FxCop App Security

Velvet

I ran FxCop on one of the components for my web site and the security rules
what me to add "[assembly: Security Permission()] tags like the ones listed
below:

[assembly: SecurityPermission(SecurityAction.RequestMinimum, Execution =
true)]

[assembly: PermissionSet(SecurityAction.RequestOptional, Name = "Nothing")]
This breaks my ASP.NET application. So my question is, what should these
tags be when used in a .NET application? I haven't found much information
on this so if I could get more info on it in relation to ASP.NET that would
be great.

thanks,
Velvet

Jan 5 '06 #1

Subscribe Post Reply

2229

Steven Cheng[MSFT]

Hi velvet,

Welcome to MSDN newsgroup.
As for the security related warning you get when using fxcop to validate
your assembly, they're just some best practice for develping .net
application. .NET use Code Access Security to restrict and validate our
code's permission. For the two attributres you mentioend:

[assembly: SecurityPermission(SecurityAction.RequestMinimum, Execution =
true)]
=====================
This is used to indicate the minimum permissions your assembly require...
This can help the end user or administrator to get how much permission they
need to grant to your assembly.... through .NET CAS policy
[assembly: PermissionSet(SecurityAction.RequestOptional, Name = "Nothing")]
========================
The SecurityAction.RequestOptional flag allows you to request a set of
permissions while refusing all other permissions the runtime otherwise
might have been willing to give. By contrast, the RequestRefuse flag allows
you to refuse permissions by explicitly specifying which ones your code
should not be granted.

And here are some other msdn reference discussing on .net CAS:

#An Overview of Security in the .NET Framework
http://msdn.microsoft.com/library/en...secover.asp?fr
ame=true

#Programming .NET Code Access Security
http://msdn.microsoft.com/library/en...1.asp?frame=tr
ue

http://msdn.microsoft.com/msdnmag/is...ity/default.as
px?side=true#a

Hope helps. Thanks,

Steven Cheng
Microsoft Online Support

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)

--------------------
| From: "Velvet" <ve****@newsgroups.nospam>
| Subject: FxCop App Security
| Date: Thu, 5 Jan 2006 10:31:57 -0800
| Lines: 19
| X-Priority: 3
| X-MSMail-Priority: Normal
| X-Newsreader: Microsoft Outlook Express 6.00.2900.2527
| X-RFC2646: Format=Flowed; Original
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2527
| Message-ID: <ev*************@TK2MSFTNGP09.phx.gbl>
| Newsgroups: microsoft.public.dotnet.framework.aspnet
| NNTP-Posting-Host: c-67-182-150-8.hsd1.wa.comcast.net 67.182.150.8
| Path: TK2MSFTNGXA02.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFT NGP09.phx.gbl
| Xref: TK2MSFTNGXA02.phx.gbl
microsoft.public.dotnet.framework.aspnet:368825
| X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet
|
| I ran FxCop on one of the components for my web site and the security
rules
| what me to add "[assembly: Security Permission()] tags like the ones
listed
| below:
|
| [assembly: SecurityPermission(SecurityAction.RequestMinimum, Execution =
| true)]
|
| [assembly: PermissionSet(SecurityAction.RequestOptional, Name =
"Nothing")]
|
|
| This breaks my ASP.NET application. So my question is, what should these
| tags be when used in a .NET application? I haven't found much
information
| on this so if I could get more info on it in relation to ASP.NET that
would
| be great.
|
| thanks,
| Velvet
|
|
|

Jan 6 '06 #2

Velvet

The problem is, this applies to normal .NET apps and not ASP.NET apps. I
need ASP specific information as this need to be executed on the web server.

I have run some searches on the subject but haven't found any useful
information on what security settings should be used when running the app on
the web server.

Velvet

"Steven Cheng[MSFT]" <st*****@online.microsoft.com> wrote in message
news:s%****************@TK2MSFTNGXA02.phx.gbl...

Hi velvet,

Welcome to MSDN newsgroup.
As for the security related warning you get when using fxcop to validate
your assembly, they're just some best practice for develping .net
application. .NET use Code Access Security to restrict and validate our
code's permission. For the two attributres you mentioend:

[assembly: SecurityPermission(SecurityAction.RequestMinimum, Execution =
true)]
=====================
This is used to indicate the minimum permissions your assembly require...
This can help the end user or administrator to get how much permission
they
need to grant to your assembly.... through .NET CAS policy
[assembly: PermissionSet(SecurityAction.RequestOptional, Name =
"Nothing")]
========================
The SecurityAction.RequestOptional flag allows you to request a set of
permissions while refusing all other permissions the runtime otherwise
might have been willing to give. By contrast, the RequestRefuse flag
allows
you to refuse permissions by explicitly specifying which ones your code
should not be granted.

And here are some other msdn reference discussing on .net CAS:

#An Overview of Security in the .NET Framework
http://msdn.microsoft.com/library/en...secover.asp?fr
ame=true

#Programming .NET Code Access Security
http://msdn.microsoft.com/library/en...1.asp?frame=tr
ue

http://msdn.microsoft.com/msdnmag/is...ity/default.as
px?side=true#a

Hope helps. Thanks,

Steven Cheng
Microsoft Online Support

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)

--------------------
| From: "Velvet" <ve****@newsgroups.nospam>
| Subject: FxCop App Security
| Date: Thu, 5 Jan 2006 10:31:57 -0800
| Lines: 19
| X-Priority: 3
| X-MSMail-Priority: Normal
| X-Newsreader: Microsoft Outlook Express 6.00.2900.2527
| X-RFC2646: Format=Flowed; Original
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2527
| Message-ID: <ev*************@TK2MSFTNGP09.phx.gbl>
| Newsgroups: microsoft.public.dotnet.framework.aspnet
| NNTP-Posting-Host: c-67-182-150-8.hsd1.wa.comcast.net 67.182.150.8
| Path: TK2MSFTNGXA02.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFT NGP09.phx.gbl
| Xref: TK2MSFTNGXA02.phx.gbl
microsoft.public.dotnet.framework.aspnet:368825
| X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet
|
| I ran FxCop on one of the components for my web site and the security
rules
| what me to add "[assembly: Security Permission()] tags like the ones
listed
| below:
|
| [assembly: SecurityPermission(SecurityAction.RequestMinimum, Execution =
| true)]
|
| [assembly: PermissionSet(SecurityAction.RequestOptional, Name =
"Nothing")]
|
|
| This breaks my ASP.NET application. So my question is, what should
these
| tags be when used in a .NET application? I haven't found much
information
| on this so if I could get more info on it in relation to ASP.NET that
would
| be great.
|
| thanks,
| Velvet
|
|
|

Jan 18 '06 #3

Steven Cheng[MSFT]

Jan 19 '06 #4

by: Chua Wen Ching | last post by:

I had use fxcop to check my code. I had 1 confusion here. I would normally call a method by this way in my IAnimal: Example: public void CallFuncA(ushort port); But fxcop says i need to...

C# / C Sharp

how to enable fxcop

by: Rasmus | last post by:

I VS 2005 beta 2 i have a solution with - a number of classes - a website - a httphandler - a http module I want to run fxcop on my class files - but cant find out how to enable it. I've...

C# / C Sharp

Security Warnings From FXCop - CA2122 & CA2123

by: orekinbck | last post by:

Hi There I am inheriting from DateTimePicker class to create a DateTimePicker control with a configurable back colour. I got the original code from http://dotnet.mvps.org/ then converted it to...

C# / C Sharp

FxCop rookie question

by: hansiman | last post by:

Just beginning using FxCop in my asp.net projects... I get a lot of error messages under the header: AvoidUnusedParameters for funtions and routines lik: Sub isUserAuthenticated(ByVal...

ASP.NET

FxCop Error on command button

by: Eric Sabine | last post by:

I'm running FX Cop on my assembly and on a form, tons of my labels and buttons are being flagged with this error. I don't really get the error and what I am supposed to do to resolve the error. I...

Visual Basic .NET

C++/CLI C++ Interop and FxCop/Code-Analysis warning CA2122

by: Peter Ritchie [C# MVP] | last post by:

I've purposely been ignoring a CA2122 warning in some C++ interop code I've been working on for quite some time. I've just recently had the cycles to investigate the warning. The warning message...

.NET Framework

Do not indirectly expose methods FxCop Error

by: John Wright | last post by:

I ran FxCop against a program and was pleased with the security review except I get the following error: Do not indirectly expose methods How would I fix this code so this error goes away. I...

Visual Basic .NET

Please Explain me FXCop warning

by: husainmdk | last post by:

please tell me with example what is meant by this violation Cause An inheritable public type provides an overridable method implementation of an internal (Friend in Visual Basic) interface....

.NET Framework

FxCop - Excluded rules

by: Dansk | last post by:

Hi all, We are running FxCop on our projects, and we allow people to supress FxCop warnings thanks to attributes like I need to track which rules were removed and why. Is there w away to...

C# / C Sharp

Migrating Website to Cloud - Emmanuel Katto

by: emmanuelkatto | last post by:

Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud. Please let me know. Thanks! Emmanuel

General

Navigating the Data Structures and Algorithms (DSA)

by: BarryA | last post by:

What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...

Algorithms / Advanced Math

Looking to do Android software development, any suggestions? Is flutter better?

by: nemocccc | last post by:

hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?

General

Is that possible of reading the .csv file in column wise and the column have different lengths ?

by: Sonnysonu | last post by:

This is the data of csv file 1 2 3 1 2 3 1 2 3 1 2 3 2 3 2 3 3 the lengths should be different i have to store the data by column-wise with in the specific length. suppose the i have to...

C / C++

How to build RAID in BIOS?

by: Hystou | last post by:

There are some requirements for setting up RAID: 1. The motherboard and BIOS support RAID configuration. 2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...

Computer Hardware

What is ONU?

by: marktang | last post by:

ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...

General

Discussion: How does Zigbee compare with other wireless protocols in smart home applications?

by: tracyyun | last post by:

Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each...

General

AI Job Threat for Devs

by: agi2029 | last post by:

Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing,...

Career Advice

Access Europe - Using VBA to create a class based on a table - Wed 1 May

by: isladogs | last post by:

The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome a new...

Microsoft Access / VBA

FxCop App Security

Similar topics