Deciding Which Approach to Take

Previous page
Table of content
Next page

The right approach depends upon the problem you are trying to solve and whether or not you have the option of modifying security policy on the Web server.

Customizing Policy

This approach is the easier of the two and does not require any developer effort. However, you might not be permitted to modify policy on the Web server and, in certain scenarios, your code that calls the .NET Framework class library might require full trust. In these situations, you must use sandboxing . For example, the following resources demand full trust, and you must sandbox your resource access code when it accesses them:

  • Event log (through the EventLog class)

  • OLE DB data sources (through the ADO.NET OLE DB data provider)

  • ODBC data sources (through the ADO.NET ODBC .NET data provider)

  • Oracle databases (through the ADO.NET Oracle .NET data provider)

    Note  

    This list is not exhaustive but it includes commonly used resource types that currently require full trust.

Sandboxing

If you sandbox your privileged application code in a separate assembly, you can grant additional permissions to the assembly. Alternatively, you can grant it full trust without requiring your entire application to run with extended permissions.

For example, consider code that uses the ADO.NET OLE DB data provider and interacts with the System.Data.OleDb.OleDbCommand class. This code requires full trust. Although the System.Data.dll assembly is marked with AllowPartiallyTrustedCallersAttribute , the System.Data.OleDb.OleDbCommand class, among others, cannot be called by partial-trust callers because it is protected with a link demand for full trust. To see this, run the following command using the permview utility from the %windir%\Microsoft.NET\Framework\{version} directory: 

 permview /DECL /OUTPUT System.Data.Perms.txt System.Data.dll

The output in System.Data.Perms.txt includes the following output: 

 class System.Data.OleDb.OleDbCommand LinktimeDemand permission set: <PermissionSet class="System.Security.PermissionSet"                version="1" Unrestricted="true"/>

This illustrates that an unrestricted permission set (full trust) is used in a link demand that protects the System.Data.OleDb.OleDbCommand class. In scenarios such as this, it is not sufficient to configure policy to grant specific unrestricted permissions, such as OleDbPermission , to your partial-trust code. Instead, you must sandbox your resource access code and grant it full trust, and the easiest way to do this is to install it in the GAC. Use Permview.exe to find out about the permission requirements of other classes, although this only shows declarative security attributes. If a class imperatively demands full trust, you cannot see this through Permview.exe. In this event, test the security requirements of the class by calling it from partial-trust code and diagnosing any security exceptions.

Note  

Just because an assembly is marked with APTCA, it does not mean all of the contained classes support partial-trust callers. Some classes may include explicit demands for full trust.



Previous page
Table of content
Next page
Improving Web Application Security. Threats and Countermeasures
Improving Web Application Security: Threats and Countermeasures
ISBN: 0735618429
EAN: 2147483647
Year: 2003
Pages: 613
Authors: Microsoft Corporation
BUY ON AMAZON
Managing Enterprise Systems with the Windows Script Host
Microsoft Windows Server 2003(c) TCP/IP Protocols and Services (c) Technical Reference
PostgreSQL(c) The comprehensive guide to building, programming, and administering PostgreSQL databases
Google Maps Hacks: Tips & Tools for Geographic Searching and Remixing
GO! with Microsoft Office 2003 Brief (2nd Edition)
Quartz Job Scheduling Framework: Building Open Source Enterprise Applications
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy