|
security
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
UIPermission ClipboardI'm hoping that someone can assist me. I'm trying to set code access security to prevent an application interacting with the Clipboard. Seemingly, it should be a relatively straightforward setting to apply but I can't seem to get the setting correct - no matter what configuration of attribute I craft up, which has me very confused... Assembly attributes that I have tried: ------------------------------------ [assembly:UIPermission(SecurityAction.RequestRefuse, Clipboard=UIPermissionClipboard.NoClipboard)] I've tried every combination of {SecurityAction.RequestRefuse | SecurityAction.RequestOptional | SecurityAction.RequestMinimum} with every combination of {UIPermissionClipboard.NoClipboard | UIPermissionClipboard.OwnClipboard | UIPermissionClipboard.AllClipboard} and with {Unrestricted=true | Unrestricted=false} Class / Method attributes that I have tried: ------------------------------------------ [UIPermission(SecurityAction.PermitOnly, Clipboard=UIPermissionClipboard.NoClipboard)] I've tried every combination of {SecurityAction.Assert | SecurityAction.Demand | SecurityAction.Deny | SecurityAction.LinkDemand | SecurityAction.PermitOnly} with every combination of {UIPermissionClipboard.NoClipboard | UIPermissionClipboard.OwnClipboard | UIPermissionClipboard.AllClipboard} and with {Unrestricted=true | Unrestricted=false} This is the code that I applied the attributes to - but I couldn't get any combination to throw a security exception ... using System; using System.Security; using System.Security.Permissions; using System.Windows.Forms; namespace UIPermissionSpike { class App { [STAThread] static void Main(string[] args) { try { SecureClipboard.SetData(); } catch (SecurityException securityException) { Console.WriteLine(securityException.Message); Console.ReadLine(); } } } public sealed class SecureClipboard { private SecureClipboard() { } public static void SetData() { Clipboard.SetDataObject("Hello World!", true); } } } Have you tried the following assembly level CAS permission?
[assembly:UIPermissionAttribute(SecurityAction.RequestRefuse, Clipboard=UIPermissionClipboard.AllClipboard)] Yes, I have tried that (and every other combination I can think of) but I
can still access the Clipboard without encountering a SecurityException. Show quoteHide quote "swat" <loka_1***@yahoo.com> wrote in message news:1113981913.414186.184150@o13g2000cwo.googlegroups.com... > Have you tried the following assembly level CAS permission? > > [assembly:UIPermissionAttribute(SecurityAction.RequestRefuse, > Clipboard=UIPermissionClipboard.AllClipboard)] > RequestRefuse does not generate an exception. You would need to use
RequestMinimum or one of the Demand methods. RequestMinimum generates a PolicyException if the permissions have not been granted. Demand, LinkDemand, and InheritanceDemand generate SecurityExceptions if the permissions are not present. Try this: [assembly:UIPermissionAttribute(SecurityAction.RequestMinimum, Clipboard=UIPermissionClipboard.NoClipboard)] (at assembly level) or [UIPermission(SecurityAction.Demand, Clipboard=UIPermissionClipboard.NoClipboard)] (at class or method level) If you are running the code locally, it falls under the Machine > My_Computer_Zone code group. Check the permission set on the My_Computer_Zone code group. If it is set to "FullTrust", CAS checks will be ignored. Set it to the "Everything" permission set. All permissions are then granted, but at least CAS checks will not be ignored. Hope this helps. swat,
Thanks for your help. Unfortunately, this doesn't help me to achieve my objective. Essentially, what I am trying to do is set the CAS attribute to announce "don't let me try to access the clipboard and throw a security exception if I do". The reason why I want to do this is so that I can attribute that the application shouldn't be accessing that resource *even if it has the right to*. I can achieve this with other Permission attributes, for example I can cause a security exception when trying to print even if I have the rights by adding this attribute: [assembly:PrintingPermission(SecurityAction.RequestRefuse, Level=PrintingPermissionLevel.AllPrinting)] Regards, Alan Dean email: adeanRemoveThisT***@hotmail.com blog: http://www.dotnetjunkies.com/weblog/alan.dean/ "swat" <loka_1***@yahoo.com> wrote in message RequestRefuse does not generate an exception. You would need to usenews:1113990642.701961.258140@o13g2000cwo.googlegroups.com... RequestMinimum or one of the Demand methods. RequestMinimum generates a PolicyException if the permissions have not been granted. Demand, LinkDemand, and InheritanceDemand generate SecurityExceptions if the permissions are not present. Try this: [assembly:UIPermissionAttribute(SecurityAction.RequestMinimum, Clipboard=UIPermissionClipboard.NoClipboard)] (at assembly level) or [UIPermission(SecurityAction.Demand, Clipboard=UIPermissionClipboard.NoClipboard)] (at class or method level) If you are running the code locally, it falls under the Machine > My_Computer_Zone code group. Check the permission set on the My_Computer_Zone code group. If it is set to "FullTrust", CAS checks will be ignored. Set it to the "Everything" permission set. All permissions are then granted, but at least CAS checks will not be ignored. Hope this helps. You were right that RequestMinimum would not help (my error). This only
declares the minimum rights your assembly should have to run. And obviously it does have Clipboard permissions. RequestRefuse or Deny are the only two options you could use to reduce permissions on your assembly. I still find it strange, though, that you can call RequestRefuse on Printing and it generates an error, while this doesn't work for the Clipboard. Sorry I couldn't help. It sounds as if CAS is being ignored...
Check what code groups/permissions your assembly has by going to Runtime Security Policy > Evaluate assembly in the .NET configuration tool. If you are running the code locally, chances are great that your assembly will fall in the My_Computer_Zone code group. Check what permission set on the My_Computer_Zone code group. If it is set to "FullTrust", set it to the "Everything" permission set. Hope this helps. The Clipboard.SetDataObject does not demand any CAS permissions, at least in
..NET Framework v. 1.1 SP1. If you want to force a demand via your own code, one approach would be to add a demand for UIPermission\Clipboard on your SecureClipboard.SetData method. e.g.: [UIPermission(SecurityAction.Demand, Clipboard = UIPermissionClipboard.AllClipboard)] public static void SetData() { Clipboard.SetDataObject("Hello World!", true); } HTH, Nicole Show quoteHide quote "Alan Dean" <adeanRemoveThisT***@hotmail.com> wrote in message news:eTTDuFURFHA.3704@TK2MSFTNGP12.phx.gbl... > Hi, > > I'm hoping that someone can assist me. I'm trying to set code access > security to prevent an application interacting with the Clipboard. > > Seemingly, it should be a relatively straightforward setting to apply but > I can't seem to get the setting correct - no matter what configuration of > attribute I craft up, which has me very confused... > > Assembly attributes that I have tried: > ------------------------------------ > [assembly:UIPermission(SecurityAction.RequestRefuse, > Clipboard=UIPermissionClipboard.NoClipboard)] > > I've tried every combination of {SecurityAction.RequestRefuse | > SecurityAction.RequestOptional | SecurityAction.RequestMinimum} with every > combination of {UIPermissionClipboard.NoClipboard | > UIPermissionClipboard.OwnClipboard | UIPermissionClipboard.AllClipboard} > and with {Unrestricted=true | Unrestricted=false} > > Class / Method attributes that I have tried: > ------------------------------------------ > [UIPermission(SecurityAction.PermitOnly, > Clipboard=UIPermissionClipboard.NoClipboard)] > > I've tried every combination of {SecurityAction.Assert | > SecurityAction.Demand | SecurityAction.Deny | SecurityAction.LinkDemand | > SecurityAction.PermitOnly} with every combination of > {UIPermissionClipboard.NoClipboard | UIPermissionClipboard.OwnClipboard | > UIPermissionClipboard.AllClipboard} and with {Unrestricted=true | > Unrestricted=false} > > > This is the code that I applied the attributes to - but I couldn't get any > combination to throw a security exception ... > > using System; > using System.Security; > using System.Security.Permissions; > using System.Windows.Forms; > > namespace UIPermissionSpike > { > class App > { > [STAThread] static void Main(string[] args) > { > try > { > SecureClipboard.SetData(); > } > catch (SecurityException securityException) > { > Console.WriteLine(securityException.Message); > Console.ReadLine(); > } > } > } > > public sealed class SecureClipboard > { > private SecureClipboard() > { } > > public static void SetData() > { > Clipboard.SetDataObject("Hello World!", true); > } > } > } > > Nicole,
Unfortunately, this doesn't help - if you are running under Full Trust then the demand will succeed because "All callers higher in the call stack are required to have been granted the permission specified by the current permission object". I want to cause a security exception to be encountered even if the call stack has the rights to access the clipboard. I can achieve this with other Permission attributes, for example I can cause a security exception when trying to print even if I have the rights by adding this attribute: [assembly:PrintingPermission(SecurityAction.RequestRefuse, Level=PrintingPermissionLevel.AllPrinting)] Regards, Alan Dean email: adeanRemoveThisT***@hotmail.com blog: http://www.dotnetjunkies.com/weblog/alan.dean/ Show quoteHide quote "Nicole Calinoiu" <calinoiu REMOVETHIS AT gmail DOT com> wrote in message news:euifoOZRFHA.3664@TK2MSFTNGP15.phx.gbl... > The Clipboard.SetDataObject does not demand any CAS permissions, at least > in .NET Framework v. 1.1 SP1. If you want to force a demand via your own > code, one approach would be to add a demand for UIPermission\Clipboard on > your SecureClipboard.SetData method. e.g.: > > [UIPermission(SecurityAction.Demand, Clipboard = > UIPermissionClipboard.AllClipboard)] > public static void SetData() > { > Clipboard.SetDataObject("Hello World!", true); > } > > HTH, > Nicole > > > "Alan Dean" <adeanRemoveThisT***@hotmail.com> wrote in message > news:eTTDuFURFHA.3704@TK2MSFTNGP12.phx.gbl... >> Hi, >> >> I'm hoping that someone can assist me. I'm trying to set code access >> security to prevent an application interacting with the Clipboard. >> >> Seemingly, it should be a relatively straightforward setting to apply but >> I can't seem to get the setting correct - no matter what configuration of >> attribute I craft up, which has me very confused... >> >> Assembly attributes that I have tried: >> ------------------------------------ >> [assembly:UIPermission(SecurityAction.RequestRefuse, >> Clipboard=UIPermissionClipboard.NoClipboard)] >> >> I've tried every combination of {SecurityAction.RequestRefuse | >> SecurityAction.RequestOptional | SecurityAction.RequestMinimum} with >> every combination of {UIPermissionClipboard.NoClipboard | >> UIPermissionClipboard.OwnClipboard | UIPermissionClipboard.AllClipboard} >> and with {Unrestricted=true | Unrestricted=false} >> >> Class / Method attributes that I have tried: >> ------------------------------------------ >> [UIPermission(SecurityAction.PermitOnly, >> Clipboard=UIPermissionClipboard.NoClipboard)] >> >> I've tried every combination of {SecurityAction.Assert | >> SecurityAction.Demand | SecurityAction.Deny | SecurityAction.LinkDemand | >> SecurityAction.PermitOnly} with every combination of >> {UIPermissionClipboard.NoClipboard | UIPermissionClipboard.OwnClipboard | >> UIPermissionClipboard.AllClipboard} and with {Unrestricted=true | >> Unrestricted=false} >> >> >> This is the code that I applied the attributes to - but I couldn't get >> any combination to throw a security exception ... >> >> using System; >> using System.Security; >> using System.Security.Permissions; >> using System.Windows.Forms; >> >> namespace UIPermissionSpike >> { >> class App >> { >> [STAThread] static void Main(string[] args) >> { >> try >> { >> SecureClipboard.SetData(); >> } >> catch (SecurityException securityException) >> { >> Console.WriteLine(securityException.Message); >> Console.ReadLine(); >> } >> } >> } >> >> public sealed class SecureClipboard >> { >> private SecureClipboard() >> { } >> >> public static void SetData() >> { >> Clipboard.SetDataObject("Hello World!", true); >> } >> } >> } >> >> > > "Alan Dean" <adeanRemoveThisT***@hotmail.com> wrote in message Sorry, I thought you were just trying to figure out why the demand didn't news:egru4XZRFHA.2348@tk2msftngp13.phx.gbl... > Nicole, > > Unfortunately, this doesn't help - if you are running under Full Trust > then the demand will succeed because "All callers higher in the call stack > are required to have been granted the permission specified by the current > permission object". seem to be evaluated. > I want to cause a security exception to be encountered even if the call Since the Clipboard class doesn't demand any subset of UIPermission when > stack has the rights to access the clipboard. writing to the clipboard, no refusals, denials, or permit-onlies on the part of your code will have any effect. If you don't want your code writing to the clipboard, why not simply exclude any clipboard-writing from your assembly? > I can achieve this with other Permission attributes, for example I can That's because the PrintController.Print method makes a demand for > cause a security exception when trying to print even if I have the rights > by adding this attribute: > > [assembly:PrintingPermission(SecurityAction.RequestRefuse, > Level=PrintingPermissionLevel.AllPrinting)] PrintingPermission. If Clipboard.SetDataObject made a demand for UIPermission, a refusal of the demanded permission would prevent writing to the clipboard via that method. Show quoteHide quote > > Regards, > Alan Dean > email: adeanRemoveThisT***@hotmail.com > blog: http://www.dotnetjunkies.com/weblog/alan.dean/ > > > "Nicole Calinoiu" <calinoiu REMOVETHIS AT gmail DOT com> wrote in message > news:euifoOZRFHA.3664@TK2MSFTNGP15.phx.gbl... >> The Clipboard.SetDataObject does not demand any CAS permissions, at least >> in .NET Framework v. 1.1 SP1. If you want to force a demand via your own >> code, one approach would be to add a demand for UIPermission\Clipboard on >> your SecureClipboard.SetData method. e.g.: >> >> [UIPermission(SecurityAction.Demand, Clipboard = >> UIPermissionClipboard.AllClipboard)] >> public static void SetData() >> { >> Clipboard.SetDataObject("Hello World!", true); >> } >> >> HTH, >> Nicole >> >> >> "Alan Dean" <adeanRemoveThisT***@hotmail.com> wrote in message >> news:eTTDuFURFHA.3704@TK2MSFTNGP12.phx.gbl... >>> Hi, >>> >>> I'm hoping that someone can assist me. I'm trying to set code access >>> security to prevent an application interacting with the Clipboard. >>> >>> Seemingly, it should be a relatively straightforward setting to apply >>> but I can't seem to get the setting correct - no matter what >>> configuration of attribute I craft up, which has me very confused... >>> >>> Assembly attributes that I have tried: >>> ------------------------------------ >>> [assembly:UIPermission(SecurityAction.RequestRefuse, >>> Clipboard=UIPermissionClipboard.NoClipboard)] >>> >>> I've tried every combination of {SecurityAction.RequestRefuse | >>> SecurityAction.RequestOptional | SecurityAction.RequestMinimum} with >>> every combination of {UIPermissionClipboard.NoClipboard | >>> UIPermissionClipboard.OwnClipboard | UIPermissionClipboard.AllClipboard} >>> and with {Unrestricted=true | Unrestricted=false} >>> >>> Class / Method attributes that I have tried: >>> ------------------------------------------ >>> [UIPermission(SecurityAction.PermitOnly, >>> Clipboard=UIPermissionClipboard.NoClipboard)] >>> >>> I've tried every combination of {SecurityAction.Assert | >>> SecurityAction.Demand | SecurityAction.Deny | SecurityAction.LinkDemand >>> | SecurityAction.PermitOnly} with every combination of >>> {UIPermissionClipboard.NoClipboard | UIPermissionClipboard.OwnClipboard >>> | UIPermissionClipboard.AllClipboard} and with {Unrestricted=true | >>> Unrestricted=false} >>> >>> >>> This is the code that I applied the attributes to - but I couldn't get >>> any combination to throw a security exception ... >>> >>> using System; >>> using System.Security; >>> using System.Security.Permissions; >>> using System.Windows.Forms; >>> >>> namespace UIPermissionSpike >>> { >>> class App >>> { >>> [STAThread] static void Main(string[] args) >>> { >>> try >>> { >>> SecureClipboard.SetData(); >>> } >>> catch (SecurityException securityException) >>> { >>> Console.WriteLine(securityException.Message); >>> Console.ReadLine(); >>> } >>> } >>> } >>> >>> public sealed class SecureClipboard >>> { >>> private SecureClipboard() >>> { } >>> >>> public static void SetData() >>> { >>> Clipboard.SetDataObject("Hello World!", true); >>> } >>> } >>> } >>> >>> >> >> > > Nicole,
Thanks for the feedback. So the problem is the lack of a security demand when calling the clipboard, which stymies me. The reason for seeking the security excpetion was to mitigate the risk of third-party software using my components for an exploit (e.g. a luring attack). I'm working through all of the permission objects trying to find the most secure attribute set to cause security exceptions even when fully trusted. Then, as I add functionality I can gradually relax the attribute set as needed. Regards, Alan Dean Show quoteHide quote "Nicole Calinoiu" <calinoiu REMOVETHIS AT gmail DOT com> wrote in message news:encCbfZRFHA.3296@TK2MSFTNGP15.phx.gbl... > "Alan Dean" <adeanRemoveThisT***@hotmail.com> wrote in message > news:egru4XZRFHA.2348@tk2msftngp13.phx.gbl... >> Nicole, >> >> Unfortunately, this doesn't help - if you are running under Full Trust >> then the demand will succeed because "All callers higher in the call >> stack are required to have been granted the permission specified by the >> current permission object". > > Sorry, I thought you were just trying to figure out why the demand didn't > seem to be evaluated. > > >> I want to cause a security exception to be encountered even if the call >> stack has the rights to access the clipboard. > > Since the Clipboard class doesn't demand any subset of UIPermission when > writing to the clipboard, no refusals, denials, or permit-onlies on the > part of your code will have any effect. If you don't want your code > writing to the clipboard, why not simply exclude any clipboard-writing > from your assembly? > > >> I can achieve this with other Permission attributes, for example I can >> cause a security exception when trying to print even if I have the rights >> by adding this attribute: >> >> [assembly:PrintingPermission(SecurityAction.RequestRefuse, >> Level=PrintingPermissionLevel.AllPrinting)] > > That's because the PrintController.Print method makes a demand for > PrintingPermission. If Clipboard.SetDataObject made a demand for > UIPermission, a refusal of the demanded permission would prevent writing > to the clipboard via that method. > > >> >> Regards, >> Alan Dean >> email: adeanRemoveThisT***@hotmail.com >> blog: http://www.dotnetjunkies.com/weblog/alan.dean/ >> >> >> "Nicole Calinoiu" <calinoiu REMOVETHIS AT gmail DOT com> wrote in message >> news:euifoOZRFHA.3664@TK2MSFTNGP15.phx.gbl... >>> The Clipboard.SetDataObject does not demand any CAS permissions, at >>> least in .NET Framework v. 1.1 SP1. If you want to force a demand via >>> your own code, one approach would be to add a demand for >>> UIPermission\Clipboard on your SecureClipboard.SetData method. e.g.: >>> >>> [UIPermission(SecurityAction.Demand, Clipboard = >>> UIPermissionClipboard.AllClipboard)] >>> public static void SetData() >>> { >>> Clipboard.SetDataObject("Hello World!", true); >>> } >>> >>> HTH, >>> Nicole >>> >>> >>> "Alan Dean" <adeanRemoveThisT***@hotmail.com> wrote in message >>> news:eTTDuFURFHA.3704@TK2MSFTNGP12.phx.gbl... >>>> Hi, >>>> >>>> I'm hoping that someone can assist me. I'm trying to set code access >>>> security to prevent an application interacting with the Clipboard. >>>> >>>> Seemingly, it should be a relatively straightforward setting to apply >>>> but I can't seem to get the setting correct - no matter what >>>> configuration of attribute I craft up, which has me very confused... >>>> >>>> Assembly attributes that I have tried: >>>> ------------------------------------ >>>> [assembly:UIPermission(SecurityAction.RequestRefuse, >>>> Clipboard=UIPermissionClipboard.NoClipboard)] >>>> >>>> I've tried every combination of {SecurityAction.RequestRefuse | >>>> SecurityAction.RequestOptional | SecurityAction.RequestMinimum} with >>>> every combination of {UIPermissionClipboard.NoClipboard | >>>> UIPermissionClipboard.OwnClipboard | >>>> UIPermissionClipboard.AllClipboard} and with {Unrestricted=true | >>>> Unrestricted=false} >>>> >>>> Class / Method attributes that I have tried: >>>> ------------------------------------------ >>>> [UIPermission(SecurityAction.PermitOnly, >>>> Clipboard=UIPermissionClipboard.NoClipboard)] >>>> >>>> I've tried every combination of {SecurityAction.Assert | >>>> SecurityAction.Demand | SecurityAction.Deny | SecurityAction.LinkDemand >>>> | SecurityAction.PermitOnly} with every combination of >>>> {UIPermissionClipboard.NoClipboard | UIPermissionClipboard.OwnClipboard >>>> | UIPermissionClipboard.AllClipboard} and with {Unrestricted=true | >>>> Unrestricted=false} >>>> >>>> >>>> This is the code that I applied the attributes to - but I couldn't get >>>> any combination to throw a security exception ... >>>> >>>> using System; >>>> using System.Security; >>>> using System.Security.Permissions; >>>> using System.Windows.Forms; >>>> >>>> namespace UIPermissionSpike >>>> { >>>> class App >>>> { >>>> [STAThread] static void Main(string[] args) >>>> { >>>> try >>>> { >>>> SecureClipboard.SetData(); >>>> } >>>> catch (SecurityException securityException) >>>> { >>>> Console.WriteLine(securityException.Message); >>>> Console.ReadLine(); >>>> } >>>> } >>>> } >>>> >>>> public sealed class SecureClipboard >>>> { >>>> private SecureClipboard() >>>> { } >>>> >>>> public static void SetData() >>>> { >>>> Clipboard.SetDataObject("Hello World!", true); >>>> } >>>> } >>>> } >>>> >>>> >>> >>> >> >> > > "Alan Dean" <adeanRemoveThisT***@hotmail.com> wrote in message The documentation for the Clipboard.SetObjectData method states that news:uZ1MQoZRFHA.2252@TK2MSFTNGP15.phx.gbl... > Nicole, > > Thanks for the feedback. So the problem is the lack of a security demand > when calling the clipboard, which stymies me. UIPermission\AllClipboard is required, which means that the method ought to demand the permission. I can't find any additional documentation to suggest whether the problem lies in the implementation or the documentation. Personally, I can't see any reason why a write-time demand shouldn't be used, so I would tend to lean toward it being a bug in the implemenation, but someone at Microsoft might have a different opinion on the subject... <g> > The reason for seeking the security excpetion was to mitigate the risk of Unfortunately, given the lack of demand in the Clipboard.SetObjectData, the > third-party software using my components for an exploit (e.g. a luring > attack). I'm working through all of the permission objects trying to find > the most secure attribute set to cause security exceptions even when fully > trusted. Then, as I add functionality I can gradually relax the attribute > set as needed. usual approaches for luring prevention won't work here. Given this, the best you can do is probably the following: 1. If your assembly doesn't need to write to the clipboard: a. Don't include any code in it that does write to the clipboard. b. Reject all clipboard permissions via assembly-level attributes. Even though this will have no effect on the current framework version, it will kick in if the lack of demand is a bug that eventually gets fixed. 2. If your assembly does need to write to the clipboard, implement a method demands UIPermission\AllClipboard prior to calling Clipboard.SetObjectData, and perform all of your own clipboard writes via this method. At least with this approach, potential lurers will have greater difficulty getting your code to perform a direct write to the clipboard. Show quoteHide quote > > Regards, > Alan Dean > > > "Nicole Calinoiu" <calinoiu REMOVETHIS AT gmail DOT com> wrote in message > news:encCbfZRFHA.3296@TK2MSFTNGP15.phx.gbl... >> "Alan Dean" <adeanRemoveThisT***@hotmail.com> wrote in message >> news:egru4XZRFHA.2348@tk2msftngp13.phx.gbl... >>> Nicole, >>> >>> Unfortunately, this doesn't help - if you are running under Full Trust >>> then the demand will succeed because "All callers higher in the call >>> stack are required to have been granted the permission specified by the >>> current permission object". >> >> Sorry, I thought you were just trying to figure out why the demand didn't >> seem to be evaluated. >> >> >>> I want to cause a security exception to be encountered even if the call >>> stack has the rights to access the clipboard. >> >> Since the Clipboard class doesn't demand any subset of UIPermission when >> writing to the clipboard, no refusals, denials, or permit-onlies on the >> part of your code will have any effect. If you don't want your code >> writing to the clipboard, why not simply exclude any clipboard-writing >> from your assembly? >> >> >>> I can achieve this with other Permission attributes, for example I can >>> cause a security exception when trying to print even if I have the >>> rights by adding this attribute: >>> >>> [assembly:PrintingPermission(SecurityAction.RequestRefuse, >>> Level=PrintingPermissionLevel.AllPrinting)] >> >> That's because the PrintController.Print method makes a demand for >> PrintingPermission. If Clipboard.SetDataObject made a demand for >> UIPermission, a refusal of the demanded permission would prevent writing >> to the clipboard via that method. >> >> >>> >>> Regards, >>> Alan Dean >>> email: adeanRemoveThisT***@hotmail.com >>> blog: http://www.dotnetjunkies.com/weblog/alan.dean/ >>> >>> >>> "Nicole Calinoiu" <calinoiu REMOVETHIS AT gmail DOT com> wrote in >>> message news:euifoOZRFHA.3664@TK2MSFTNGP15.phx.gbl... >>>> The Clipboard.SetDataObject does not demand any CAS permissions, at >>>> least in .NET Framework v. 1.1 SP1. If you want to force a demand via >>>> your own code, one approach would be to add a demand for >>>> UIPermission\Clipboard on your SecureClipboard.SetData method. e.g.: >>>> >>>> [UIPermission(SecurityAction.Demand, Clipboard = >>>> UIPermissionClipboard.AllClipboard)] >>>> public static void SetData() >>>> { >>>> Clipboard.SetDataObject("Hello World!", true); >>>> } >>>> >>>> HTH, >>>> Nicole >>>> >>>> >>>> "Alan Dean" <adeanRemoveThisT***@hotmail.com> wrote in message >>>> news:eTTDuFURFHA.3704@TK2MSFTNGP12.phx.gbl... >>>>> Hi, >>>>> >>>>> I'm hoping that someone can assist me. I'm trying to set code access >>>>> security to prevent an application interacting with the Clipboard. >>>>> >>>>> Seemingly, it should be a relatively straightforward setting to apply >>>>> but I can't seem to get the setting correct - no matter what >>>>> configuration of attribute I craft up, which has me very confused... >>>>> >>>>> Assembly attributes that I have tried: >>>>> ------------------------------------ >>>>> [assembly:UIPermission(SecurityAction.RequestRefuse, >>>>> Clipboard=UIPermissionClipboard.NoClipboard)] >>>>> >>>>> I've tried every combination of {SecurityAction.RequestRefuse | >>>>> SecurityAction.RequestOptional | SecurityAction.RequestMinimum} with >>>>> every combination of {UIPermissionClipboard.NoClipboard | >>>>> UIPermissionClipboard.OwnClipboard | >>>>> UIPermissionClipboard.AllClipboard} and with {Unrestricted=true | >>>>> Unrestricted=false} >>>>> >>>>> Class / Method attributes that I have tried: >>>>> ------------------------------------------ >>>>> [UIPermission(SecurityAction.PermitOnly, >>>>> Clipboard=UIPermissionClipboard.NoClipboard)] >>>>> >>>>> I've tried every combination of {SecurityAction.Assert | >>>>> SecurityAction.Demand | SecurityAction.Deny | >>>>> SecurityAction.LinkDemand | SecurityAction.PermitOnly} with every >>>>> combination of {UIPermissionClipboard.NoClipboard | >>>>> UIPermissionClipboard.OwnClipboard | >>>>> UIPermissionClipboard.AllClipboard} and with {Unrestricted=true | >>>>> Unrestricted=false} >>>>> >>>>> >>>>> This is the code that I applied the attributes to - but I couldn't get >>>>> any combination to throw a security exception ... >>>>> >>>>> using System; >>>>> using System.Security; >>>>> using System.Security.Permissions; >>>>> using System.Windows.Forms; >>>>> >>>>> namespace UIPermissionSpike >>>>> { >>>>> class App >>>>> { >>>>> [STAThread] static void Main(string[] args) >>>>> { >>>>> try >>>>> { >>>>> SecureClipboard.SetData(); >>>>> } >>>>> catch (SecurityException securityException) >>>>> { >>>>> Console.WriteLine(securityException.Message); >>>>> Console.ReadLine(); >>>>> } >>>>> } >>>>> } >>>>> >>>>> public sealed class SecureClipboard >>>>> { >>>>> private SecureClipboard() >>>>> { } >>>>> >>>>> public static void SetData() >>>>> { >>>>> Clipboard.SetDataObject("Hello World!", true); >>>>> } >>>>> } >>>>> } >>>>> >>>>> >>>> >>>> >>> >>> >> >> > > 
Other interesting topics
Logon user from service
Using HttpContext from a web server? Getting user ID from Web Service credentials Access to the path is denied: Assembly Permission Problem ISO/IEC 9797-1 MAC Algorithm 3 how to? RSACryptoServiceProvider usage question How do I filter an Active Directory search to an OU (organizational unit)? code level / db security over network Help needed with TSL problem. AzMan - ADAM store. |
|||||||||||||||||||||||
