http://blogs.msdn.com/alikl/archive/tags/Authorization/default.aspxTags: Authorizationen-USCommunityServer 2.1 SP1 (Build: 61025.2)http://blogs.msdn.com/alikl/archive/2008/07/24/security-code-review-string-search-patterns-for-authorization-vulnerabilities.aspxThu, 24 Jul 2008 22:53:10 GMT91d46819-8472-40ad-a661-2c78acb4018c:8769967alikl1http://blogs.msdn.com/alikl/comments/8769967.aspxhttp://blogs.msdn.com/alikl/commentrss.aspx?PostID=8769967http://blogs.msdn.com/alikl/rsscomments.aspx?PostID=8769967<p>These are the <a href="http://msdn.microsoft.com/en-us/library/ms998375.aspx" target="_blank">questions</a> and the search criteria I use to identify authorization vulnerabilities in the code beyond web.config &lt;authorization&gt; node.</p> <ul> <li><strong>How does the code protect access to page classes?</strong> </li> </ul> <p><strong>Attributes</strong></p> <p>Search for PrincipalPermission attributes. If there is no match, the code does not perform standard authorization checks.</p> <p>findstr /S /I &quot;PrincipalPermission&quot; *.cs</p> <p><strong>Empirical checks</strong></p> <p>Search for empirical IsInRole calls. If there is no match, the code does not perform standard authorization checks.</p> <p>findstr /S /I &quot;IsInRole&quot; *.cs</p> <p><strong>Rolemanager</strong></p> <p>Search for empirical IsUserInRole calls for Rolemanager API. If there is no match, the code does not perform standard authorization checks.</p> <p>findstr /S /I &quot;IsUserInRole&quot; *.cs</p> <ul> <li><strong>Does the code use Server.Transfer?</strong> </li> </ul> <p>When the code uses Server.Transfer it may improve performance but potentially it may pose a threat of elevation of privileges, more info is here <a href="http://blogs.msdn.com/alikl/archive/2007/03/27/performance-gain-security-risk.aspx" target="_blank">Performance Gain - Security Risk</a></p> <p>findstr /S /I &quot;Transfer&quot; *.cs</p> <h3>Related posts</h3> <p></p> <p></p> <p></p> <p></p> <p></p> <p></p> <p></p> <ul> <li><a href="http://blogs.msdn.com/alikl/archive/2008/07/11/security-code-review-string-search-patterns-for-finding-input-validation-vulnerabilities.aspx">Security Code Review – String Search Patterns For Finding Input Validation Vulnerabilities</a></li> <li><a href="http://blogs.msdn.com/alikl/archive/2008/07/21/security-code-review-string-search-patterns-for-authentication-vulnerabilities.aspx">Security Code Review – String Search Patterns For Authentication Vulnerabilities</a></li> <li><a href="http://blogs.msdn.com/alikl/archive/2007/05/30/soa-strong-authentication-standard-authorization-cool-solution.aspx">SOA, Strong Authentication, Standard Authorization - Cool Solution</a> </li> <li><a href="http://blogs.msdn.com/alikl/archive/2007/04/11/authentication-hub.aspx" target="_blank">Authentication Hub</a> </li> </ul><img src="http://blogs.msdn.com/aggbug.aspx?PostID=8769967" width="1" height="1">Test PhaseSecurityAuthorization