By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
424,665 Members | 1,382 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 424,665 IT Pros & Developers. It's quick & easy.

FxCop App Security

P: n/a
I ran FxCop on one of the components for my web site and the security rules
what me to add "[assembly: Security Permission()] tags like the ones listed
below:

[assembly: SecurityPermission(SecurityAction.RequestMinimum, Execution =
true)]

[assembly: PermissionSet(SecurityAction.RequestOptional, Name = "Nothing")]
This breaks my ASP.NET application. So my question is, what should these
tags be when used in a .NET application? I haven't found much information
on this so if I could get more info on it in relation to ASP.NET that would
be great.

thanks,
Velvet
Jan 5 '06 #1
Share this Question
Share on Google+
3 Replies


P: n/a
Hi velvet,

Welcome to MSDN newsgroup.
As for the security related warning you get when using fxcop to validate
your assembly, they're just some best practice for develping .net
application. .NET use Code Access Security to restrict and validate our
code's permission. For the two attributres you mentioend:

[assembly: SecurityPermission(SecurityAction.RequestMinimum, Execution =
true)]
=====================
This is used to indicate the minimum permissions your assembly require...
This can help the end user or administrator to get how much permission they
need to grant to your assembly.... through .NET CAS policy
[assembly: PermissionSet(SecurityAction.RequestOptional, Name = "Nothing")]
========================
The SecurityAction.RequestOptional flag allows you to request a set of
permissions while refusing all other permissions the runtime otherwise
might have been willing to give. By contrast, the RequestRefuse flag allows
you to refuse permissions by explicitly specifying which ones your code
should not be granted.

And here are some other msdn reference discussing on .net CAS:

#An Overview of Security in the .NET Framework
http://msdn.microsoft.com/library/en...secover.asp?fr
ame=true

#Programming .NET Code Access Security
http://msdn.microsoft.com/library/en...1.asp?frame=tr
ue

http://msdn.microsoft.com/msdnmag/is...ity/default.as
px?side=true#a

Hope helps. Thanks,

Steven Cheng
Microsoft Online Support

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)

--------------------
| From: "Velvet" <ve****@newsgroups.nospam>
| Subject: FxCop App Security
| Date: Thu, 5 Jan 2006 10:31:57 -0800
| Lines: 19
| X-Priority: 3
| X-MSMail-Priority: Normal
| X-Newsreader: Microsoft Outlook Express 6.00.2900.2527
| X-RFC2646: Format=Flowed; Original
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2527
| Message-ID: <ev*************@TK2MSFTNGP09.phx.gbl>
| Newsgroups: microsoft.public.dotnet.framework.aspnet
| NNTP-Posting-Host: c-67-182-150-8.hsd1.wa.comcast.net 67.182.150.8
| Path: TK2MSFTNGXA02.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFT NGP09.phx.gbl
| Xref: TK2MSFTNGXA02.phx.gbl
microsoft.public.dotnet.framework.aspnet:368825
| X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet
|
| I ran FxCop on one of the components for my web site and the security
rules
| what me to add "[assembly: Security Permission()] tags like the ones
listed
| below:
|
| [assembly: SecurityPermission(SecurityAction.RequestMinimum, Execution =
| true)]
|
| [assembly: PermissionSet(SecurityAction.RequestOptional, Name =
"Nothing")]
|
|
| This breaks my ASP.NET application. So my question is, what should these
| tags be when used in a .NET application? I haven't found much
information
| on this so if I could get more info on it in relation to ASP.NET that
would
| be great.
|
| thanks,
| Velvet
|
|
|

Jan 6 '06 #2

P: n/a
The problem is, this applies to normal .NET apps and not ASP.NET apps. I
need ASP specific information as this need to be executed on the web server.

I have run some searches on the subject but haven't found any useful
information on what security settings should be used when running the app on
the web server.

Velvet

"Steven Cheng[MSFT]" <st*****@online.microsoft.com> wrote in message
news:s%****************@TK2MSFTNGXA02.phx.gbl...
Hi velvet,

Welcome to MSDN newsgroup.
As for the security related warning you get when using fxcop to validate
your assembly, they're just some best practice for develping .net
application. .NET use Code Access Security to restrict and validate our
code's permission. For the two attributres you mentioend:

[assembly: SecurityPermission(SecurityAction.RequestMinimum, Execution =
true)]
=====================
This is used to indicate the minimum permissions your assembly require...
This can help the end user or administrator to get how much permission
they
need to grant to your assembly.... through .NET CAS policy
[assembly: PermissionSet(SecurityAction.RequestOptional, Name =
"Nothing")]
========================
The SecurityAction.RequestOptional flag allows you to request a set of
permissions while refusing all other permissions the runtime otherwise
might have been willing to give. By contrast, the RequestRefuse flag
allows
you to refuse permissions by explicitly specifying which ones your code
should not be granted.

And here are some other msdn reference discussing on .net CAS:

#An Overview of Security in the .NET Framework
http://msdn.microsoft.com/library/en...secover.asp?fr
ame=true

#Programming .NET Code Access Security
http://msdn.microsoft.com/library/en...1.asp?frame=tr
ue

http://msdn.microsoft.com/msdnmag/is...ity/default.as
px?side=true#a

Hope helps. Thanks,

Steven Cheng
Microsoft Online Support

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)

--------------------
| From: "Velvet" <ve****@newsgroups.nospam>
| Subject: FxCop App Security
| Date: Thu, 5 Jan 2006 10:31:57 -0800
| Lines: 19
| X-Priority: 3
| X-MSMail-Priority: Normal
| X-Newsreader: Microsoft Outlook Express 6.00.2900.2527
| X-RFC2646: Format=Flowed; Original
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2527
| Message-ID: <ev*************@TK2MSFTNGP09.phx.gbl>
| Newsgroups: microsoft.public.dotnet.framework.aspnet
| NNTP-Posting-Host: c-67-182-150-8.hsd1.wa.comcast.net 67.182.150.8
| Path: TK2MSFTNGXA02.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFT NGP09.phx.gbl
| Xref: TK2MSFTNGXA02.phx.gbl
microsoft.public.dotnet.framework.aspnet:368825
| X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet
|
| I ran FxCop on one of the components for my web site and the security
rules
| what me to add "[assembly: Security Permission()] tags like the ones
listed
| below:
|
| [assembly: SecurityPermission(SecurityAction.RequestMinimum, Execution =
| true)]
|
| [assembly: PermissionSet(SecurityAction.RequestOptional, Name =
"Nothing")]
|
|
| This breaks my ASP.NET application. So my question is, what should
these
| tags be when used in a .NET application? I haven't found much
information
| on this so if I could get more info on it in relation to ASP.NET that
would
| be great.
|
| thanks,
| Velvet
|
|
|

Jan 18 '06 #3

P: n/a
Thanks for your response Velvet,

yes, the FxCop is surely applying to all .net code, not specify to ASP.NET,
so it'll apparently display all the warnings or errors if you includes that
certain rules.....

And if you're focus on ASP.NET specific .NET CODE Access security, you may
have a look at the ASP.NET Trust Level setting which control the ASP.NET
application's .net code access security:

#trustLevel Element for securityPolicy (ASP.NET Settings Schema)
http://msdn2.microsoft.com/en-us/library/as399f0x.aspx

Here are some further reference on ASP.NET CAS:

#Chapter 9 C Using Code Access Security with ASP.NET
http://msdn.microsoft.com/library/en....asp?frame=tru
e

#How To: Use Code Access Security in ASP.NET 2.0
http://msdn.microsoft.com/library/en...7.asp?frame=tr
ue

Hope helps. Thanks,

Steven Cheng
Microsoft Online Support

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)

--------------------
| From: "Velvet" <ve****@newsgroups.nospam>
| References: <ev*************@TK2MSFTNGP09.phx.gbl>
<s#**************@TK2MSFTNGXA02.phx.gbl>
| Subject: Re: FxCop App Security
| Date: Wed, 18 Jan 2006 13:57:36 -0800
| Lines: 107
| X-Priority: 3
| X-MSMail-Priority: Normal
| X-Newsreader: Microsoft Outlook Express 6.00.2900.2527
| X-RFC2646: Format=Flowed; Original
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2527
| Message-ID: <#8**************@TK2MSFTNGP10.phx.gbl>
| Newsgroups: microsoft.public.dotnet.framework.aspnet
| NNTP-Posting-Host: c-67-182-150-8.hsd1.wa.comcast.net 67.182.150.8
| Path: TK2MSFTNGXA02.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFT NGP10.phx.gbl
| Xref: TK2MSFTNGXA02.phx.gbl
microsoft.public.dotnet.framework.aspnet:371900
| X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet
|
| The problem is, this applies to normal .NET apps and not ASP.NET apps. I
| need ASP specific information as this need to be executed on the web
server.
|
| I have run some searches on the subject but haven't found any useful
| information on what security settings should be used when running the app
on
| the web server.
|
| Velvet
|
| "Steven Cheng[MSFT]" <st*****@online.microsoft.com> wrote in message
| news:s%****************@TK2MSFTNGXA02.phx.gbl...
| > Hi velvet,
| >
| > Welcome to MSDN newsgroup.
| > As for the security related warning you get when using fxcop to validate
| > your assembly, they're just some best practice for develping .net
| > application. .NET use Code Access Security to restrict and validate our
| > code's permission. For the two attributres you mentioend:
| >
| > [assembly: SecurityPermission(SecurityAction.RequestMinimum, Execution =
| > true)]
| > =====================
| > This is used to indicate the minimum permissions your assembly
require...
| > This can help the end user or administrator to get how much permission
| > they
| > need to grant to your assembly.... through .NET CAS policy
| >
| >
| > [assembly: PermissionSet(SecurityAction.RequestOptional, Name =
| > "Nothing")]
| > ========================
| > The SecurityAction.RequestOptional flag allows you to request a set of
| > permissions while refusing all other permissions the runtime otherwise
| > might have been willing to give. By contrast, the RequestRefuse flag
| > allows
| > you to refuse permissions by explicitly specifying which ones your code
| > should not be granted.
| >
| > And here are some other msdn reference discussing on .net CAS:
| >
| > #An Overview of Security in the .NET Framework
| >
http://msdn.microsoft.com/library/en...secover.asp?fr
| > ame=true
| >
| > #Programming .NET Code Access Security
| >
http://msdn.microsoft.com/library/en...1.asp?frame=tr
| > ue
| >
| >
http://msdn.microsoft.com/msdnmag/is...ity/default.as
| > px?side=true#a
| >
| > Hope helps. Thanks,
| >
| > Steven Cheng
| > Microsoft Online Support
| >
| > Get Secure! www.microsoft.com/security
| > (This posting is provided "AS IS", with no warranties, and confers no
| > rights.)
| >
| > --------------------
| > | From: "Velvet" <ve****@newsgroups.nospam>
| > | Subject: FxCop App Security
| > | Date: Thu, 5 Jan 2006 10:31:57 -0800
| > | Lines: 19
| > | X-Priority: 3
| > | X-MSMail-Priority: Normal
| > | X-Newsreader: Microsoft Outlook Express 6.00.2900.2527
| > | X-RFC2646: Format=Flowed; Original
| > | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2527
| > | Message-ID: <ev*************@TK2MSFTNGP09.phx.gbl>
| > | Newsgroups: microsoft.public.dotnet.framework.aspnet
| > | NNTP-Posting-Host: c-67-182-150-8.hsd1.wa.comcast.net 67.182.150.8
| > | Path: TK2MSFTNGXA02.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFT NGP09.phx.gbl
| > | Xref: TK2MSFTNGXA02.phx.gbl
| > microsoft.public.dotnet.framework.aspnet:368825
| > | X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet
| > |
| > | I ran FxCop on one of the components for my web site and the security
| > rules
| > | what me to add "[assembly: Security Permission()] tags like the ones
| > listed
| > | below:
| > |
| > | [assembly: SecurityPermission(SecurityAction.RequestMinimum,
Execution =
| > | true)]
| > |
| > | [assembly: PermissionSet(SecurityAction.RequestOptional, Name =
| > "Nothing")]
| > |
| > |
| > | This breaks my ASP.NET application. So my question is, what should
| > these
| > | tags be when used in a .NET application? I haven't found much
| > information
| > | on this so if I could get more info on it in relation to ASP.NET that
| > would
| > | be great.
| > |
| > | thanks,
| > | Velvet
| > |
| > |
| > |
| >
|
|
|

Jan 19 '06 #4

This discussion thread is closed

Replies have been disabled for this discussion.