Links for .NET security stuff

[Olaf Baeyens]

Can someone out there point me to a URL or other reference how to use these
security stuff in .NET?
I know everything can be found online on the msdn but since I am new to this
security stuff, I have a very hard time to find the correct page in the
zillions of abstract pages talking about this topic.

One of the problems is this:
[assembly:FileIOPermission(SecurityAction.RequestMinimum,
Unrestricted=true)]

I can find information about FileIOPermission here:
http://msdn.microsoft.com/library/d...ritypermissionsfileiopermissionclasstopic.asp

I also fiund documentation of SecurityAction.RequestMinimum

But I cannot seem to find what parameters can be declared like
"Unrestricted=true".
I do find documentation about AllAccess, Append, NoAccess, PathDiscovery,
Read, Write, but the word "Unrestricted" is nowwhere seen on that page.

FileIOPermission is one example it would be nice to find some page that
gives an overview of all possible kewords like "Unrestricted", maybe there
are more keywords?

I am now trying to make my match dll more secure, by restricting security
settings.
The dll only has math functionality, no registery, no dialog boxes, no file
access is needed, but it has to run from LAN netwok folders. It also needs
unsafe code.

This is why I try to find SecurityPermission, RegistryPermission,
ZoneIdentityPermission,...documentation that tells me what keywords exist
and how to set it.

Any help would be appreciated.

 

[Guest]

Hi Olaf,

If you are looking for articles on CAS in general, then this is a good read
http://www.codeproject.com/dotnet/UB_CAS_NET.asp?df=100&forumid=30803&exp=0&select=727810

HTH,
Rakesh Rajan

 

[Olaf Baeyens]

If you are looking for articles on CAS in general, then this is a good
read:

http://www.codeproject.com/dotnet/UB_CAS_NET.asp?df=100&forumid=30803&exp=0&select=727810

Yes this seems to be a very good staringpoint.
Thanks.

 

[UAError]

Can someone out there point me to a URL or other reference how to use these
security stuff in .NET?
I know everything can be found online on the msdn but since I am new to this
security stuff, I have a very hard time to find the correct page in the
zillions of abstract pages talking about this topic.

One of the problems is this:
[assembly:FileIOPermission(SecurityAction.RequestMinimum,
Unrestricted=true)]

I can find information about FileIOPermission here:
http://msdn.microsoft.com/library/d...ritypermissionsfileiopermissionclasstopic.asp

I also fiund documentation of SecurityAction.RequestMinimum

But I cannot seem to find what parameters can be declared like
"Unrestricted=true".

IUnrestrictedPermission Interface
http://msdn.microsoft.com/library/d...missionsiunrestrictedpermissionclasstopic.asp
PermissionState Enumeration
http://msdn.microsoft.com/library/d...uritypermissionspermissionstateclasstopic.asp
FileIOPermissionAttribute Class
http://msdn.microsoft.com/library/d...ssionsfileiopermissionattributeclasstopic.asp

If you take a look at the Zone Code groups and the
Permission set in the .NET Framework Configuration Tool
(Runtime, Machine, Permission Sets) you'll discover that
only the "Everything" permission set actually has
"Unrestricted" File IO; FullTrust has it by default as it
for all intents and purposes bypasses CAS. So you would be
well advised not to require

[FileIOPermissionAttribute(SecurityAction.Minimum,Unrestricted=true)]

The above actually does the following:

(new FileIOPermissionAttribute(
SecurityAction.Minimum
)).Unrestricted = true;

So in effect you can determine the possible "parameters" by
looking at FileIOPermissionAttribute's properties.

You may also want to look into
SecurityAction.RequestOptional. The name is totally
misleading:

RequestMinimum - "Required Minimum"; use this to specify the
permissions that you absolutely have to have - if one of the
minimum permission isn't present the runtime will throw a
Security exception (using declarative security your assembly
won't even be allowed to run).

RequestOptional - "Refuse All Except"; use this to
explicitly list all the permissions you may want to use,
while you definitely do not want any other permissions. If
something is RequestOptional the absence of the permission
will not immediately lead to an exception until something
trys to use it.

RequestRefuse - Use this to exclude a subset of something
you already requested, e.g.:

[FileIOPermissionAttribute(SecurityAction.RequestOptional,
Read=@"C:\"]
[FileIOPermissionAttribute(SecurityAction.RequestRefuse,
Read=@"C:\Windows"]

I do find documentation about AllAccess, Append, NoAccess, PathDiscovery,
Read, Write, but the word "Unrestricted" is nowwhere seen on that page.

FileIOPermission is one example it would be nice to find some page that
gives an overview of all possible kewords like "Unrestricted", maybe there
are more keywords?

Just look at FileIOPermissionAttribute's properties

I am now trying to make my match dll more secure, by restricting security
settings.
The dll only has math functionality, no registery, no dialog boxes, no file
access is needed, but it has to run from LAN netwok folders. It also needs
unsafe code.

So you do not want to require "File IO" permission as that
is not included in the LocalIntranet permission set. If you
require file access you will need to handle this with
OpenFileDialog and SaveFileDialog and the stream they make
available (essentially the user is granting the assembly on
a case by case basis access to the indicated file).

Unsafe code is a no-no with the LocalIntranet permission
set; its "Security" "Allow calls to unmanaged code" is set
to "No". You would have to create a separate assembly that
manipulates the unmanaged code and declares:

[assembly:AllowPartiallyTrustedCallers]

That one then needs to be granted "Security" "Allow calls to
unmanaged code" is set to "Yes" and "Security" "Assert any
permission that has been granted" to "Yes" (basically
installing it on the client machine and granting it full
trust, though a tightly constrained custom code group and
permission set on the machine would be preferrable). Then
your assembly could call it as long as the local assembly
used an "Assert" to stop the stack walk.

AllowPartiallyTrustedCallersAttribute Class
http://msdn.microsoft.com/library/d...artiallytrustedcallersattributeclasstopic.asp

CodeAccessPermission.Assert Method
http://msdn.microsoft.com/library/d...uritycodeaccesspermissionclassasserttopic.asp

This is why I try to find SecurityPermission, RegistryPermission,
ZoneIdentityPermission,...documentation that tells me what keywords exist
and how to set it.

Any help would be appreciated.

..NET Framework Developer's Guide: Code Access Security
http://msdn.microsoft.com/library/d...n-us/cpguide/html/cpconcodeaccesssecurity.asp
Chapter 8 – Code Access Security in Practice
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnnetsec/html/thcmch08.asp
How To: Use Code Access Security Policy to Constrain an
Assembly
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnnetsec/html/htcode_acc.asp

 

[Olaf Baeyens]

Nice, nice thank you, for this information and links.
Completely understanding is one thing, but at least I have now some good
starting points.

Thanks.


--
http://www.skyscan.be

IUnrestrictedPermission Interface
http://msdn.microsoft.com/library/d...missionsiunrestrictedpermissionclasstopic.asp
PermissionState Enumeration
http://msdn.microsoft.com/library/d...uritypermissionspermissionstateclasstopic.asp
FileIOPermissionAttribute Class
http://msdn.microsoft.com/library/d...ssionsfileiopermissionattributeclasstopic.asp

........

 

[UAError]

Nice, nice thank you, for this information and links.
Completely understanding is one thing, but at least I have now some good
starting points.

Thanks.

Well I did't directly mention the easier way out (as opposed
to creating two separate assemblies) by simply creating a
custom permission set and code group with an appropriate
membership condition to grant your assembly the permissions
it needs to operate - AFTER you constrained the permissions
it acquires (through RequestOptional).

..NET Framework Developer's Guide: Configuring Permission
Sets Using the .NET Framework Configuration Tool
http://msdn.microsoft.com/library/d...configurationtooltoworkwithpermissionsets.asp

..NET Framework Developer's Guide: Configuring Code Groups
Using the .NET Framework Configuration Tool
http://msdn.microsoft.com/library/d...gnetconfigurationtooltoworkwithcodegroups.asp

..NET Framework Developer's Guide: Computing the Allowed
Permission Set
http://msdn.microsoft.com/library/d...e/html/cpconcomputingallowedpermissionset.asp

The dll only has math functionality, no registery, no dialog boxes, no file
access is needed, but it has to run from LAN netwok folders. It also needs
unsafe code.

You haven't elaborated on why you are operating the assembly
from the network. If its to be included in some "ad hoc"
programs/applications you could initially develop your
custom Permission set/Code Group in the ".NET Framework
Configuration Tool". After you know what will be needed
create a .bat file for potential users of your assembly that
can deploy the required Permission set/Code Group by using
Caspol.exe.

NET Framework Tools: Code Access Security Policy Tool
(Caspol.exe)
http://msdn.microsoft.com/library/d...fCodeAccessSecurityPolicyUtilityCaspolexe.asp

..NET Framework Developer's Guide: Configuring Permission
Sets Using Caspol.exe
http://msdn.microsoft.com/library/d...conusingcaspolexetoworkwithpermissionsets.asp

..NET Framework Developer's Guide: Configuring Code Groups
Using Caspol.exe
http://msdn.microsoft.com/library/d...l/cpconusingcaspolexetoworkwithcodegroups.asp

If however the assembly is to be used by multiple well
established applications within you organization you should
really be considering deploying it to the GAC (Global
Assembly Cache) of each machine by including it in a Merge
Module for the application setup projects.

Visual Studio: Introduction to Merge Modules
http://msdn.microsoft.com/library/d...l/vbconwhatyouneedtoknowaboutmergemodules.asp

Operating from the GAC you probably will not need a custom
Code Group/Permission set - and even if you do you can run
caspol from the custom actions or use the
System.Security.SecurityManager class to manipulate the
Security policy.

..NET Framework Class Library: SecurityManager Class
http://msdn.microsoft.com/library/d...rfSystemSecuritySecurityManagerClassTopic.asp

http://www.sellsbrothers.com/wahoo/

Even if you do not deploy to the GAC, you may want to
consider assigning a strong name to your assembly. That way
it is more difficult to "impersonate" your assembly (and you
can use it to further constrain the membership condition of
your custom code group).

..NET Framework Developer's Guide: Creating and Using
Strong-Named Assemblies
http://msdn.microsoft.com/library/d.../cpconworkingwithstrongly-namedassemblies.asp

 

[Olaf Baeyens]

Well I did't directly mention the easier way out (as opposed

to creating two separate assemblies) by simply creating a
custom permission set and code group with an appropriate
membership condition to grant your assembly the permissions
it needs to operate - AFTER you constrained the permissions
it acquires (through RequestOptional).

.....
Many thanks for the detailed explanation and links.
I think that this is a wonderfull overview from programmers point of view.


Now comes the hard part: understanding it all. ;-)
But it lowers the learning curve.