Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
.NET Framework Overview
1. .NET Framework Overview.NET Framework Overview
.NET Framework, CLR, MSIL, Assemblies, CTS, etc..NET Framework, CLR, MSIL, Assemblies, CTS, etc.
Doncho MinkovDoncho Minkov
Telerik School AcademyTelerik School Academy
schoolacademy.telerik.comschoolacademy.telerik.com
Technical TrainerTechnical Trainer
http://www.minkov.ithttp://www.minkov.it
2. Table of ContentsTable of Contents
1.1. What isWhat is .NET.NET??
Microsoft .NET platform architectureMicrosoft .NET platform architecture
1.1. What isWhat is .NET.NET FrameworkFramework??
.NET Framework Architecture.NET Framework Architecture
1.1. Common Language Runtime (CLR)Common Language Runtime (CLR)
2.2. Managed CodeManaged Code
3.3. Intermediate LanguageIntermediate Language MSILMSIL
4.4. Assemblies and MetadataAssemblies and Metadata
5.5. .NET Applications.NET Applications
3. Table of ContentsTable of Contents (2)(2)
8.8. Common Language Infrastructure (CLI)Common Language Infrastructure (CLI) andand
integration of different languagesintegration of different languages
Common Language Specification (CLS)Common Language Specification (CLS)
Common Type System (CTS)Common Type System (CTS)
8.8. Framework Class LibraryFramework Class Library
9.9. Integrated Development EnvironmentIntegrated Development Environment VisualVisual
StudioStudio
5. What is the .NET PlatformWhat is the .NET Platform??
The .NET platformThe .NET platform
Microsoft's platform for software developmentMicrosoft's platform for software development
Unified technology for development of almostUnified technology for development of almost
any kind of applicationsany kind of applications
GUI / Web / RIA / mobile / server / cloud / etc.GUI / Web / RIA / mobile / server / cloud / etc.
.NET platform versions.NET platform versions
.NET Framework.NET Framework
Silverlight / Windows Phone 7Silverlight / Windows Phone 7
.NET Compact Framework.NET Compact Framework
6. What isWhat is .NET Framework?.NET Framework?
.NET Framework.NET Framework
An environment for developing andAn environment for developing and
executingexecuting .NET.NET applicationsapplications
Unified programming modelUnified programming model,, set of languages,set of languages,
class librariesclass libraries,, infrastructure, components andinfrastructure, components and
tools for application developmenttools for application development
Environment for controlled execution ofEnvironment for controlled execution of
managed codemanaged code
It is commonly assumed thatIt is commonly assumed that
.NET platform == .NET Framework.NET platform == .NET Framework
7. ..NET Framework ComponentsNET Framework Components
Common Language RuntimeCommon Language Runtime (CLR)(CLR)
Environment for controlled executionEnvironment for controlled execution ofof
programmed codeprogrammed code –– like a virtual machinelike a virtual machine
ExecutesExecutes .NET.NET applicationsapplications
Framework Class LibraryFramework Class Library (FCL)(FCL)
StandardStandard class library for .NET developmentclass library for .NET development
Delivers basic functionality for developingDelivers basic functionality for developing:: XML,XML,
ADO.NET, LINQ, ASP.NET, WPF, WCF, WWF,ADO.NET, LINQ, ASP.NET, WPF, WCF, WWF,
Silverlight, Web services, Windows Forms,Silverlight, Web services, Windows Forms, ......
SDK, compilers and toolsSDK, compilers and tools
8. .NET Framework Architecture.NET Framework Architecture
The OSThe OS manages themanages the resourcesresources,, thethe
processes and the users of the machineprocesses and the users of the machine
Provides to the applications someProvides to the applications some
services (threadsservices (threads,, I/O, GDI+, DirectX,I/O, GDI+, DirectX,
COM, COM+, MSMQ, IIS, WMI, …)COM, COM+, MSMQ, IIS, WMI, …)
CLR is a separate process in the OSCLR is a separate process in the OS
Operating System (OS)Operating System (OS)
9. Operating System (OS)Operating System (OS)
Common Language Runtime (CLR)Common Language Runtime (CLR)
CLR managesCLR manages the execution ofthe execution of
the.NET codethe.NET code
Manages the memoryManages the memory,,
concurrencyconcurrency,, securitysecurity, ..., ...
.NET Framework Architecture.NET Framework Architecture (2)(2)
CLRCLR
10. Operating System (OS)Operating System (OS)
Common Language Runtime (CLR)Common Language Runtime (CLR)
Base Class Library (BCL)Base Class Library (BCL)
.NET Framework Architecture.NET Framework Architecture ((33))
Rich object-oriented library withRich object-oriented library with
fundamental classesfundamental classes
Input-output, collections, textInput-output, collections, text
processing, networking,processing, networking, securitysecurity,,
multi-threadingmulti-threading,, ……
11. Operating System (OS)Operating System (OS)
Common Language Runtime (CLR)Common Language Runtime (CLR)
Base Class Library (BCL)Base Class Library (BCL)
ADO.NET, LINQ and XML (Data Tier)ADO.NET, LINQ and XML (Data Tier)
.NET Framework Architecture.NET Framework Architecture ((44))
Database accessDatabase access
ADO.NET, LINQ, LINQ-to-SQL andADO.NET, LINQ, LINQ-to-SQL and
Entity FrameworkEntity Framework
Strong XML supportStrong XML support
12. Operating System (OS)Operating System (OS)
Common Language Runtime (CLR)Common Language Runtime (CLR)
Base Class Library (BCL)Base Class Library (BCL)
ADO.NET, LINQ and XML (Data Tier)ADO.NET, LINQ and XML (Data Tier)
.NET Framework Architecture.NET Framework Architecture ((55))
WCF and WWF (Communication and Workflow Tier)WCF and WWF (Communication and Workflow Tier)
Windows CommunicationWindows Communication
Foundation (WCF) and WindowsFoundation (WCF) and Windows
Workflow Foundation (WWF) forWorkflow Foundation (WWF) for
the SOA worldthe SOA world
13. Operating System (OS)Operating System (OS)
Common Language Runtime (CLR)Common Language Runtime (CLR)
Base Class Library (BCL)Base Class Library (BCL)
ADO.NET, LINQ and XML (Data Tier)ADO.NET, LINQ and XML (Data Tier)
.NET Framework Architecture.NET Framework Architecture ((66))
WCF and WWF (Communication and Workflow Tier)WCF and WWF (Communication and Workflow Tier)
ASP.NETASP.NET
Web Forms, MVC, AJAXWeb Forms, MVC, AJAX
Mobile Internet ToolkitMobile Internet Toolkit
WindowsWindows
FormsForms
WPFWPF SilverlightSilverlight
User interface technologies: Web based,User interface technologies: Web based,
Windows GUI, WPF, Silverlight, mobile,Windows GUI, WPF, Silverlight, mobile,
……
14. Operating System (OS)Operating System (OS)
Common Language Runtime (CLR)Common Language Runtime (CLR)
Base Class Library (BCL)Base Class Library (BCL)
ADO.NET, LINQ and XML (Data Tier)ADO.NET, LINQ and XML (Data Tier)
.NET Framework Architecture.NET Framework Architecture ((77))
WCF and WWF (Communication and Workflow Tier)WCF and WWF (Communication and Workflow Tier)
ASP.NETASP.NET
Web Forms, MVC, AJAXWeb Forms, MVC, AJAX
Mobile Internet ToolkitMobile Internet Toolkit
WindowsWindows
FormsForms
WPFWPF SilverlightSilverlight
C#C# C++C++ VB.NETVB.NET J#J# F#F# JScriptJScript PerlPerl DelphiDelphi ……
Programming language on your flavor!Programming language on your flavor!
18. Common Language RuntimeCommon Language Runtime ((CLRCLR))
Managed execution environmentManaged execution environment
Controls the execution of managedControls the execution of managed ..NETNET
programming codeprogramming code
Something like virtual machineSomething like virtual machine
Like the Java Virtual Machine (JVM)Like the Java Virtual Machine (JVM)
Not an interpreterNot an interpreter
Compilation on-demand is usedCompilation on-demand is used
Known asKnown as Just In Time (JIT) compilationJust In Time (JIT) compilation
Possible compilation in advance (Ngen)Possible compilation in advance (Ngen)
19. ResponsibilitiesResponsibilities ofof CLRCLR
Execution of theExecution of the IL codeIL code andand the JITthe JIT
compilationcompilation
Managing memory and application resourcesManaging memory and application resources
Ensuring type safetyEnsuring type safety
Interaction with the OSInteraction with the OS
Managing securityManaging security
Code access securityCode access security
Role-based securityRole-based security
20. ResponsibilitiesResponsibilities ofof CLRCLR (2)(2)
Managing exceptionsManaging exceptions
Managing concurrencyManaging concurrency –– controlling thecontrolling the
parallel execution of applicationparallel execution of application threadsthreads
Managing application domains and theirManaging application domains and their
isolationisolation
Interaction with unmanaged codeInteraction with unmanaged code
SupportingSupporting debug /debug /
profile of .NET codeprofile of .NET code
21. CLR ArchitectureCLR Architecture
Class LoaderClass Loader
IL to NativeIL to Native
JIT CompilerJIT Compiler
CodeCode
ManagerManager
GarbageGarbage
CollectorCollector
Security EngineSecurity Engine Debug EngineDebug Engine
Type CheckerType Checker Exception ManagerException Manager
Thread SupportThread Support COM MarshalerCOM Marshaler
Base Class Library SupportBase Class Library Support
23. Managed CodeManaged Code
CLR executed code is calledCLR executed code is called managed codemanaged code
Represents programming code in the low levelRepresents programming code in the low level
languagelanguage MSILMSIL (MS Intermediate Language)(MS Intermediate Language)
Contains metadataContains metadata
Description of classesDescription of classes,, interfacesinterfaces,, propertiesproperties,,
fieldsfields,, methodsmethods,, parameters, etc.parameters, etc.
ProgramsPrograms,, written in anywritten in any .NET language are.NET language are
Compiled to managed codeCompiled to managed code (MSIL)(MSIL)
Packaged as assemblies (Packaged as assemblies (.exe.exe oror ..dlldll files)files)
24. Managed CodeManaged Code (2)(2)
Object-orientedObject-oriented
SecureSecure
ReliableReliable
Protected fromProtected from irregularirregular use of typesuse of types ((type-safe)type-safe)
Allows integration between components andAllows integration between components and
data types of different programmingdata types of different programming
languageslanguages
Portable between different platformsPortable between different platforms
Windows, Linux, Max OS X, etc.Windows, Linux, Max OS X, etc.
25. Unmanaged (Win32) CodeUnmanaged (Win32) Code
No protection of memory and type-safetyNo protection of memory and type-safety
Reliability problemsReliability problems
Safety problemsSafety problems
Doesn’t contain metadataDoesn’t contain metadata
Needs additional overhead like (e.g. use COM)Needs additional overhead like (e.g. use COM)
Compiled to machine-dependent codeCompiled to machine-dependent code
Need of different versions for differentNeed of different versions for different
platformsplatforms
Hard to be ported to other platformsHard to be ported to other platforms
26. Memory ManagementMemory Management
CLR manages memory automaticallyCLR manages memory automatically
Dynamically loadedDynamically loaded objects are stored in theobjects are stored in the
managed heapmanaged heap
Unusable objects are automatically cleaned upUnusable objects are automatically cleaned up
by theby the garbage collectorgarbage collector
Some of the big problems are solvedSome of the big problems are solved
Memory leaksMemory leaks
Access to freed or unallocated memoryAccess to freed or unallocated memory
Objects are accessed through a referenceObjects are accessed through a reference
28. Intermediate LanguageIntermediate Language
((MSILMSIL,, ILIL,, CIL)CIL)
Low level languageLow level language ((machine languagemachine language)) for thefor the
.NET CLR.NET CLR
Has independent set of CPU instructionsHas independent set of CPU instructions
Loading and storing data, calling methodsLoading and storing data, calling methods
Arithmetic and logical operationsArithmetic and logical operations
Exception handlingException handling
Etc.Etc.
MSIL is converted to instructions for theMSIL is converted to instructions for the
current physical CPU by the JIT compilercurrent physical CPU by the JIT compiler
30. Compilation and ExecutionCompilation and Execution
CompilationCompilation
ExecutionExecution
JITJIT
compilercompiler
MachineMachine
codecode
MSILMSIL
CodeCode
MetadataMetadata
SourceSource
codecode
LanguageLanguage
compilercompiler
AssemblyAssembly
(.EXE or(.EXE or
.DLL file).DLL file)
When givenWhen given
method is calledmethod is called
for the first timefor the first time
Pre-compilationPre-compilation
during theduring the
install (NGEN)install (NGEN)
32. .NET Assemblies.NET Assemblies
.NET assemblies:.NET assemblies:
Self-containing .NET componentsSelf-containing .NET components
Stored in .DLL and .EXE filesStored in .DLL and .EXE files
Contain list of classes, types and resourcesContain list of classes, types and resources
Smallest deployment unit in CLRSmallest deployment unit in CLR
Have unique version numberHave unique version number
.NET deployment model.NET deployment model
No version conflicts (forget the "DLL hell")No version conflicts (forget the "DLL hell")
Supports side-by-side execution of differentSupports side-by-side execution of different
versions of the same assemblyversions of the same assembly
33. Metadata in the AssembliesMetadata in the Assemblies
Metadata in the .NET assembliesMetadata in the .NET assemblies
Data about data contained in the assemblyData about data contained in the assembly
Integral part of the assemblyIntegral part of the assembly
Generated by the .NET languages compilerGenerated by the .NET languages compiler
Describes all classes, their class members,Describes all classes, their class members,
versions, resources, etc.versions, resources, etc.
34. Metadata in AssembliesMetadata in Assemblies
Type DescriptionType Description
Assembly DescriptionAssembly Description
Classes, interfaces, inner types, base
classes, implemented interfaces,
member fields, properties, methods,
method parameters, return value,
attributes, etc.
Dependencies on other assembliesDependencies on other assemblies
SecuritySecurity permissionspermissions
Exported typesExported types
Dependencies on other assembliesDependencies on other assemblies
SecuritySecurity permissionspermissions
Exported typesExported types
[digital[digital
signature]signature]
[digital[digital
signature]signature]
NameName
VersionVersion
LocalizationLocalization
NameName
VersionVersion
LocalizationLocalization
35. ..NETNET ApplicationsApplications
Configurable executable .NET unitsConfigurable executable .NET units
Consist of one or more assembliesConsist of one or more assemblies
Installed by "copy / paste"Installed by "copy / paste"
No complex registration of componentsNo complex registration of components
Different applications use different versions ofDifferent applications use different versions of
common assembliescommon assemblies
No conflicts due to their "strong name"No conflicts due to their "strong name"
Easy installationEasy installation,, un-installation and updateun-installation and update
36. Common Type System (CTS)Common Type System (CTS)
CTS defines the CLRCTS defines the CLR supported types ofsupported types of
data and the operations over themdata and the operations over them
Ensures data level compatibility betweenEnsures data level compatibility between
different .NETdifferent .NET languageslanguages
E.g.E.g. stringstring inin C#C# is the same likeis the same like StringString inin
VB.NETVB.NET and inand in J#J#
Value types and reference typesValue types and reference types
All types derive fromAll types derive from System.ObjectSystem.Object
37. The .NET LanguagesThe .NET Languages
C#,VB.NET, C++, J#, etc.C#,VB.NET, C++, J#, etc.
38. ..NET LanguagesNET Languages
.NET languages by Microsoft.NET languages by Microsoft
C#, VB.NET, Managed C++, J#, F#,C#, VB.NET, Managed C++, J#, F#, JScriptJScript
.NET languages.NET languages by third partiesby third parties
Object Pascal, Perl, Python, COBOL, Haskell,Object Pascal, Perl, Python, COBOL, Haskell,
Oberon, Scheme, Smalltalk…Oberon, Scheme, Smalltalk…
Different languages can be mixed in a singleDifferent languages can be mixed in a single
applicationapplication
Cross-language inheritance of types andCross-language inheritance of types and
exception handlingexception handling
39. C# LanguageC# Language
C# is mixture between C++, Java and DelphiC# is mixture between C++, Java and Delphi
Fully object-oriented by designFully object-oriented by design
Component-oriented programming modelComponent-oriented programming model
ComponentsComponents,, properties and eventsproperties and events
No header files like C/C++No header files like C/C++
Suitable forSuitable for GUIGUI andand WebWeb applicationsapplications
XML based documentationXML based documentation
InIn C# all data types are objectsC# all data types are objects
Example:Example: 5.ToString()5.ToString() is a valid callis a valid call
40. C# Language – ExampleC# Language – Example
C# is standardized byC# is standardized by ECMA and ISOECMA and ISO
Example of C# program:Example of C# program:
using System;using System;
class NumbersFrom1to100class NumbersFrom1to100
{{
static void Main()static void Main()
{{
for (int i=1; i<=100; i++)for (int i=1; i<=100; i++)
{{
Console.WriteLine(i);Console.WriteLine(i);
}}
}}
}}
42. Framework Class Library (FCL)Framework Class Library (FCL)
Framework Class Library is the standardFramework Class Library is the standard
.NET Framework library of out-of-the-box.NET Framework library of out-of-the-box
reusable classes and components (APIs)reusable classes and components (APIs)
Base Class Library (BCL)Base Class Library (BCL)
ADO.NET, LINQ and XML (Data Tier)ADO.NET, LINQ and XML (Data Tier)
WCF and WWF (Communication and Workflow Tier)WCF and WWF (Communication and Workflow Tier)
ASP.NETASP.NET
Web Forms, MVC, AJAXWeb Forms, MVC, AJAX
Mobile Internet ToolkitMobile Internet Toolkit
WindowsWindows
FormsForms
WPFWPF SilverlightSilverlight
43. FCL NamespacesFCL Namespaces
ADO.NET, LINQ and XML (Data Tier)ADO.NET, LINQ and XML (Data Tier)
WCF and WWF (Communication and Workflow Tier)WCF and WWF (Communication and Workflow Tier)
ASP.NETASP.NET
Web Forms, MVC, AJAXWeb Forms, MVC, AJAX
Mobile Internet ToolkitMobile Internet Toolkit
WindowsWindows
FormsForms
WPF & SilverlightWPF & Silverlight
System.WebSystem.WebSystem.WebSystem.Web
System.Web.MvcSystem.Web.MvcSystem.Web.MvcSystem.Web.Mvc
System.WindowsSystem.Windows
.Forms.Forms
System.WindowsSystem.Windows
.Forms.Forms
System.DrawingSystem.DrawingSystem.DrawingSystem.Drawing
System.WindowsSystem.WindowsSystem.WindowsSystem.Windows
System.Windows.MediaSystem.Windows.MediaSystem.Windows.MediaSystem.Windows.Media
System.Windows.MarkupSystem.Windows.MarkupSystem.Windows.MarkupSystem.Windows.Markup
System.ServiceModelSystem.ServiceModelSystem.ServiceModelSystem.ServiceModel System.ActivitiesSystem.ActivitiesSystem.ActivitiesSystem.Activities System.WorkflowSystem.WorkflowSystem.WorkflowSystem.Workflow
System.DataSystem.DataSystem.DataSystem.Data System.LinqSystem.LinqSystem.LinqSystem.Linq
System.Data.LinqSystem.Data.LinqSystem.Data.LinqSystem.Data.Linq
System.XmlSystem.XmlSystem.XmlSystem.Xml
System.Xml.LinqSystem.Xml.LinqSystem.Xml.LinqSystem.Xml.Linq System.Data.EntitySystem.Data.EntitySystem.Data.EntitySystem.Data.Entity
44. Visual Studio IDEVisual Studio IDE
Powerful Development Environment for .NETPowerful Development Environment for .NET
45. Visual StudioVisual Studio
Visual Studio is powerful IntegratedVisual Studio is powerful Integrated
Development Environment (IDE) for .NETDevelopment Environment (IDE) for .NET
DevelopersDevelopers
Create, edit, compile and run .NET applicationsCreate, edit, compile and run .NET applications
Different languagesDifferent languages –– C#, CC#, C++,++, VB.NET,VB.NET, J#, …J#, …
FlexibleFlexible code editorcode editor
PowerfulPowerful debuggerdebugger
Integrated with SQL ServerIntegrated with SQL Server andand IISIIS
Strong support of Web services, WCF and WWFStrong support of Web services, WCF and WWF
46. Visual StudioVisual Studio (2)(2)
Visual programmingVisual programming
Component-orientedComponent-oriented,, event basedevent based
Managed and unmanaged codeManaged and unmanaged code
Helpful wizards and editorsHelpful wizards and editors
Windows Forms DesignerWindows Forms Designer
WCF / Silverlight DesignerWCF / Silverlight Designer
ASP.NET Web Forms DesignerASP.NET Web Forms Designer
ADO.NET / LINQ-to-SQL / XML Data DesignerADO.NET / LINQ-to-SQL / XML Data Designer
Many third party extensionsMany third party extensions
Metadata
Information about program structure is language-agnostic, so that it can be referenced between languages and tools, making it easy to work with code written in a language you are not using.
.NET metadata, in the Microsoft .NET framework, refers to code that describes .NET CIL (Common Intermediate Language) code. A .NET language compiler will generate the metadata and store this in the assembly containing the CIL. Metadata describes all classes and class members that are defined in the assembly, and the classes and class members that the current assembly will call from another assembly. The metadata for a method contains the complete description of the method, including the class (and the assembly that contains the class), the return type and all of the method parameters. When the CLR executes CIL it will check to make sure that the metadata of the called method is the same as the metadata that is stored in the calling method. This ensures that a method can only be called with exactly the right number of parameters and exactly the right parameter types.