Chapter 13: Runtime Security

Previous page
Table of content
Next page

Overview

A principal goal of the Microsoft .NET Framework is to make computing more secure ” especially with respect to the use of mobile code and distributed systems. Most modern operating systems (including Microsoft Windows) support user-based security, allowing you to control the actions and resources to which a user has access. However, in the highly connected world resulting from the proliferation of computer networks ”in particular the Internet ”it's insufficient to base security solely on the identity of a system's user. In the interest of security, code should not automatically receive the same level of trust that you assign to the person running the code.

The .NET Framework incorporates the following two complementary security models that address many of the issues associated with user and code security:

  • Code access security (CAS)

  • Role-based security (RBS)

CAS and RBS do not replace or duplicate the security facilities provided by the underlying operating system. They are platform-independent mechanisms that provide additional security capabilities to augment and enhance the overall security of your managed solutions.

CAS uses information about the source and origin of an assembly ( evidence ) gathered at run time to determine which actions and resources that code from the assembly can access ( permissions ). The .NET Framework security policy ” a hierarchical set of configurable rules ”defines the mapping between evidence and permissions. The .NET Framework class library uses permission demands to protect its most important functionality from unauthorized access. A demand forces the common language runtime to ensure that code calling a protected method has a specific permission. CAS ensures that the runtime capabilities of code depend on the level of trust you place in the creator and source of the code, not the level of trust you place in the user running the code. The CAS- related recipes in this chapter discuss the following topics:

  • Allowing partially trusted code to access your strong-named assemblies (recipe 13.1)

  • Disabling CAS altogether (recipe 13.2) or disabling only execution permission checks (recipe 13.3)

  • Requesting specific code access permissions and determining which permissions the runtime has granted to your code (recipes 13.4, 13.5, 13.6, and 13.7)

  • Controlling inheritance and member overrides using CAS (recipe 13.8)

  • Inspecting and manipulating assembly evidence (recipes 13.9 and 13.10)

  • Manipulating runtime security using application domains (recipes 13.11 and 13.12)

Following a more traditional security model, RBS allows you to make runtime decisions based on the identity and roles of the user on whose behalf an application is running. On the Windows operating system, this equates to making decisions based on the Windows user name and the Windows groups to which that user belongs. However, RBS provides a generic security mechanism that is independent of the underlying operating system, allowing you (with some development) to integrate with any user account system. The recipes in this chapter discuss the following aspects of .NET RBS:

  • Integrating RBS with Windows user accounts and determining if a user is a member of a specific Windows group (recipe 13.13)

  • Controlling access to application functionality based on the current user and the roles of which the user is a member (recipe 13.14)

  • Impersonating Windows users to perform operating system tasks on behalf of that user (recipe 13.15)

Both the RBS and CAS related recipes in this chapter represent some of the more common actions you will need to perform in your applications, but they represent only a small portion of the security capabilities of the .NET Framework. For a more comprehensive coverage of .NET Framework security, I suggest you read Programming .NET Security (O'Reilly and Associates, 2003), which I wrote with Adam Freeman. Programming .NET Security provides in- depth coverage of all aspects of .NET Framework security and demonstrates how to extend and enhance many of the runtime's security framework capabilities.



Previous page
Table of content
Next page
C# Programmer[ap]s Cookbook
C# Programmer[ap]s Cookbook
ISBN: 735619301
EAN: N/A
Year: 2006
Pages: 266
BUY ON AMAZON
Database Modeling with MicrosoftВ® Visio for Enterprise Architects (The Morgan Kaufmann Series in Data Management Systems)
GO! with Microsoft Office 2003 Brief (2nd Edition)
Pocket Guide to the National Electrical Code(R), 2005 Edition (8th Edition)
Visual Studio Tools for Office(c) Using C# with Excel, Word, Outlook, and InfoPath
Cultural Imperative: Global Trends in the 21st Century
Microsoft Visual Basic .NET Programmers Cookbook (Pro-Developer)
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy