Need a explanation on SqlClientPermission

[Tony]

Hello!

Here I have some code that use SqlClientPermission.
I hope that somebody can explain how the code lines marked with 1 can can
have any effect on the code lines marked with 2.
How can these two lines
SqlConnection con = new SqlConnection(@"Data Source=localhost; Initial
Catalog=Pubs;Integrated Security=True;");
con.Open();
have any knowledge of the codelines marked with 1.


protected void Page_Load(object sender, EventArgs e)
{
1 SqlClientPermission perm = new
SqlClientPermission(PermissionState.None);
1 perm.Add(@"Data Source=localhost; Initial
Catalog=Northwind;Integrated Security=True;",
1 null,KeyRestrictionBehavior.AllowOnly);
1 perm.PermitOnly();

2 SqlConnection con = new SqlConnection(@"Data Source=localhost;
Initial Catalog=Pubs;Integrated Security=True;");
2 con.Open();
}

//Tony

 

[bradbury9]

Hello!

Here I have some code that use SqlClientPermission.
I hope that somebody can explain how the code lines marked with 1 can can
have any effect on the code lines marked with 2.
How can these two lines
    SqlConnection con = new SqlConnection(@"Data Source=localhost; Initial
Catalog=Pubs;Integrated Security=True;");
    con.Open();
have any knowledge of the codelines marked with 1.

protected void Page_Load(object sender, EventArgs e)
{
 1       SqlClientPermission perm = new
SqlClientPermission(PermissionState.None);
 1      perm.Add(@"Data Source=localhost; Initial
Catalog=Northwind;Integrated Security=True;",
 1           null,KeyRestrictionBehavior.AllowOnly);
 1    perm.PermitOnly();

2        SqlConnection con = new SqlConnection(@"Data Source=localhost;
Initial Catalog=Pubs;Integrated Security=True;");
2       con.Open();

}

//Tony

Here is some good info about code access security, how to configure it
and use it. Hope it helps http://msdn.microsoft.com/en-us/library/0x4t63kb(v=vs.80).aspx

 

[Andy]

Integrated security is usually windows active directory security.
Basically, active directory generates a token (sort of like a cookie)
for your windows session when it authenticates who you are after
you've logged in. This token is then passed to applications which
proves to them you've been authenticated. Lines2 know if you've been
authenticated or not by the existance of a valid token.

SQL server also has a second layer of securtiy that controls which
authenticated users (with tokens) are authorized to access what parts
of SQL Server and its databases. Authorization level security is
wholy configired within each application. In SQL Server's case, its
the accounts that appear under the users folders for each database.

There are many other issues around the use of tokens, including how
far they can be passed between machines and whether anonymous accounts
are substituted for them.