Click here to Skip to main content
Click here to Skip to main content
Technical Blog

Tagged as

What are the Changes in .NET 4.0 Security Model & What is Sandboxing?

, 5 Jun 2014 CPOL
Rate this:
Please Sign up or sign in to vote.
What are the Changes in .NET 4.0 Security Model & What is Sandboxing?

CAS is completely deprecated in .NET 4.0 and there are 2 big changes done in .NET 4.0:

  1. Granting of permission is dependent on the host and not the CAS Model.
  2. Introduction of Security Transparent Model. In this .NET code is divided in 3 kinds of code:

I. Security Critical Code

A full trusted code is known as Security Critical Code and it has full access to my system. We need to ensure that this code is not called by unsafe code (Security Transparent Code).To create a code as Security Critical, we have to put “[assembly: SecurityCritical()]” attribute in Properties->Assemblyinfo.cs.

II. Security Transparent Code

A code which you feel unsafe is known as Security Transparent Code. To create a code as Security Critical, we have to put “[assembly: SecurityTransparent()]” attribute in Properties->Assemblyinfo.cs.

III Security Safe Critical Code

A Bridge between Security Transparent Code and Security Critical Code to access Security Critical Code via Security Transparent Code.

Security Transparent model is good if the code control is in our hands.

Sandboxing

If you want to execute an untrusted third party DLL, you can create your own “Appdomain” and assign permission set so that your third party DLL runs under a control environment. This process is called sandboxing.

To implement Sandboxing, first we have to create the object of “PermissionSet” and assign Permissions as per our requirement, then we have to create “AppDomain” object with the permissionset object we created and in this “AppDomain” object, we will put that class in which we want to implement Sandboxing. (See the video for a practical implementation.)


License

This article, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Share

About the Author

Akash Ashok Jain
Software Developer (Senior)
India India
I am "Akash Jain" working in IT Industry from last 6 years. From the beginning of my career I worked with C# for both windows and web application. In my short career I worked for 2 Major ERP Applications, e-commerce applications, CMS based applications and also few static websites.
 
I am a MCP for web application for ASP.NET 4.0. I have also done PMP training as project management is one of my interest area.
Follow on   Twitter   Google+   LinkedIn

Comments and Discussions

 
GeneralMy vote of 2 PinmemberQwertie13-Jun-14 6:37 
QuestionItem 2 PinprofessionalPaulo Zemek11-Jun-14 5:14 

General General    News News    Suggestion Suggestion    Question Question    Bug Bug    Answer Answer    Joke Joke    Rant Rant    Admin Admin   

Use Ctrl+Left/Right to switch messages, Ctrl+Up/Down to switch threads, Ctrl+Shift+Left/Right to switch pages.

| Advertise | Privacy | Mobile
Web02 | 2.8.141022.2 | Last Updated 6 Jun 2014
Article Copyright 2014 by Akash Ashok Jain
Everything else Copyright © CodeProject, 1999-2014
Terms of Service
Layout: fixed | fluid