1 / 13

System.Security.Permissions namespace

System.Security.Permissions namespace. By Venkata Krishna Date: Instructor 06/19/2007 Dr. Ravi Mukkamala. Overview. Introduction

kayc
Télécharger la présentation

System.Security.Permissions namespace

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. System.Security.Permissions namespace By Venkata Krishna Date: Instructor 06/19/2007 Dr. Ravi Mukkamala

  2. Overview • Introduction • Classes in System.Security.Permissions Namespace • Permissions • Code access security • References

  3. Introduction • Permissions are the mechanism through which the .NET runtime enforces code-access security. • The System.Security.Permissions namespace contains permission classes and their attributes.

  4. Classes in System.Security.Permissions Namespace There are a lot of classes and enumerations in this namespace. Few of the important classes are Classes EnvironmentPermission FileDialogPermission FileIOPermission IsolatedStorageFilePermission IsolatedStoragePermission ReflectionPermission RegistryPermission SecurityPermission UIPermission • Each of these classes have many methods.

  5. Permissions There are three distinct categories of permissions defined in the System.Security.Permissions namespace: • Code-Access Permissions, • Identity Permissions and • Role-based Permissions Code-Access Permissions: The Common Language Runtime (CLR) allows code to perform only those operations that the code has permission to perform. • Restrict what your code can do • Restrict which code can call your code • Identify code

  6. Identity Permissions: The identity permission classes represent the value of host evidence that an assembly or application domain presents to the runtime. Role-based Permissions: Permissions based on roles of a user on whose behalf code is running.

  7. Code access security The elements of CAS are • permissions • permission sets • code groups • evidence • policy

  8. Demo Creating permission sets and code groups

  9. Two different kinds of syntax when coding security are • Declarative Declarative syntax uses attributes to mark the method, class or the assembly with the necessary security information. [FileIOPermission(SecurityAction.Demand, Unrestricted=true)] public calss MyClass { public MyClass() {...} // all these methods public void MyMethod_A() {...} // demands unrestricted access to public void MyMethod_B() {...} // the file system } • Imperative Imperative syntax uses runtime method calls to create new instances of security classes. public calss MyClass { public MyClass() { } public void Method_A() { // Do Something FileIOPermission myPerm = new FileIOPermission(PermissionState.Unrestricted); myPerm.Demand(); // rest of the code won't get executed if this failed // Do Something } // No demands public void Method_B() { // Do Something } }

  10. Requesting Permissions An assembly can request permissions before it is loaded. • RequestMinimum The code will be only allowed to run if all the required permissions are granted by the security policy. [assembly:RegistryPermission(SecurityAction.RequestMinimum, Write="HKEY_LOCAL_MACHINE\\Software")] • RequestOptional Permissions that the code can use, but not required in order to run. [assembly:FileIOPermission(SecurityAction.RequestOptional, Write="C:\\")] • RequestRefuse To specify the permissions that the assembly would never require. [assembly:FileIOPermission(SecurityAction.RequestRefuse, Write="C:\\")]

  11. Overriding Security An assembly can override the permissions in three ways. • Assert Assert method to stop the stack walk from going beyond the current stack frame. FileIOPermission myPerm = new FileIOPermission(FileIOPermissionAccess.Read, "C:\\"); myPerm.Assert(); // don't check above stack frames. • Deny Deny the current set of permissions. WebPermission myWebPermission = new WebPermission(NetworkAccess.Connect, "http://www.somewebsite.com"); myWebPermission.Deny(); • PermitOnly PermitOnly in some situations when needed to restrict permissions granted by security policy. WebPermission myWebPermission = new WebPermission(NetworkAccess.Connect, "http://www.somewebsite.com"); myWebPermission.PermitOnly();

  12. References • O’Reilly : Programming .NET Security By Adam Freeman, Allen Jones , June ’03 • http://msdn2.microsoft.com/en-us/library/system.security.permissions.aspx • http://www.codeproject.com/dotnet/UB_CAS_NET.asp

  13. Discussion

More Related