Approaches for Partial Trust Web Applications


If you develop a partial-trust application or enable an existing application to run at a partial-trust level, and you run into problems because your application is trying to access resources for which the relevant permissions have not been granted, you can use two basic approaches:

  • Customize policy

    Customize policy to grant the required permissions to your application. This might not be possible, for example in hosting environments, where policy restrictions are rigid.

  • Sandbox privileged code

    Place resource access code in a wrapper assembly, grant the wrapper assembly full trust (not the Web application), and sandbox the permission requirements of privileged code.

The right approach depends on what the problem is. If the problem is related to the fact that you are trying to call a system assembly that does not contain AllowPartiallyTrustedCallersAttribute, the problem becomes how to give a piece of code full trust. In this scenario, you should use the sandboxing approach and grant the sandboxed wrapper assembly full trust.

Note  

Customizing policy is the easier of the two approaches because it does not require any development effort.




Improving Web Application Security. Threats and Countermeasures
Improving Web Application Security: Threats and Countermeasures
ISBN: 0735618429
EAN: 2147483647
Year: 2003
Pages: 613

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net