473,320 Members | 1,876 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,320 software developers and data experts.

Links for .NET security stuff

Can someone out there point me to a URL or other reference how to use these
security stuff in .NET?
I know everything can be found online on the msdn but since I am new to this
security stuff, I have a very hard time to find the correct page in the
zillions of abstract pages talking about this topic.

One of the problems is this:
[assembly:FileIOPermission(SecurityAction.RequestMi nimum,
Unrestricted=true)]

I can find information about FileIOPermission here:
http://msdn.microsoft.com/library/de...classtopic.asp

I also fiund documentation of SecurityAction.RequestMinimum

But I cannot seem to find what parameters can be declared like
"Unrestricted=true".
I do find documentation about AllAccess, Append, NoAccess, PathDiscovery,
Read, Write, but the word "Unrestricted" is nowwhere seen on that page.

FileIOPermission is one example it would be nice to find some page that
gives an overview of all possible kewords like "Unrestricted", maybe there
are more keywords?

I am now trying to make my match dll more secure, by restricting security
settings.
The dll only has math functionality, no registery, no dialog boxes, no file
access is needed, but it has to run from LAN netwok folders. It also needs
unsafe code.

This is why I try to find SecurityPermission, RegistryPermission,
ZoneIdentityPermission,...documentation that tells me what keywords exist
and how to set it.

Any help would be appreciated. :-)

--
http://www.skyscan.be
Jul 21 '05 #1
6 2468
Hi Olaf,

If you are looking for articles on CAS in general, then this is a good read
http://www.codeproject.com/dotnet/UB...&select=727810

HTH,
Rakesh Rajan

"Olaf Baeyens" wrote:
Can someone out there point me to a URL or other reference how to use these
security stuff in .NET?
I know everything can be found online on the msdn but since I am new to this
security stuff, I have a very hard time to find the correct page in the
zillions of abstract pages talking about this topic.

One of the problems is this:
[assembly:FileIOPermission(SecurityAction.RequestMi nimum,
Unrestricted=true)]

I can find information about FileIOPermission here:
http://msdn.microsoft.com/library/de...classtopic.asp

I also fiund documentation of SecurityAction.RequestMinimum

But I cannot seem to find what parameters can be declared like
"Unrestricted=true".
I do find documentation about AllAccess, Append, NoAccess, PathDiscovery,
Read, Write, but the word "Unrestricted" is nowwhere seen on that page.

FileIOPermission is one example it would be nice to find some page that
gives an overview of all possible kewords like "Unrestricted", maybe there
are more keywords?

I am now trying to make my match dll more secure, by restricting security
settings.
The dll only has math functionality, no registery, no dialog boxes, no file
access is needed, but it has to run from LAN netwok folders. It also needs
unsafe code.

This is why I try to find SecurityPermission, RegistryPermission,
ZoneIdentityPermission,...documentation that tells me what keywords exist
and how to set it.

Any help would be appreciated. :-)

--
http://www.skyscan.be

Jul 21 '05 #2
> If you are looking for articles on CAS in general, then this is a good
read:
http://www.codeproject.com/dotnet/UB...&select=727810


Yes this seems to be a very good staringpoint. :-)
Thanks.

--
http://www.skyscan.be

Jul 21 '05 #3
"Olaf Baeyens" <ol**********@skyscan.be> wrote:
Can someone out there point me to a URL or other reference how to use these
security stuff in .NET?
I know everything can be found online on the msdn but since I am new to this
security stuff, I have a very hard time to find the correct page in the
zillions of abstract pages talking about this topic.

One of the problems is this:
[assembly:FileIOPermission(SecurityAction.RequestMi nimum,
Unrestricted=true)]

I can find information about FileIOPermission here:
http://msdn.microsoft.com/library/de...classtopic.asp

I also fiund documentation of SecurityAction.RequestMinimum

But I cannot seem to find what parameters can be declared like
"Unrestricted=true".
IUnrestrictedPermission Interface
http://msdn.microsoft.com/library/de...classtopic.asp
PermissionState Enumeration
http://msdn.microsoft.com/library/de...classtopic.asp
FileIOPermissionAttribute Class
http://msdn.microsoft.com/library/de...classtopic.asp

If you take a look at the Zone Code groups and the
Permission set in the .NET Framework Configuration Tool
(Runtime, Machine, Permission Sets) you'll discover that
only the "Everything" permission set actually has
"Unrestricted" File IO; FullTrust has it by default as it
for all intents and purposes bypasses CAS. So you would be
well advised not to require

[FileIOPermissionAttribute(SecurityAction.Minimum,U nrestricted=true)]

The above actually does the following:

(new FileIOPermissionAttribute(
SecurityAction.Minimum
)).Unrestricted = true;

So in effect you can determine the possible "parameters" by
looking at FileIOPermissionAttribute's properties.

You may also want to look into
SecurityAction.RequestOptional. The name is totally
misleading:

RequestMinimum - "Required Minimum"; use this to specify the
permissions that you absolutely have to have - if one of the
minimum permission isn't present the runtime will throw a
Security exception (using declarative security your assembly
won't even be allowed to run).

RequestOptional - "Refuse All Except"; use this to
explicitly list all the permissions you may want to use,
while you definitely do not want any other permissions. If
something is RequestOptional the absence of the permission
will not immediately lead to an exception until something
trys to use it.

RequestRefuse - Use this to exclude a subset of something
you already requested, e.g.:

[FileIOPermissionAttribute(SecurityAction.RequestOp tional,
Read=@"C:\"]
[FileIOPermissionAttribute(SecurityAction.RequestRe fuse,
Read=@"C:\Windows"]
I do find documentation about AllAccess, Append, NoAccess, PathDiscovery,
Read, Write, but the word "Unrestricted" is nowwhere seen on that page.

FileIOPermission is one example it would be nice to find some page that
gives an overview of all possible kewords like "Unrestricted", maybe there
are more keywords?

Just look at FileIOPermissionAttribute's properties
I am now trying to make my match dll more secure, by restricting security
settings.
The dll only has math functionality, no registery, no dialog boxes, no file
access is needed, but it has to run from LAN netwok folders. It also needs
unsafe code.
So you do not want to require "File IO" permission as that
is not included in the LocalIntranet permission set. If you
require file access you will need to handle this with
OpenFileDialog and SaveFileDialog and the stream they make
available (essentially the user is granting the assembly on
a case by case basis access to the indicated file).

Unsafe code is a no-no with the LocalIntranet permission
set; its "Security" "Allow calls to unmanaged code" is set
to "No". You would have to create a separate assembly that
manipulates the unmanaged code and declares:

[assembly:AllowPartiallyTrustedCallers]

That one then needs to be granted "Security" "Allow calls to
unmanaged code" is set to "Yes" and "Security" "Assert any
permission that has been granted" to "Yes" (basically
installing it on the client machine and granting it full
trust, though a tightly constrained custom code group and
permission set on the machine would be preferrable). Then
your assembly could call it as long as the local assembly
used an "Assert" to stop the stack walk.

AllowPartiallyTrustedCallersAttribute Class
http://msdn.microsoft.com/library/de...classtopic.asp

CodeAccessPermission.Assert Method
http://msdn.microsoft.com/library/de...sserttopic.asp

This is why I try to find SecurityPermission, RegistryPermission,
ZoneIdentityPermission,...documentation that tells me what keywords exist
and how to set it.

Any help would be appreciated. :-)


..NET Framework Developer's Guide: Code Access Security
http://msdn.microsoft.com/library/de...sssecurity.asp
Chapter 8 – Code Access Security in Practice
http://msdn.microsoft.com/library/de...l/thcmch08.asp
How To: Use Code Access Security Policy to Constrain an
Assembly
http://msdn.microsoft.com/library/de...htcode_acc.asp


Jul 21 '05 #4
Nice, nice thank you, for this information and links.
Completely understanding is one thing, but at least I have now some good
starting points. :-)

Thanks.
--
http://www.skyscan.be
"UAError" <nu**@null.null> wrote in message
news:sa********************************@4ax.com...
IUnrestrictedPermission Interface
http://msdn.microsoft.com/library/de...classtopic.asp PermissionState Enumeration
http://msdn.microsoft.com/library/de...classtopic.asp FileIOPermissionAttribute Class
http://msdn.microsoft.com/library/de...classtopic.asp

........
Jul 21 '05 #5
"Olaf Baeyens" <ol**********@skyscan.be> wrote:
Nice, nice thank you, for this information and links.
Completely understanding is one thing, but at least I have now some good
starting points. :-)

Thanks.
Well I did't directly mention the easier way out (as opposed
to creating two separate assemblies) by simply creating a
custom permission set and code group with an appropriate
membership condition to grant your assembly the permissions
it needs to operate - AFTER you constrained the permissions
it acquires (through RequestOptional).

..NET Framework Developer's Guide: Configuring Permission
Sets Using the .NET Framework Configuration Tool
http://msdn.microsoft.com/library/de...issionsets.asp

..NET Framework Developer's Guide: Configuring Code Groups
Using the .NET Framework Configuration Tool
http://msdn.microsoft.com/library/de...codegroups.asp

..NET Framework Developer's Guide: Computing the Allowed
Permission Set
http://msdn.microsoft.com/library/de...missionset.asp
The dll only has math functionality, no registery, no dialog boxes, no file
access is needed, but it has to run from LAN netwok folders. It also needs
unsafe code.


You haven't elaborated on why you are operating the assembly
from the network. If its to be included in some "ad hoc"
programs/applications you could initially develop your
custom Permission set/Code Group in the ".NET Framework
Configuration Tool". After you know what will be needed
create a .bat file for potential users of your assembly that
can deploy the required Permission set/Code Group by using
Caspol.exe.

NET Framework Tools: Code Access Security Policy Tool
(Caspol.exe)
http://msdn.microsoft.com/library/de...yCaspolexe.asp

..NET Framework Developer's Guide: Configuring Permission
Sets Using Caspol.exe
http://msdn.microsoft.com/library/de...issionsets.asp

..NET Framework Developer's Guide: Configuring Code Groups
Using Caspol.exe
http://msdn.microsoft.com/library/de...codegroups.asp

If however the assembly is to be used by multiple well
established applications within you organization you should
really be considering deploying it to the GAC (Global
Assembly Cache) of each machine by including it in a Merge
Module for the application setup projects.

Visual Studio: Introduction to Merge Modules
http://msdn.microsoft.com/library/de...rgemodules.asp

Operating from the GAC you probably will not need a custom
Code Group/Permission set - and even if you do you can run
caspol from the custom actions or use the
System.Security.SecurityManager class to manipulate the
Security policy.

..NET Framework Class Library: SecurityManager Class
http://msdn.microsoft.com/library/de...ClassTopic.asp

http://www.sellsbrothers.com/wahoo/

Even if you do not deploy to the GAC, you may want to
consider assigning a strong name to your assembly. That way
it is more difficult to "impersonate" your assembly (and you
can use it to further constrain the membership condition of
your custom code group).

..NET Framework Developer's Guide: Creating and Using
Strong-Named Assemblies
http://msdn.microsoft.com/library/de...assemblies.asp
Jul 21 '05 #6
> Well I did't directly mention the easier way out (as opposed
to creating two separate assemblies) by simply creating a
custom permission set and code group with an appropriate
membership condition to grant your assembly the permissions
it needs to operate - AFTER you constrained the permissions
it acquires (through RequestOptional).

.....
Many thanks for the detailed explanation and links. :-)
I think that this is a wonderfull overview from programmers point of view.
:-)

Now comes the hard part: understanding it all. ;-)
But it lowers the learning curve.

--
http://www.skyscan.be
Jul 21 '05 #7

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

2
by: Bryan Harrington | last post by:
A little background first.. I'm working from home.. no real team to bounce ideas off of, so you guys are it. I'm working on an app SQL2k / ASP Classic, the quick and dirty is there is a...
3
by: Ernesto Morin | last post by:
Not sure if somebody can help me here. Our company develops a web based system that lets client have interaction with it. One of the things that we have is the ability for a user to create links...
116
by: Mike MacSween | last post by:
S**t for brains strikes again! Why did I do that? When I met the clients and at some point they vaguely asked whether eventually would it be possible to have some people who could read the data...
2
by: Freeserve | last post by:
Not sure whether this is the right group, but I can't find anything in the ..NET groups and my apologies if this has already been covered or is considered "off subject". I am looking at using an...
11
by: Will | last post by:
I am looking at using a table with user names, passwords and user rights, which I would administer. I have read a lot about the shortfalls of this and the lack of security but the customer does...
1
by: VM | last post by:
Is it possible for the bound data in a web datagrid to be displayed in links? The grid will show the client's first name and last name and, when the user clicks on the first or last name, I want...
6
by: Olaf Baeyens | last post by:
Can someone out there point me to a URL or other reference how to use these security stuff in .NET? I know everything can be found online on the msdn but since I am new to this security stuff, I...
0
by: Cameron Laird | last post by:
QOTW: "My wild-ass guess is that, same as most other Open Source communities, we average about one asshole per member." - Tim Peters...
1
by: nancy | last post by:
I am new to PHP but have done other programming can someone please hold my hand and slowly talk me through some simple security issues? I have seen in PHP documents that there are 'strip...
0
by: DolphinDB | last post by:
Tired of spending countless mintues downsampling your data? Look no further! In this article, you’ll learn how to efficiently downsample 6.48 billion high-frequency records to 61 million...
0
by: ryjfgjl | last post by:
ExcelToDatabase: batch import excel into database automatically...
0
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
1
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
0
by: Vimpel783 | last post by:
Hello! Guys, I found this code on the Internet, but I need to modify it a little. It works well, the problem is this: Data is sent from only one cell, in this case B5, but it is necessary that data...
0
by: jfyes | last post by:
As a hardware engineer, after seeing that CEIWEI recently released a new tool for Modbus RTU Over TCP/UDP filtering and monitoring, I actively went to its official website to take a look. It turned...
0
by: ArrayDB | last post by:
The error message I've encountered is; ERROR:root:Error generating model response: exception: access violation writing 0x0000000000005140, which seems to be indicative of an access violation...
0
by: CloudSolutions | last post by:
Introduction: For many beginners and individual users, requiring a credit card and email registration may pose a barrier when starting to use cloud servers. However, some cloud server providers now...
0
by: Faith0G | last post by:
I am starting a new it consulting business and it's been a while since I setup a new website. Is wordpress still the best web based software for hosting a 5 page website? The webpages will be...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.