System.Security.Permissions namespace - PowerPoint PPT Presentation

1 / 13

About This Presentation

Title:

System.Security.Permissions namespace

Description:

Number of Views:73

Avg rating:3.0/5.0

Slides: 14

Provided by: santosh

Learn more at: https://www.cs.odu.edu

Category:

more less

Transcript and Presenter's Notes

Title: System.Security.Permissions namespace

1
System.Security.Permissions namespace

2
Overview

3
Introduction

Permissions are the mechanism through which the
.NET runtime enforces code-access security.
The System.Security.Permissions namespace
contains permission classes and their attributes.

4
Classes in System.Security.Permissions Namespace

There are a lot of classes and
enumerations in this namespace. Few of the
important classes are
Classes
EnvironmentPermission
FileDialogPermission
FileIOPermission
IsolatedStorageFilePermission
IsolatedStoragePermission
ReflectionPermission
RegistryPermission
SecurityPermission
UIPermission
Each of these classes have many methods.

5
Permissions

There are three distinct categories of
permissions defined in the System.Security.Permiss
ions namespace
Code-Access Permissions,
Identity Permissions and
Role-based Permissions
Code-Access Permissions
The Common Language Runtime (CLR) allows
code to perform only those operations that the
code has permission to perform.
Restrict what your code can do
Restrict which code can call your code
Identify code

Identity Permissions
The identity permission classes represent
the value of host evidence that an assembly or
application domain presents to the runtime.
Role-based Permissions
Permissions based on roles of a user on
whose behalf code is running.

7
Code access security

8
Demo Creating permission sets and code groups
9

Two different kinds of syntax when coding
security are
Declarative
Declarative syntax uses attributes to mark
the method, class or the assembly with the
necessary security information.
FileIOPermission(SecurityAction.Demand,
Unrestrictedtrue)
public calss MyClass
public MyClass() ... // all
these methods
public void MyMethod_A() ... //
demands unrestricted access to
public void MyMethod_B() ... //
the file system
Imperative
Imperative syntax uses runtime method calls
to create new instances of security classes.
public calss MyClass
public MyClass()
public void Method_A() // Do
Something
FileIOPermission myPerm new
FileIOPermission(PermissionState.Unrestricted)
myPerm.Demand() // rest of the code
won't get executed if this failed // Do Something
// No demands

Requesting Permissions
An assembly can request permissions before it
is loaded.
RequestMinimum
The code will be only allowed to run
if all the required permissions are granted by
the security policy.
assemblyRegistryPermission(SecurityActi
on.RequestMinimum, Write"HKEY_LOCAL_MACHINE\\Soft
ware")
RequestOptional
Permissions that the code can
use, but not required in order to run.
assemblyFileIOPermission(SecurityAction
.RequestOptional, Write"C\\")
RequestRefuse
To specify the permissions that the
assembly would never require.
assemblyFileIOPermission(SecurityAction.Request
Refuse, Write"C\\")

Overriding Security
An assembly can override the permissions in
three ways.
Assert
Assert method to
stop the stack walk from going beyond the current
stack frame.
FileIOPermission myPerm new
FileIOPermission(FileIOPermissionAccess.Read,
"C\\") myPerm.Assert() // don't check above
stack frames.
Deny
Deny the current set of
permissions.
WebPermission
myWebPermission new WebPermission(NetworkAccess.
Connect, "http//www.somewebsite.com")
myWebPermission.Deny()
PermitOnly
PermitOnly in some situations when
needed to restrict permissions granted by
security policy.
WebPermission
myWebPermission new WebPermission(NetworkAccess.
Connect, "http//www.somewebsite.com")