Click here to Skip to main content
Click here to Skip to main content
Go to top

Code Access Security Part - 2 (.Net FrameWork Tools Series)

, 17 Jan 2006
Rate this:
Please Sign up or sign in to vote.
Code Access Security Part - 2 (.Net FrameWork Tools Series)
<!-- Article Starts - DO NOT ADD HTML/BODY START TAGS-->

Code Access Security Part - 2 (.Net FrameWork Tools Series)

Please read the Part - 1 before you read this article.

Before we start with our sample app we need to view the security configuration files on the machine. You will find them under

<drive>\WInNT\Microsoft.NET\FrameWork\<version>\Config

Enterprise Level Security configuration file is :- enterprise.config

Machine Level Security configuration file is :- security.config

You will find the user security configuration file in

<drive>:\Documents and Settings\<userprofile>\Application

Data\Microsoft\CLR Security Config\v1.1.4322\security.config

Let us now create our sample app.In this we will create .Windows Forms application which will try and read and write to the local disk.

1) Go to VS.NET create a new Win App.

2) On the Form Place one text box And one button Make the multiline property of the text box true.

3) In the click event of the button write the followinf piece of code which writes to a file wat ever is written in the text box.

StreamWriter sWriter = new StreamWriter("C://MyTextFile.txt"); 
sWriter.Write(textBox1.Text); 
sWriter.Flush(); 
sWriter.Close();

4) If you run this from your machine you will be able to create the file and write the textbox contents in it.

Well Currently this code is executing on the local machine cause in the local mahinc policy MyComputer Zone has Full trust permission set.

Check it out by typing caspol -m -lg

Suppose if we were to run this same app from a local network share then the Intranet code access group does not have the permission to write to the local hard disk.

5) Place the exe on a network share and execut it. It should give you a Security Permission Exception.

6) Modify your code to catch the exception and give a user friendly message. Run the file again from the network share.

Suppose that we wanted this application to run from the network share. For that we will need to change the Intranet Permission set.

caspol.exe -chggroup 1.2 FulTrust. /* This command tells to fully trust all the intranet applications */

Note : Please be extremely careful to chagne the permission sets as this can coz a lot viruses and other spy wares to come in. Change the permission sets only if you have not made any custom changes to your PC. After changing the permission set use caspol.exe.

Thus in this way we can prevent malicious code to access our resources.

Lets now explore the other options of caspol.exe

Turning the Security On/Off

It is possible to turn the .Net Security Off if so for any reason. By default it is On.

caspol.exe -security off /* to turn of the .Net security */

To reset the security to .Net default security use

caspol.exe -reset

To create a new code group

caspol.exe -addgroup 1.3 -site www. <name of the site> /* this will add full trust for any content from this site. */

To create a code group under intranet with fulltrust to a particular share on the network

caspol.exe -addgroup 1.2 -url <A href="file://<machinename>/<foldername>/">file://<machinename>/<foldername>/</A>* FullTrust

To remove a code group give the codegroup number (as shown in the list groups) with -remgroup option

caspol.exe -remgroup 1.3.2

To change the code group's permission( we just sw above when we changed the permission for our intranet code group)

caspol.exe -chggroup 1.2 FullTrust

You can add code group for a particular strong name E.g. If you have an application MyApp.exe and you want any version of this application have FullTrust you can achieve that by using the a similar command

caspol.exe -addgroup l -strong -file \bin\debug\MyApp.exe - noname -noversion FullTrust

This command will create a new strong Name code group. You can view it by giving caspol -lg command.

You will see that are already 2 strong name code groups installed by default. They belong to Microsoft and ECMA.

License

This article has no explicit license attached to it but may contain usage terms in the article text or the download files themselves. If in doubt please contact the author via the discussion board below.

A list of licenses authors might use can be found here

Share

About the Author

Namratha Shah
Architect
United States United States
Namratha Shah a.k.a. Nasha is from orginally from Bombay, India but currently residing NJ, USA. She has to her credit, a Bachelor’s Degree in Microbiology and Biotechnology and a Master's in Computer and Software Applications (1999-2001) from Somaiya College Bombay. She started her career with C and C++ and then moved on to Microsoft Technologies. She has over 7.5 years experience in software architecture, design and development. She is a Certified Scrum Master and a member of the CORE .NET Architecture team. She has been Awarded with Microsoft’s Prestigious Most Valuable Professional (MVP) twice consecutively in years 2005 and 2006 in Visual C#.NET for her outstanding contributions to the .NET community.

Comments and Discussions

 
GeneralSimilar Problems with VS 2008 Pinmemberinfinitess24-Jun-08 21:29 
GeneralThanks Pinmemberinfinitess13-Jun-07 0:25 

General General    News News    Suggestion Suggestion    Question Question    Bug Bug    Answer Answer    Joke Joke    Rant Rant    Admin Admin   

Use Ctrl+Left/Right to switch messages, Ctrl+Up/Down to switch threads, Ctrl+Shift+Left/Right to switch pages.

| Advertise | Privacy | Mobile
Web04 | 2.8.140916.1 | Last Updated 17 Jan 2006
Article Copyright 2006 by Namratha Shah
Everything else Copyright © CodeProject, 1999-2014
Terms of Service
Layout: fixed | fluid