File IO


File I/O

To be able to perform file I/O, your assembly must be granted the FileIOPermission by code access security policy. If your code is granted the unrestricted FileIOPermission , it can access files anywhere on the file system, subject to Windows security. A restricted FileIOPermission can be used to constrain an assembly's ability to perform file I/O, for example, by specifying allowed access rights (read, read/write, and so on.)

Constraining File I/O within your Application's Context

A common requirement is to be able to restrict file I/O to specific directory locations such as your application's directory hierarchy.

Note  

If your Web application is configured for Medium trust , file access is automatically restricted to the application's virtual directory hierarchy. For more information, see Chapter 9, "Using Code Access Security with ASP.NET."

Configuring your application for Medium trust is one way to constrain file I/O, although this also constrains your application's ability to access other resource types. There are two other ways you can restrict your code's file I/O capabilities:

  • Using PermitOnly to restrict File I/O

  • Configuring code access security policy to restrict File I/O

Using PermitOnly to Restrict File I/O

You can use declarative attributes together with SecurityAction.PermitOnly as shown in the following example to constrain file I/O.

 // Allow the code only to read files from c:\YourAppDir [FileIOPermission(SecurityAction.PermitOnly, Read=@"c:\YourAppDir\")] [FileIOPermission(SecurityAction.PermitOnly, PathDiscovery=@"c:\YourAppDir\")] public static string ReadFile(string filename) {   // Use Path.GetFilePath() to canonicalize the file name   // Use FileStream.OpenRead to open the file   // Use FileStream.Read to access and return the data } 
Note  

The second attribute that specifies PathDicovery access is required by the Path.GetFilePath function that is used to canonicalize the input file name.

To avoid hard coding your application's directory hierarchy, you can use imperative security syntax, and use the HttpContext.Current.Request.MapPath(".") to retrieve your Web application's directory at runtime. You must reference the System.Web assembly and add the corresponding using statement as shown in the following example.

 using System.Web;     public static string ReadFile(string filename) {   string appDir = HttpContext.Current.Request.MapPath(".");   FileIOPermission f = new FileIOPermission(PermissionState.None);   f.SetPathList(FileIOPermissionAccess.Read, appDir);   f.SetPathList(FileIOPermissionAccess.PathDiscovery, appDir);   f.PermitOnly();       // Use Path.GetFilePath() to canonicalize the file name   // Use FileStream.OpenRead to open the file   // Use FileStream.Read to access and return the data } 
Note  

For a Windows application you can replace the call to MapPath with a call to Directory.GetCurrentDirectory to obtain the application's current directory.

Configuring Code Access Security Policy to Restrict File I/O

An administrator can also configure code access security policy to restrict your code's ability to perform file I/O beyond your application's virtual directory hierarchy.

For example, the administrator can configure Enterprise or Machine level code access security policy to grant a restricted FileIOPermission to your assembly. This is most easily done if your assembly contains a strong name, because the administrator can use this cryptographically strong evidence when configuring policy. For assemblies that are not strong named, an alternative form of evidence needs to be used. For more information about how to configure code access security to restrict the file I/O capability of an assembly, see "How To: Configure Code Access Security Policy to Constrain an Assembly, " in the "How To" section of this guide.

If your assembly is called by a Web application, a better approach is to configure ASP.NET (application domain-level) code access security policy because you can use $AppDirUrl$ which represents the application's virtual directory root. For more information about restricting File I/O using ASP.NET code access security policy, see Chapter 9, "Using Code Access Security with ASP.NET."

Requesting FileIOPermission

To help the administrator, if you know your assembly's precise file I/O requirements at build time (for example, you know directory names ), declare your assembly's FileIOPermission requirements by using a declarative permission request as shown in the following example.

 [assembly: FileIOPermission(SecurityAction.RequestMinimum, Read=@"C:\YourAppDir")] 

The administration can see this attribute by using permview .exe. The additional advantage of using SecurityAction.RequestMinimum is that the assembly fails to load if it is not granted sufficient permissions. This is preferable to a runtime security exception.




Improving Web Application Security. Threats and Countermeasures
Improving Web Application Security: Threats and Countermeasures
ISBN: 0735618429
EAN: 2147483647
Year: 2003
Pages: 613

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net