13.3 Disable Execution Permission Checks

Previous page
Table of content
Next page

Problem

You need to stop the runtime checking that each assembly it loads has execution permission.

Solution

In code, set the property CheckExecutionRights of the class System.Security.SecurityManager to false and persist the change by calling SecurityManager.SavePolicy . Alternatively, use the Code Access Security Policy tool ( Caspol .exe), and execute the command caspol e off from the command line.

Discussion

As the runtime loads each assembly, it ensures that the assembly's grant set includes the Execution element of SecurityPermission . The runtime implements a lazy policy resolution process, meaning that the grant set of an assembly is not calculated until the first time a security demand is made against the assembly. Not only does execution permission checking force the runtime to check that every assembly has the execution permission, but it also indirectly causes policy resolution for every assembly loaded, effectively negating the benefits of lazy policy resolution. These factors can introduce a noticeable delay as assemblies are loaded, especially when the runtime loads a number of assemblies together, as it does at application startup.

In many situations, simply allowing code to load and run is not a significant risk as long as all other important operation and resources are correctly secured using CAS and operating system security. The .NET runtime allows you to turn off the automatic checks for execution permissions from within code, or by using Caspol.exe.

When you enter the command caspol e off or its counterpart caspol e on from the command line, the Caspol.exe utility actually sets the CheckExecutionRights property of the SecurityManager class. This is shown in the following code fragments , which you can use from within your own code: 

 // Turn off Execution rights checks. System.Security.SecurityManager.CheckExecutionRights = false;          // Persist the configuration change. System.Security.SecurityManager.SavePolicy();

To enable execution permission checks, use the following statements: 

 // Turn on Execution rights checks. System.Security.SecurityManager.CheckExecutionRights = true;          // Persist the configuration change. System.Security.SecurityManager.SavePolicy();

To modify the value of CheckExecutionRights , your code must have the ControlPolicy element of SecurityPermission . The change will affect the current process immediately, allowing you to load assemblies at run time without the runtime checking them for execution permission. However, the change will not affect other existing processes. You must call the SavePolicy method to persist the change to the Windows registry for it to affect new processes.



Previous page
Table of content
Next page
C# Programmer[ap]s Cookbook
C# Programmer[ap]s Cookbook
ISBN: 735619301
EAN: N/A
Year: 2006
Pages: 266
BUY ON AMAZON
Agile Project Management: Creating Innovative Products (2nd Edition)
Strategies for Information Technology Governance
Special Edition Using Crystal Reports 10
Wireless Hacks: Tips & Tools for Building, Extending, and Securing Your Network
Sap Bw: a Step By Step Guide for Bw 2.0
Java All-In-One Desk Reference For Dummies
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy