I was wondering - do any of you actually use the various classes in the System.Security.Permissions namespace? I mainly develop desktop/server-side components (i.e., no web) and the general assumption is that FullTrust is always available and no testing is performed on environments for which this is not the case. Apart from MS source c...
I am wondering if it is possible to use Code Access Security, and a custom permission class (and attribute), without having to register the assembly that the attribute is in, in the GAC. At the moment, I get a TypeLoadException when the method with my attribute is called, and I can't seem to get around it. Everything i've read seems to ...
In .NET 1.x, you could use the StrongNameIdentityPermissionAttribute on your assembly to ensure that only code signed by you could access your assembly. According to the MSDN documentation, In the .NET Framework version 2.0 and later, demands for identity permissions are ineffective if the calling assembly has full trust. Th...
I'd like to flash the taskbar (as described here for example), but I can't P/Invoke FlashWindowEx (or anything else, for that matter) in the security context my application is running in. Is there another way to get the taskbar to flash? If not, what are my options for getting the user's attention? ...
I'm doing some WinForms development, running XP and VS 2005 (ancient, I know). I'd like to make sure my application can run without admin rights, but I'm too lazy to try to run VS as a non-admin, and I don't want to log in and out to test my app. Is there a way I can just debug as a non-admin? Is there a set of code access securit...
Hi I bought a book on Amazon which was meant to prepare me for 70-536 exam. I found there a handful of information which is a bit confusing for me. Let me quote it - I will place my questions inline. To understand how security policies are used, consider an application developer who wants to play with an assembly she downloade...
Hi What is the purpose of the following piece of code?: object[] hostEvidence = {new Zone(SecurityZone.Internet)}; Evidence internetEvidence = new Evidence(hostEvidence, null); AppDomain myDomain = AppDomain.CreateDomain("MyDomain"); myDomain.ExecuteAssembly("SecondAssembly.exe", internetEvidence); As far as I know the CLR automatic...
Hi I am having a trouble during impersonating a user. I have a method declared like this: [PrincipalPermission(SecurityAction.Demand, Name=@"DJPITER-PC\Test", Role="LocalTestGroup")] static void LocalTestGroupOnly() { Console.WriteLine("Inside LocalTestGroupOnly() - {0}", WindowsIdentity.GetCurrent().Name); } The calling...
I know that CAS is of limited value, but I want to learn about it anyway. I don't understand the behavior I'm seeing: Basic default CAS seems not to work at all in my fairly normal environment. Take this sample class: using System; using System.Security; using System.Security.Permissions; namespace CASNotWorkingExample { class Pr...
I have some IO code that reads a stream within a try..catch. It catches IOException and calls System.Runtime.InteropServices.Marshal.GetHRForException() within the catch, in an attempt to take different actions based on the HResult. Something like this: try { stream.Read(...); } catch (IOException ioexc1) { uint hr = (uint) Mar...
Hello everyone, I am using VSTS 2008 + .Net 2.0 + C#. And I am running Code Analysis after build. I got the following confusing security warning. Here is the warning and related code, any ideas what is wrong? If there is security warning, how to fix it? System.Diagnostics.Process myProcess = new System.Diagnostics.Proce...
Hello everyone, I am confused about this property, as mentioned here, http://msdn.microsoft.com/en-us/library/system.security.permissions.securityattribute.unrestricted.aspx we could give it full or non-full. My confusion is for permission in a straightforward understanding, there should be only two status -- granted and not-granted, w...
Hello everyone, I am confused about what does the Unrestricted property of .Net security, as mentioned here, http://msdn.microsoft.com/en-us/library/system.security.permissions.securityattribute.unrestricted.aspx we could give it full or non-full. My confusion is for permission in a straightforward understanding, there should be only t...
I'm running the labs in MCTS 70-536 Training Kit chapter 11 about Code Access Security. I'm running XP Pro. The first lab creates an assembly which checks for different permissions and reports a message if they exist. However when I run it as \\\127.0.0.1\c$\ListPermissions.exe it is supposed to recognize being in the intranet zone and u...
I've got a vague handle on how Code Access Security works in Sharepoint. I have developed a custom webpart and setup a CAS policy in my Manifest <CodeAccessSecurity> <PolicyItem> <PermissionSet class="NamedPermissionSet" version="1" Description="Permission set for Okana"> <IPermission class="Microsoft.SharePoint.Security.SharePo...
I have read over the documentation, scoured the interwebs, and it seems what I want to do cannot be done without writing a custom CAS permission. So, here's my last ditch attempt. I want to DECLARATIVELY define a FileIOPermission (Attribute) on my class to demand permission to the users MyDocuments directory. This directory is not consi...
I'm about to start working on a ClickOnce app targeted at internal customers for use on the organization's intranet. I want to ease the setup process, so I thought that developing the app to be partially trusted would be a good idea, but now I'm not so sure. One thing that the users have specifically asked for is (boiled down to) a Tex...
I have Class called Person containing to properties, Father and List of Children. I want every one to use only AddChild Method to add children, not the List.Add method , so how do I restrict use of it? public class Person { private List<Person> _children = new List<Person>(); public string Name { get; set; } public Person Father ...
I am in the process of studying for the 70-536 .NET Framework - Application Development Foundation Exam, as I have been programming .net for many years, this should not be hard! However I am having to learn about “Code Access Security” (CAS), As I have never had a need to use or configure it, I was wondering if anyone else has found a ...
Hi- I'm trying to use an external library DevExpress.XtraTreeList.v8.1.dll in my vsto office addin built using VS2010 beta 2. I am getting the following compile time error: DevExpress.Utils.AppareanceObject threw an exception --> System.NotSupportedException. The error message goes on to say that for compatibility reasons I can us...