Could someone who has active experience of assigning Security Policys please
clarify my follow comments...
Having gone through the MSDN documentation on this subject, my condensed
version of the way the security code permissions works is thus :-
1. An Assembly will be mapped to one or more Code Groups based upon the
membership conditions specified within each code group.
2. When an assembly belongs to multiple code groups, permissions assigned by
one code group can be overridden (increased) by permissions assigned by
another code group when they are both part of the same Policy level.
3. Code groups from a lower policy level cannot override (increase)
permissions set by an upper level (apart from when the permission hasnt yet
been set) *but* can reduce them.
4. The user policy level code groups cannot grant additional permissions to
an assembly *but* can only reduce them further.
5. When the Exclusive attribute is used on a code group, the code group will
become the only one within that policy level to apply permissions, although
the further policy levels code groups will be evaluated. When an application
belongs to more than one Exclusive code group it will not be run.
6. When the Level Final attribute is used on a code group, no other policy
levels code groups are evaluated *although* the current policy levels code
groups will.
7. When Level Final and Exclusive are used together then the codegroup on
that level will be the only one that will apply to the application through
all policy levels.
Couple of points.
a. Firstly is there any reason that the code groups are / can be nested,
from what I can see the answer is no -although I am assuming that it allows
for a more specific targetting of conditions.
b. Since the default Enterprise code group is All_Code -Full Trust and
changing it could effectly cause problems with the framework, I assume this
is left alone. Because this code group would override any additional code
groups within this policy, I am assuming that all Enterprise level code
groups should be marked as Exclusive.
c. Does Caspol utility expose any additional functionality than mscorcfg
utility (apart from the ability to do scripted config)?
Thanks in advance
--
Br,
Mark Broadbent
mcdba , mcse+i
=============
0  1435  This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics | |
by: Olaf Baeyens |
last post by:
Can someone out there point me to a URL or other reference how to use these
security stuff in .NET?
I know everything can be found online on the msdn but since I am new to this
security stuff, I have a very hard time to find the correct page in the
zillions of abstract pages talking about this topic.
One of the problems is this:
I can find information about FileIOPermission here:
|
by: Angelos Karantzalis |
last post by:
Is there a way to set Permissions based on user roles by using some
configuration file for my application ?
I'm coming from a Java background, where that could very easily be
accomplished but although I've searched around MSDN I can't find a clear
answer to this ...
Thanks a lot guys,
Angel
|
by: Namratha Shah \(Nasha\) |
last post by:
Hey Guys,
Before we start with our sample app we need to view the security
configuration files on the machine. You will find them under
<drive>\WInNT\Microsoft.NET\FrameWork\<version>\Config
Enterprise Level Security configuration file is :- enterprise.config
Machine Level Security configuration file is :- security.config
|
by: web1110 |
last post by:
Hi,
I set up my wifes machine to run .NET, some of my stuff runs but not all.
First example:
I have a windows program that displays environment info. It runs fine on my
machine. Whan I run it on my wifes' machine over the network it fails on
the statement:
|
by: Namratha Shah \(Nasha\) |
last post by:
Hey Guys,
Today we are going to look at Code Access Security.
Code access security is a feature of .NET that manages code depending on its
trust level. If the CLS trusts the code enough to allow it ro run then it
will execute, the code execution depends on the permission provided to the
assembly. If the code is not trusted wnough to run or it attempts to perform
an action which doe not have the required permissions then its execution...
| | |
by: Marina |
last post by:
Hi,
I am trying to find the minimum security settings to allow a windows control
embedded in IE have full trust.
If I give the entire Intranet zone full trust, this works. However, this is
very broad and gives the entire zone high privleges.
I tried giving just the assembly full trust (using the full URL for the
DLL), but this doesn't seem to work.
|
by: Diego F. |
last post by:
I think I'll never come across that error. It happens when running code from
a DLL that tries to write to disk. I added permissions in the project
folder, the wwwroot and in IIS to NETWORK_SERVICE and Everyone, with Full
Control to see if it's a permissions problem.
The project is hosted in a Windows 2003 Server and developed from PCs in a
domain, developing with Visual Studio 2005 Beta 1.
--
Regards,
|
by: Norsoft |
last post by:
I have a .Net 1.1 application which is downloaded into an aspx page. It is a
dll which inherits from System.Windows.Forms.UserControl. It works fine on a
PC with only the 1.1 Framework. However, the control will not load on a PC
with the 2.0 Framework installed. I know that IE will use the newest
framework so I assume it is a security issue.
At the assembly level I apply the following attributes;
|
by: John Kotuby |
last post by:
Hello all,
Note: This is the full version of a Post that I inadvertently sent before it
was complete.
About a year ago I wrote a VB.NET 2003 solution that consists of a number
of assemblies (1 EXE and 15 DLLS). As I recall, in order to deploy the
solution to a testing server I simply copied the contents of the Bin folder
in the development area where the compiled assemblies reside. Be patient
with me here, because I haven't used...
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it.
First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed.
This is as boiled down as I can make it.
Here is my compilation command:
g++-12 -std=c++20 -Wnarrowing bit_field.cpp
Here is the code in...
| | |
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth.
The Art of Business Website Design
Your website is...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own....
Now, this would greatly impact the work of software developers. The idea...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules.
He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms.
Adolph will...
|
by: conductexam |
last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one.
At the time of converting from word file to html my equations which are in the word document file was convert into image.
Globals.ThisAddIn.Application.ActiveDocument.Select();...
|
by: adsilva |
last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
| | |
by: bsmnconsultancy |
last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...
| | |
