By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
458,089 Members | 1,039 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 458,089 IT Pros & Developers. It's quick & easy.

How to specify security access for assembly running in ASP.NET

P: n/a
How to specify security access for assembly running in ASP.NET?

FxCop requests it always and I always ignore it. I am thinking that this is
good thing to know how to do.

I usually need the same rights that asp.net process has. The dll needs to
write some files under directory - usually but some times not.

Thank

Shimon
Mar 1 '06 #1
Share this Question
Share on Google+
1 Reply


P: n/a
Hi Shimon,

Welcome to the MSDN newsgroup.

As for the security access setting for .net assembly in ASP.NET web
application, it is divided into two parts:

1. By default, the .NET Code Access security (CAS) setting for ASP.NET
application is at "Full" trust level, so there is not limit for .net
security restriction on the managed code executing in ASP.NET applcation.
What we need to take care of is the raw windows OS level security. This
concern with the ASP.NET's process identity (or the impersonated account)
with those protected resource our ASP.NET application will access(such as
eventlog, registry, filesystem....).

2. Also, we can apply .net's code access security setting (policy) for the
code, assembly in our ASP.NET web application. This security is configured
and checked within the .net managed runtime, independent of the operating
system's security. Here are some msdn reference on applying .net CAS to
ASP.NET web application:

#Chapter 9 C Using Code Access Security with ASP.NET
http://msdn.microsoft.com/library/de...us/dnnetsec/ht
ml/THCMCh09.asp

#How To: Use Code Access Security in ASP.NET 2.0
http://msdn.microsoft.com/library/de...us/dnpag2/html
/paght000017.asp

Hope this helps.

Regards,

Steven Cheng
Microsoft Online Support

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)



Mar 2 '06 #2

This discussion thread is closed

Replies have been disabled for this discussion.