tags:

views:

21

answers:

1
Q: 

Question about the working paradigm of Code Access Security (CAS)

Hi friends,

I wrote the following code to test the CAS:

    [SecurityPermission(SecurityAction.Demand,Flags=SecurityPermissionFlag.Execution)]
    static void Main(string[] args)
    {
        Console.WriteLine("hello, world!");
    }

In the .NET 2.0 Configuration, I use the strong name of the above assembly to create a code group and give the group Nothing permission set. So the assembly failed to start as expected.

But I noticed that if I remove the following attribute:

[SecurityPermission(SecurityAction.Demand,Flags=SecurityPermissionFlag.Execution)]

The program still failed to start. So what's the point of this so-called declarative security with attribute?

I read several tutorials on CAS, they use Imperative/Declarative Security to use the CAS. But from the above sample, it doesn't seem necessary.

If I deliberately write code without Imperative/Declarative Security and don't provide any evidence for my assembly, would CAS be blind to enforce any security policy?

Or do I misunderstand how CAS is expected to be used?

Thanks.

+1  A: 

A CAS permission demand results in verification of each call stack frame above the method making the demand. Since your assembly runs no code to invoke the Main method, the demand is not being evaluated against any of your code.

It is the denial of execution permissions via policy that is causing your assembly to be prevented from being executed. The permission is being evaluated by the CLR itself when it runs your assembly code. There is no need to add your own demand for the permission.

To step back a bit and look at how CAS demands (declarative or imperative) are meant to be used, consider that permissions protect access to resources. Any code allowing access to a resource (e.g.: the file system) that would not otherwise be accessible to managed code should supply a permission (e.g.: FileIOPermission) that can be used to control access to that resource. The code allowing access to the resource is also responsible for making demands for that permission before allowing access to the resource.

Most developers writing managed code will never need to either author a CAS permission or make an explicit demand for a CAS permission since they will typically be accessing resources exposed (and protected) by either the .NET base class library or by other Microsoft or third-party libraries.

Nicole Calinoiu  2010-10-04 12:15:17

related questions

Subsonic Vs NHibernate
How to check For File Lock in C# ?
Is nAnt still supported and suitable for .net 3.5/VS2008?
Limit size of Queue<T> in .NET?
Viewstate invalid when using Safari
Free OCR library
Unhandled Exception Handler in .NET 1.1
Localising date format descriptors
Get a new object instance from a Type in C#
VFP .NET OLEdb provider does not work in Win 64-Bits. Help
.NET Testing Framework Advice
Embedded Database for .net that can run off a network
Automatically update version number
Homegrown consumption of web services
How do you migrate a large app from VB6 to VB .net ?
.NET Migrations Engine
Adding Scripting functionality to .NET applications
SQLite and XSD
Floating Point Number parsing: Is there a Catch All algorithm?
How do I programmatically create a PDF in my .NET application?
How do I sync the SVN revision number with my ASP.NET web site?
XSD DataSets and ignoring foreign keys
Anatomy of a "Memory Leak"
Reliable Timer in a Console Application
How do I calculate relative time?