Tải bản đầy đủ - 0 (trang)
11-6. View the Permissions Required by an Assembly

11-6. View the Permissions Required by an Assembly

Tải bản đầy đủ - 0trang

CHAPTER 11 ■ SECURITY AND CRYPTOGRAPHY



The Code

The following example shows a class that declares a minimum, optional, and refusal request, as well as a

number of imperative security demands:

using System;

using System.Net;

using System.Security.Permissions;

// Minimum permission request for SocketPermission.

[assembly: SocketPermission(SecurityAction.RequestMinimum,

Unrestricted = true)]

// Optional permission request for IsolatedStorageFilePermission.

[assembly: IsolatedStorageFilePermission(SecurityAction.RequestOptional,

Unrestricted = true)]

// Refuse request for ReflectionPermission.

[assembly: ReflectionPermission(SecurityAction.RequestRefuse,

Unrestricted = true)]

namespace Apress.VisualCSharpRecipes.Chapter11

{

class Recipe11_06

{

public static void Main()

{

// Create and configure a FileIOPermission object that represents

// write access to the C:\Data folder.

FileIOPermission fileIOPerm =

new FileIOPermission(FileIOPermissionAccess.Write, @"C:\Data");

// Make the demand.

fileIOPerm.Demand();

// Do something . . .

// Wait to continue.

Console.WriteLine("Main method complete. Press Enter.");

Console.ReadLine();

}

}

}



555



www.it-ebooks.info



CHAPTER 11 ■ SECURITY AND CRYPTOGRAPHY



Usage

Executing the command permview Recipe11-06.exe will generate the following output. Although this

output is not particularly user-friendly, you can decipher it to determine the declarative permission

requests made by an assembly. Each of the three types of permission requests—minimum, optional, and

refused—is listed under a separate heading and is structured as the XML representation of a

System.Security.PermissionSet object.

Microsoft (R) .NET Framework Permission Request Viewer.

Version 1.1.4322.573

Copyright (C) Microsoft Corporation 1998-2002. All rights reserved.



minimal permission set:









optional permission set:









556



www.it-ebooks.info



CHAPTER 11 ■ SECURITY AND CRYPTOGRAPHY



refused permission set:







Executing the command permcalc -sandbox Recipe11-06.exe will generate a file named

sandbox.PermCalc.xml that contains XML representations of the permissions required by the assembly.

Where the exact requirements of a permission cannot be determined (because it is based on runtime

data), Permcalc.exe reports that unrestricted permissions of that type are required. You can instead

default to the Internet zone permissions using the -Internet flag. Here are the contents of

sandbox.PermCalc.xml when run against the sample code:








class="System.Security.Permissions.FileIOPermission, mscorlib,

Version=2.0.0.0, Culture=neutral,

PublicKeyToken=b77a5c561934e089" />







557



www.it-ebooks.info



CHAPTER 11 ■ SECURITY AND CRYPTOGRAPHY




Unrestricted="true" />







11-7. Determine at Runtime If Your Code Has a Specific

Permission

Problem

You need to determine at runtime if your assembly has a specific permission.



Solution

Instantiate and configure the permission you want to test for, and then pass it as an argument to the

static method IsGranted of the class System.Security.SecurityManager.



■ Note CAS is deprecated in .NET 4.0.



How It Works

Using minimum permission requests, you can ensure that the runtime grants your assembly a specified

set of permissions. As a result, when your code is running, you can safely assume that it has the

requested minimum permissions. However, you might want to implement opportunistic functionality

that your application offers only if the runtime grants your assembly appropriate permissions. This

approach is partially formalized using optional permission requests, which allow you to define a set of

permissions that your code could use if the security policy granted them, but are not essential for the

successful operation of your code. (Recipe 11-5 provides more details on using optional permission

requests.)

The problem with optional permission requests is that the runtime has no ability to communicate to

your assembly which of the requested optional permissions it has granted. You can try to use a protected

operation and fail gracefully if the call results in the exception System.Security.SecurityException.

However, it’s more efficient to determine in advance whether you have the necessary permissions. You

can then build logic into your code to avoid invoking secured members that will cause stack walks and

raise security exceptions.



558



www.it-ebooks.info



CHAPTER 11 ■ SECURITY AND CRYPTOGRAPHY



■ Note IsGranted checks the grant set only of the calling assembly. It does not do a full stack walk to evaluate

the grant set of other assemblies on the call stack.



The Code

The following example demonstrates how to use the IsGranted method to determine if the assembly has

write permission to the directory C:\Data. You could make such a call each time you needed to test for

the permission, but it’s more efficient to use the returned Boolean value to set a configuration flag

indicating whether to allow users to save files.

using System.Security;

using System.Security.Permissions;

namespace Apress.VisualCSharpRecipes.Chapter11

{

class Recipe11_07

{

// Define a variable to indicate whether the assembly has write

// access to the C:\Data folder.

private bool canWrite = false;

public Recipe11_07()

{

// Create and configure a FileIOPermission object that represents

// write access to the C:\Data folder.

FileIOPermission fileIOPerm =

new FileIOPermission(FileIOPermissionAccess.Write, @"C:\Data");

// Test if the current assembly has the specified permission.

canWrite = SecurityManager.IsGranted(fileIOPerm);

}

}

}



11-8. Restrict Who Can Extend Your Classes and Override

Class Members

Problem

You need to control what code can extend your classes through inheritance and which class members a

derived class can override.



559



www.it-ebooks.info



Tài liệu bạn tìm kiếm đã sẵn sàng tải về

11-6. View the Permissions Required by an Assembly

Tải bản đầy đủ ngay(0 tr)

×