Code Access Security Considerations


Applications that use serviced components are usually fully trusted and, as a result, code access security has limited use to authorize calling code. The calling code should consider the following points:

  • Unmanaged code permission is required to activate and perform cross context calls on serviced components.

  • If the client of a serviced component is an ASP.NET Web application, then its trust level must be set to "Full" as shown below.

     <trust level="Full" /> 

    If your Web application is configured with a trust level other than "Full," it does not have the unmanaged code permission. In this instance, you must create a sandboxed wrapper assembly to encapsulate the communication with the serviced component. You must also configure code access security policy to grant the wrapper assembly the unmanaged code permission. For more information about the sandboxing technique used to encapsulate high privileged code, see Chapter 9, "Using Code Access Security with ASP.NET."

  • If a reference to a serviced component is passed to untrusted code, methods defined on the serviced component cannot be called from the untrusted code. The exception to this rule is with methods than do not require context switching or interception services and do not call members of System.EnterpriseServices . Such methods can be called by untrusted code.




Improving Web Application Security. Threats and Countermeasures
Improving Web Application Security: Threats and Countermeasures
ISBN: 0735618429
EAN: 2147483647
Year: 2003
Pages: 613

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net