Directory Services | Improving Web Application Security: Threats and Countermeasures

Currently, code that uses classes from the System.DirectoryServices namespace to access directory services such as Active Directory must be granted full trust. However, you can use the DirectoryServicesPermission to constrain the type of access and the particular directory services to which code can connect.

Constraining Directory Service Access

To constrain code, you can use the DirectoryServicesPermissionAttribute together with SecurityAction.PermitOnly . The following attribute ensures that the code can only connect to a specific LDAP path and can only browse the directory.

 [DirectoryServicesPermissionAttribute(SecurityAction.PermitOnly,                         Path="LDAP://rootDSE",                        PermissionAccess=DirectoryServicesPermissionAccess.Browse)] public static string GetNamingContext(string ldapPath) {   DirectorySearcher dsSearcher = new DirectorySearcher(ldapPath);   dsSearcher.PropertiesToLoad.Add("defaultNamingContext");   dsSearcher.Filter = "";   SearchResult result = dsSearcher.FindOne();   return (string)result.Properties["adsPath"][0]; }

Requesting DirectoryServicesPermission

To document the permission requirements of your code, and to ensure your assembly cannot load if it is granted insufficient directory services access from code access security policy, add an assembly level DirectoryServicesPermissionAttribute with SecurityAction.RequestMinimum as shown in the following example.

 [assembly: DirectoryServicesPermissionAttribute(SecurityAction.RequestMinimum,                         Path="LDAP://rootDSE",                        PermissionAccess=DirectoryServicesPermissionAccess.Browse)]