13.5 Limit the Permissions Granted to Your Assembly

Previous page
Table of content
Next page

Problem

You need to restrict the code access permissions granted to your assembly, ensuring that people and other software can never use your code as a mechanism through which to perform undesirable or malicious actions.

Solution

Use declarative security statements to specify optional permission requests and permission refusal requests in your assembly. Optional permission requests define the maximum set of permissions that the runtime will grant to your assembly. Permission refusal requests specify particular permissions that the runtime should not grant to your assembly.

Discussion

In the interest of security, it's ideal if your code has only those code access permissions required to perform its function. This minimizes the opportunities for people and other code to use your code to carry out malicious or undesirable actions. The problem is, the runtime resolves an assembly's permissions using security policy, which a user or administrator configures. Security policy could be different in every location where your application is run, and you have no control over what permissions the security policy assigns to your code.

Although you can't control security policy in all locations where your code runs, the .NET Framework provides two mechanisms through which you can reject permissions granted to your assembly: refuse requests and optional requests. Refuse requests allow you to identify specific permissions that you do not want the runtime to grant to your assembly. After policy resolution, if the final grant set of an assembly contains any permission specified in a refuse request, the runtime removes that permission. Optional permission requests define the maximum set of permissions that the runtime can grant to your assembly. If the final grant set of an assembly contains any permission other than those specified in the optional permission request, the runtime removes those permissions. Unlike a minimum permission request (discussed in recipe 13.4) the runtime won't refuse to load your assembly if it can't grant all of the permissions specified in the optional request.

You can think of a refuse request and an optional request as alternative ways to achieve the same result; the approach you use depends on how many permissions you want to reject. If you only want to reject a handful of permissions, a refuse request is easier to code. However, if you want to reject a large number of permissions, it's easier to code an optional request for the few permissions you want, which will automatically reject the rest.

You include optional and refuse requests in your code using declarative security statements with the same syntax as the minimum permission requests discussed in recipe 13.4. The only difference is the value of the System.Security.Permissions.SecurityAction that you pass to the permission attribute's constructor. Use SecurityAction.RequestOptional to declare an optional permission request and SecurityAction.RequestRefuse to declare a refuse request. As with minimal permission requests, you must declare optional and refuse requests as global attributes by beginning the permission attribute name with the prefix assembly: . In addition, all requests must appear after any top level using statements but before any namespace or type declarations.

The OptionalRequestExample sample shown here demonstrates an optional permission request for the Internet permission set. The Internet permission set is a named permission set defined by the default security policy. When the runtime loads the OptionalRequestExample assembly, it won't grant the assembly any permission that is not included within the Internet permission set. (Consult the .NET Framework SDK documentation for details of the permissions contained in the Internet permission set.) 

 using System.Security.Permissions; [assembly:PermissionSet(SecurityAction.RequestOptional, Name = "Internet")] public class OptionalRequestExample {     public static void Main() {              // Do something...     } }

In contrast to OptionalRequestExample, the sample RefuseRequestExample shown here uses a refuse request to single out the permission System.Security.Permissions.FileIOPermission representing write access to the C: drivefor refusal. 

 using System.Security.Permissions; [assembly:FileIOPermission(SecurityAction.RequestRefuse, Write = @"C:\")] public class RefuseRequestExample {     public static void Main() {              // Do something...     } }


Previous page
Table of content
Next page
C# Programmer[ap]s Cookbook
C# Programmer[ap]s Cookbook
ISBN: 735619301
EAN: N/A
Year: 2006
Pages: 266
BUY ON AMAZON
VBScript Programmers Reference
Developing Tablet PC Applications (Charles River Media Programming)
Making Sense of Change Management: A Complete Guide to the Models, Tools and Techniques of Organizational Change
Mastering Delphi 7
Oracle SQL*Plus: The Definitive Guide (Definitive Guides)
VBScript in a Nutshell, 2nd Edition
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy