Flylib.com

Books Software

 
 
 

Category list


Similar pages

Code Identity


Buy on amazon.com >>
Oberg R.J. Thorsteinson P. Wyatt D.L.
    << Previous page
    Table of contents
    Next page >>
    Team-Fly    
     
    Application Development Using Visual Basic and .NET
    By Robert J. Oberg, Peter Thorsteinson, Dana L. Wyatt
    Table of Contents
    Chapter 16.  Security

    Code Identity

    The characteristics by which a particular assembly can be identified are its identity permissions. An example is a signed assembly's strong name or the Web site that originated the assembly. Based on the evidence provided to the assembly loader or trusted host, identity permissions are granted by the CLR.

    Identity Permission Classes

    To identify running code, there are several identity permission classes.

    • PublisherIdentityPermission models the software publisher's digital signature.

    • SiteIdentityPermission models the Web site where code originated.

    • StrongNameIdentityPermission models the strong name of an assembly.

    • ZoneIdentityPermission models the zone where the code originated.

    • URLIdentityPermission models the URL and the protocol where the code originated.

    These identity permissions represent evidence that can be used to determine security policy. It is important to recognize that identity permissions are not code access permissions.

    Evidence

    Security policy is based on a set of rules that administrators can establish. The .NET security system can use those rules to enforce the security policy. The evidence, represented by the identity permissions, is used to determine which security policy to apply.

    The AppDomain class has a function ExecuteAssembly that causes an assembly to load and run. One of the possible arguments to this overloaded method is an Evidence object argument. This Evidence class is a collection of objects that represent the identity of the assembly, which is used in making security policy decisions.

    The Evidence example illustrates this. This example gets the collection of evidence associated with a strongly named assembly and prints out the associated values. 

    graphics/codeexample.gif
Dim ev As System.Security.Policy.Evidence = _
   AppDomain.CurrentDomain.Evidence
Dim iEnum As IEnumerator = ev.GetEnumerator()
Dim bNext As Boolean

Console.WriteLine(_
   "Evidence Enumerator has {0} members", _
   ev.Count)
bNext = iEnum.MoveNext()
While bNext = True
   Dim x As Object = iEnum.Current
   Dim t As Type = x.GetType()
   Console.WriteLine(t.ToString())
   If t Is Type.GetType(_
         "System.Security.Policy.Zone") Then
      Dim zone As Zone = x
      Console.WriteLine("   " + _
         zone.SecurityZone.ToString())
   ElseIf t Is Type.GetType(_
         "System.Security.Policy.Url") Then
      Dim url As Url = x
      Console.WriteLine("   " + _
         url.Value.ToString())
   ElseIf t Is Type.GetType(_
         "System.Security.Policy.Hash") Then
      Dim hash As Hash = x
      Dim md5Hash() As Byte = hash.MD5
      Dim sha1Hash() As Byte = hash.SHA1
      Console.WriteLine("    MD5 Hash of Assembly:")
      Console.Write("      ")
      Dim i As Integer
      For i = 0 To md5Hash.Length - 1
         Console.Write(md5Hash(i))
      Next
      Console.WriteLine()
      Console.WriteLine("    SHA1 Hash of Assembly:")
      Console.Write("      ")
      For i = 0 To sha1Hash.Length - 1
         Console.Write(sha1Hash(i))
      Next
      Console.WriteLine()
   ElseIf t Is Type.GetType(_
         "System.Security.Policy.StrongName") Then
      Dim sn As StrongName = x
      Console.WriteLine(_
         "    StrongName of Assembly is: {0} " & _
         "version: {1}", sn.Name, sn.Version)
      Console.WriteLine("    Assembly public key:")
      Console.Write("        ")
      Console.WriteLine(sn.PublicKey.ToString())
   End If
   bNext = iEnum.MoveNext()
End While

    The example's output would look something like this: 

    Evidence Enumerator has 4 members
System.Security.Policy.Zone
   MyComputer
System.Security.Policy.Url
   file://C:/OI/NetVB/Chap16/Evidence/bin/Evidence.exe
System.Security.Policy.StrongName
    StrongName of Assembly is: Evidence version:
1.0.808.39413
    Assembly public key:
        0024000004800000940...5EA897BA
System.Security.Policy.Hash
    MD5 Hash of Assembly:
      5934823522219523214999128165198908214168
    SHA1 Hash of Assembly:
      1592378069174985489611742512062371931814814718180

    The evidence associated with the Zone for this assembly is MyComputer. The Url evidence is the location on disk of the assembly. The Hash evidence can give us the MD5 and SHA-1 hashes of the assembly. The StrongName evidence tells us information about the unique assembly name.

    Some of this evidence is convertible to the associated identity permissions. For example, the Zone class has a CreateIdentityPermission method that returns an IPermission interface representing the ZoneIdentityPermis sion instance associated with this piece of evidence. The Url and StrongName classes have similar methods .

    Another way of looking at the identity permissions is that they answer a series of questions:

    • Who published (signed) it?

    • What is the name of the assembly?

    • What Web site or URL did it come from?

    • What zone did the code originate from?

    The creator of the application domain (host) can also provide evidence by passing in an Evidence collection when the ExecuteAssembly method is called. Of course, that code must have the ControlEvidence permission. The CLR is also trusted to add evidence, which is reasonable, since it enforces the security policy. Evidence is extensible. You can define evidence types and use them in your own customized security policies.

    Team-Fly    
    Top
     

    Buy on amazon.com >>
    Oberg R.J. Thorsteinson P. Wyatt D.L.
      << Previous page
      Table of contents
      Next page >>
       
      flylib.com © Copyright 2008-2013. All Rights Reserved.
      if you may any questions please contact us: flylib@qtcs.net
      Privacy policy