A Brief Review of Other Security Actions

There are many security actions. An exhaustive discussion would require a tome of its own. In fact, such a volume exists: .NET Framework Security by Brian LaMacchia et al. [2002]. Here is a brief explanation of security actions to help point you in the right direction when you have a specific need. (I excluded the Demand and Assert actions, which we have already covered.)

The LinkDemand Action

This security action applies to classes and methods . LinkDemand is evaluated when the assembly is JITted, and the immediate call must have the requested permission.

The InheritanceDemand Action

This security action applies to classes and methods. InheritanceDemand , evaluated at load time, requires that the subclass overriding and the inherited method have the requested permission.

The Deny Action

This security action applies to classes and methods. Deny is evaluated at runtime. It denies the specified permission to callers even if they have been granted the permission by the security policy. Deny is used to tighten security more than the policy does.

The PermitOnly Action

This security action applies to classes and methods. PermitOnly is evaluated at runtime and permits only the resources requested by the permission to be accessible even if the policy has granted access to additional resources.

The RequestMinimum Action

This security action applies only to assemblies. RequestMinimum is evaluated when the assembly policy is created, and it indicates the minimum permissions needed for the assembly to run. If the minimum permissions haven't been granted, the assembly will not load. For example, if we added the following attribute to the assemblyInfo.vb file for AssertExample.exe , the AssertExample.exe assembly would not event load.

 <Assembly: Security.Permissions.RegistryPermission( _   Security.Permissions.SecurityAction.RequestMinimum, All:="*")> 

This assumes that we have altered the granted permissions for AssertExample.exe . Refer to the earlier subsection Sandboxing Assemblies for Testing Purposes for more information.

The RequestOptional Action

This security action applies only to assemblies. RequestOptional is evaluated at grant time and is used to request permissions that are optional. Use this action when you have a code workaround for a permission not granted. For instance, if a particular feature, such as logging events, isn't necessary for your application to run, you could request optional EventLogPermission .

The RequestRefuse Action

This security action applies only to assemblies. RequestRefuse , evaluated at grant time, is used to specify permissions that will not be granted by callers.



Visual Basic. NET Power Coding
Visual Basic(R) .NET Power Coding
ISBN: 0672324075
EAN: 2147483647
Year: 2005
Pages: 215
Authors: Paul Kimmel

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net