing them while a node is running does not change the properties of the currently running node. Only a new node started using the security settings file will get the new settings. The user list can, however, be modified at runtime to change the list of users and groups that have permission on the node.
Configuring Code Access Security
A Code Access Security (CAS) policy can be created and edited using the .NET Framework Configuration tools such as .NET Framework Configuration Tool (Mscorcfg.msc) and Code Access Security Policy Tool (Caspol.exe). Please see these topics for detailed information on how to configure the CAS policy for a node.
Disabling Logging
The DSS Console Output Service is used to log information including debugging and trace information for services as well as the DSS runtime. Debugging information can contain sensitive information such as stack traces and other information that in some situations can reveal properties of the services and/or the runtime itself. In scenarios where such information should not be revealed it is strongly recommended that logging be disabled as described in the topic "DSS Debug and Trace Messages".
| See Also |
DSS User Guide: DSS Security Configuration File
Windows Security: Security Identifiers | Authenticode Signing a DLL
.NET Framework Developer's Guide: Code Access Security | Code Access Security Policy Tool (Caspol.exe) | .NET Framework Configuration Tool (Mscorcfg.msc)
© 2012 Microsoft Corporation. All Rights Reserved.