PDK for .NET Security Guide

Portal Development Kit for Microsoft. NET (PDK for .NET). is a set of tools that enable Microsoft Visual Studio .NET developers to build portal components for SAP NetWeaver Portal. Using PDK for .NET enables organizations with existing investments in Microsoft .NET technology to leverage their developers’ skills and take advantage of the SAP NetWeaver technology.

Why Is Security Necessary?

With the increasing use of distributed systems and the Internet for managing business data, the demands on security are also on the rise. When using a distributed system, you need to be sure that your data and processes support your business needs without allowing unauthorized access to critical information. User errors, negligence, or attempted manipulation on your system should not result in loss of information or processing time. These demands on security apply likewise to PDK for .NET.

To assist you in securing PDK for .NET, we provide this document.

About this Document

This guide provides an overview of the security aspects that apply to PDK for .NET, operating in conjunction with SAP NetWeaver Portal.The information in this guide applies to versions 2.0 and 2.5 of PDK for .NET.

Overview of the Main Sections

The Security Guide includes the following main sections:

·        Before You Start

This section contains information about why security is necessary, how to use this document and references to other Security Guides that build the foundation for this Security Guide.

·        Technical System Landscape

This section provides an overview of the technical components and communication paths that are used by PDK for .NET.

·        Authorizations

This section provides an overview of the authorization concept that applies to PDK for .NET and explains how user authentication and authorization are accomplished when connecting to SAP NetWeaver Portal.

·        Network and Communication Security

This section provides an overview of the communication paths used by PDK for .NET and the security mechanisms that apply. It also includes our recommendations for the network topology to restrict access at the network level.

·        Trace and Log Files

This section provides an overview of the trace and log files that contain security-relevant information, for example, so you can reproduce activities if a security breach does occur.