I want to test the behavior of a certain piece of .NET code in partial trust environments. What's the fastest way to set this up? Feel free to assume that I (and other readers) are total CAS noobs. @Nick: Thanks for the reply. Alas, the tool in question is explicitly for unmanaged code. I didn't say "managed" in my question, and sho...
I have installed and setup RubyCAS-Server and RubyCAS-Client on my machine. Login works perfectly but when I try to logout I get this error message from the RubyCAS-Server: Camping Problem! CASServer::Controllers::Logout.GET ActiveRecord::StatementInvalid Mysql::Error: Unknown column 'username' in 'where clause': SELECT * FROM `casser...
I have a FullTrust assembly, Assembly A, which calls a 3rd party component, Assembly B. Is there any way I can, via A.dll.config or in A's code, prevent any CAS demands from propagating up the stack to Assembly B, which does not have FullTrust? I do not want to alter the machine's security policy, if possible. ...
I was wondering - do any of you actually use the various classes in the System.Security.Permissions namespace? I mainly develop desktop/server-side components (i.e., no web) and the general assumption is that FullTrust is always available and no testing is performed on environments for which this is not the case. Apart from MS source c...
Seems to me most of developers completely ignore this features. People prefer handling security exceptions as generic ones relying on standard windows roles and rights instead of learning to use CAS ways of enhancing security - probably because CAS is quite confusing in its logic and naming. Can anyone suggest any general rule-of-thumb/...
I've used OpenSSO (which is very powerful but complicated) and JOSSO (very simple but lacking many features). I've also looked at the CAS framework. My question is: What is your recommendation & insights regarding the different SSO frameworks (preferably Java oriented)? ...
Before I get flamed and down-voted without mercy, my company will not allow the install of .NET3.5 on non-dev machines yet (others are currently on 3.0). I have a managed exe on network share that needs to be able to run from there. This is a common problem with pre-.NET3.5SP1, but I cannot figure out how to solve it. I have read thi...
I have an application that behaves oddly, and just to verify, I'd like to see which security zone it is currently running under. I've found the System.Security.SecurityZone enum, but can't seem to find anything that will return which of these I'm running under. Does anyone have any tips? Basically I want to find out if my application ...
I'm thinking about learning CAS, but I need to quickly grasp basic architecture, performance implications and if it at all suits my needs. What should I read? ...
I am wondering if it is possible to use Code Access Security, and a custom permission class (and attribute), without having to register the assembly that the attribute is in, in the GAC. At the moment, I get a TypeLoadException when the method with my attribute is called, and I can't seem to get around it. Everything i've read seems to ...
Hi, can anybody please explain the following c# behaviour? I have written a small console application just to learn about CAS, but I can not seem to understand why the following lines of code work like they do: string[] myRoles = new string[] { "role1", "role2", "role3" }; GenericIdentity myIdentity = new GenericIdentity("myUsername", ...
The Java AtomicInteger class has a method - boolean weakCompareAndSet(int expect,int update) Its documnentation says - May fail spuriously. What does 'failing spuriously' here mean? ...
I have been a part of so many web applications but have never used CAS, perhaps have also never felt the need to use the same. When is the need to use CAS? Do people actually use it in their applications? ...
Here's something similar to this question on general SSO best-practices. What is the best approach for dealing with a disabled or for-whatever-reason-unreachable central identity provider. If your website allows users to login with their centrally-stored credentials, and the central service is not working or unreachable do you: Allow u...
As stated here custom field types (and any dlls they have a reference to?) must be deployed to the global assembly cache. Why, and what problems may arise by deploying to the bin directory? I’m trying to secure my code by writing CAS-policies and since my field controls uses a lot of help methods shared by my other code this seems like ...
I recently joined a firm and when analyzing their environment I noticed that the SharePoint web.config had the trust level set to Full. I know this is an absolutely terrible practice and was hoping the stackoverflow community could help me outline the flaws in this decision. Oh, it appears this decision was made to allow the develope...
I've developed a .net 3.0 application, which is deployed using clickonce. I'd like to move from full trust to partial trust to ease deployment. I've tried the "Calculate Permissions" tool in the "Security" tab of my project under visual studio, and the answer is quite clear : --------------------------- Microsoft Visual Studio -------...
I've a WCF application deployed using clickonce. It connects to my server using https, and everything works fine I use the default proxy when needed thanks to the following code: <configSections> <sectionGroup name="system.net" type="System.Net.Configuration.NetSectionGroup, System, Version=2.0.0.0, Culture=neutral, PublicKeyTok...
I'm trying to access the Version number of my assembly at runtime. The code I'm using for that requires a FileIOPermission, which I don't want to grant (I'm in the Internet Zone) this.GetType().Assembly.GetName().Version; Is there another way to access the version number which doesn't require elevation? ...
Introductory ramble Client Application Services (CAS) is the Microsoft solution for ASP.NET and WCF identity management. The default store is XML but nearly everyone reconfigures it to use ASPNETDB on MSSQL. There is support for per-user information in the shape of the .NET Profile. Within this, the application developer can define an ...