|
security
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
Appliyng Security in assembly.Hi All,
I would like to know if it´s possible to grant to my assembly just an execution permission using this: [assembly: SecurityPermission(SecurityAction.RequestMinimum, Execution=true)], and then on my method which requires FileIOPermssion i use something like this, [FileIOPermission(SecurityAction.PermitOnly, ViewAndModify = @"C:\teste.txt")] public static void CreateFile(){} Thanks in advance. Thiago Oliveira Your assembly must be granted the appropriate FileIOPermission in order to
be able to create the target file, regardless of the PermitOnly applied at the method level, so the method would not work if only execution permission is granted to the assembly. That said, your RequestMinimum is not actually restricting the assembly to only execution permission as you seem to believe. In order to reject permissions other than those explicitly requested, you should use RequestOptional instead. For example, the use of the following attribute alone will result in rejection of all permissions exception for execution permission and identity permissions: [assembly: PermissionSet(SecurityAction.RequestOptional, Unrestricted = false)] In order to be able to create a new file at C:\teste.txt, you would also need to add a RequestMinimum for the required FileIOPermission. e.g.: [assembly: FileIOPermission(SecurityAction.RequestMinimum, Write = @"C:\teste.txt")] The permission subset (e.g.: read, write, etc.) that you should request on the file will depend on the exact set of operations that your will need to perform on the file. Show quoteHide quote "Thiago Oliveira Vieira de Morais" <tmor***@credigy.com.br> wrote in message news:u7c2C%235WFHA.1508@tk2msftngp13.phx.gbl... > Hi All, > > I would like to know if it´s possible to grant to my assembly just an > execution permission using this: > [assembly: SecurityPermission(SecurityAction.RequestMinimum, > Execution=true)], > > and then on my method which requires FileIOPermssion i use something like > this, > > [FileIOPermission(SecurityAction.PermitOnly, ViewAndModify = > @"C:\teste.txt")] > public static void CreateFile(){} > > Thanks in advance. > > Thiago Oliveira > > [assembly: SecurityPermission(SecurityAction.RequestMinimum, This does not grant any permission it only checks that you at least have > Execution=true)], this Permission. > [FileIOPermission(SecurityAction.PermitOnly, ViewAndModify = Here you specify that your function should only use the FileIOPermission on > @"C:\teste.txt")] c:\teste.txt. All other permission the user holds are ignored for the duration of the function. Marinus Holkema Thanks Marinus and Nicole.
Just one more question: Is there a way to give the mininum permission for my assembly to run, and then allow just some methods to access specific resources (eventually superseeding the permissions given to the assembly)? One workaround I was trying to use is to allow a specific method to access one particular resource instead of giving this permission access to all my assembly. Thanks in advance. Thiago Oliveira Show quoteHide quote "Thiago Oliveira Vieira de Morais" <tmor***@credigy.com.br> wrote in message news:u7c2C%235WFHA.1508@tk2msftngp13.phx.gbl... > Hi All, > > I would like to know if it´s possible to grant to my assembly just an > execution permission using this: > [assembly: SecurityPermission(SecurityAction.RequestMinimum, > Execution=true)], > > and then on my method which requires FileIOPermssion i use something like > this, > > [FileIOPermission(SecurityAction.PermitOnly, ViewAndModify = > @"C:\teste.txt")] > public static void CreateFile(){} > > Thanks in advance. > > Thiago Oliveira > "Thiago Oliveira Vieira de Morais" <tmor***@credigy.com.br> wrote in message No. Specific types or members within an assembly cannot be granted news:uG0pzv6WFHA.2796@TK2MSFTNGP09.phx.gbl... > Thanks Marinus and Nicole. > > Just one more question: > > Is there a way to give the mininum permission for my assembly to run, and > then allow just some methods to access specific resources (eventually > superseeding the permissions given to the assembly)? permissions outside the assembly-level grant. > One workaround I was trying to use is to allow a specific method to access That's not a workaround--it's simply not possible. The only way for code in > one particular resource instead of giving this permission access to all my > assembly. an assembly that does not possess a given permission to use code protected by that permission is for it to call into the target code via another assembly that actually possess the permission and asserts it on behalf of its callers. However, assertion is usually quite a bit more dangerous than the situation you are attempting to avoid. Show quoteHide quote > > Thanks in advance. > > Thiago Oliveira > > "Thiago Oliveira Vieira de Morais" <tmor***@credigy.com.br> wrote in > message news:u7c2C%235WFHA.1508@tk2msftngp13.phx.gbl... >> Hi All, >> >> I would like to know if it´s possible to grant to my assembly just an >> execution permission using this: >> [assembly: SecurityPermission(SecurityAction.RequestMinimum, >> Execution=true)], >> >> and then on my method which requires FileIOPermssion i use something like >> this, >> >> [FileIOPermission(SecurityAction.PermitOnly, ViewAndModify = >> @"C:\teste.txt")] >> public static void CreateFile(){} >> >> Thanks in advance. >> >> Thiago Oliveira >> > > OK.
Thank you! Thiago Oliveira Show quoteHide quote "Nicole Calinoiu" <calinoiu REMOVETHIS AT gmail DOT com> wrote in message news:eljnRz6WFHA.2796@TK2MSFTNGP09.phx.gbl... > "Thiago Oliveira Vieira de Morais" <tmor***@credigy.com.br> wrote in > message news:uG0pzv6WFHA.2796@TK2MSFTNGP09.phx.gbl... >> Thanks Marinus and Nicole. >> >> Just one more question: >> >> Is there a way to give the mininum permission for my assembly to run, and >> then allow just some methods to access specific resources (eventually >> superseeding the permissions given to the assembly)? > > No. Specific types or members within an assembly cannot be granted > permissions outside the assembly-level grant. > > >> One workaround I was trying to use is to allow a specific method to >> access one particular resource instead of giving this permission access >> to all my assembly. > > That's not a workaround--it's simply not possible. The only way for code > in an assembly that does not possess a given permission to use code > protected by that permission is for it to call into the target code via > another assembly that actually possess the permission and asserts it on > behalf of its callers. However, assertion is usually quite a bit more > dangerous than the situation you are attempting to avoid. > > >> >> Thanks in advance. >> >> Thiago Oliveira >> >> "Thiago Oliveira Vieira de Morais" <tmor***@credigy.com.br> wrote in >> message news:u7c2C%235WFHA.1508@tk2msftngp13.phx.gbl... >>> Hi All, >>> >>> I would like to know if it´s possible to grant to my assembly just an >>> execution permission using this: >>> [assembly: SecurityPermission(SecurityAction.RequestMinimum, >>> Execution=true)], >>> >>> and then on my method which requires FileIOPermssion i use something >>> like >>> this, >>> >>> [FileIOPermission(SecurityAction.PermitOnly, ViewAndModify = >>> @"C:\teste.txt")] >>> public static void CreateFile(){} >>> >>> Thanks in advance. >>> >>> Thiago Oliveira >>> >> >> > > 
Other interesting topics
RSA Encrypt/Decrypt Problems
A single page from an existing application under SSL? Security Exception due to Medium trust level ASP.NET security for a combined intranet/Internet site ASP.NET roles, authentication full trus and 1.1 SP1 what would disable certificate export? How do I get the current logged in user in Windows Forms Re: Security Update for Microsoft .NET Framework, Version 1.1 Service Pack 1 (KB886903) XML encryption |
|||||||||||||||||||||||
