This article first starts with the basic concepts of CAS like evidence, permission, code groups and caspol.exe. It then moves ahead to demonstrate how CAS can be implemented in real world. This article further talks about ground up changes made in .NET 4.0 for CAS. In those regards it discusses about security transparent model and sandboxing.
IntroductionMany developers understand the concept of CAS (Code access security) but very few know how to implement the same. This article will discuss and demonstrate practically all those aspects of CAS which you have ready only in theory till today.This article first starts with the basic concepts of CAS like evidence, permission, code groups and caspol.exe. It then moves ahead to demonstrate how CAS can be implemented in real world. This article further talks about ground up changes made in .NET 4.0 for CAS. In those regards it discusses about security transparent model and sandboxing.Bet me this article is your last chance to see CAS in actual action....enjoy.This is a small Ebook for all my .NET friends which covers topics like WCF, WPF, WWF, AJAX, Core .NET, SQL etc you can download the same from SampleDotNetInterviewQuestionBook or else you can catch me on my daily free training on http://www.questpond.com/ What is CAS?Code Access security is a security model which grants or denies permission to your assembly depending on evidences like from where the code has emerged, who the publisher is? , strong names etc. When you want to execute any code in your environment you would first like to know from where the code came from. Depending from where it came from, you would then would like to give him access rights. For instance a code compiled from your own computer would have greater rights than code downloaded from the internet.In order to know the same we need to probe the assembly / exe / dll and get evidences like who is the publisher of the code , from which site has this code from , from which zone has it come from ( internet , intranet etc) etc. What is a permission and permission set?Once you have gathered the evidences about the code you would like to assign permission to the code. There are various permissions which you can assign to the code like Can the code create a file, can we write to registry, can the code execute reflection, can the code open file dialog box etc. These permissions are collect permission sets and those permission sets are allocated to the code. Code groups are nothing but categories of code. These categories are defined by permissions and evidence values. When .NET code runs it's assigned to a code group by the evidences which are collected during runtime. For instance there are various default code groups like My computer zone , internet zone , intranet zone etc. My computer zone code group is allocated to code who evidence says that they are assemblies which are installed on the computer and they have permission set 'internet' which has various permissions like file dialog , execute , user interface , printing etc. When the assembly runs following steps takes place:-
PermissionSet permset = new PermissionSet(PermissionState.None);permset.AddPermission(new SecurityPermission(SecurityPermissionFlag.Execution));permset.AddPermission(new UIPermission(UIPermissionWindow.AllWindows));Step 2:- Apply the above defined permission set to the newly created application domain as shown in the below code snippet.
AppDomainSetup objSetup = new AppDomainSetup();objSetup.ApplicationBase = AppDomain.CurrentDomain.SetupInformation.ApplicationBase;AppDomain domain = AppDomain.CreateDomain("New domain name", AppDomain.CurrentDomain.Evidence, objSetup, permset);
Interface1 i1 = (ClassLibrary1.Class1)domain.CreateInstanceAndUnwrap("ClassLibrary1", "ClassLibrary1.Class1");i1.ShowDialog();
<configuration><runtime><NetFx40_LegacySecurityPolicy enabled="true"/></runtime></configuration>http://blogs.rev-net.com/ddewinter/2010/03/02/tip-20-opting-out-of-security-changes-in-net-4-in-asp-net-and-custom-appdomains/
Active Directory-222