Hi guys,

I'm trying to write a library that will allow me to add a custom permission
for my applications (let's call it ApplicationPermission for now), and a
custom security attribute to support declarative syntax.

I've gone about this, creating my ApplicationPermission class, derived from
CodeAccessPermission, implementing the IUnrestrictedPermission as well.
Marked Serializable also.

I've derived my custom attribute from CodeAccessSecurityAttribute, in order
to use the following declarative syntax:
[ApplicationPermission(SecurityAction.Demand, ActionName="test", PrincType =
PrincipalType.User, PrincipalNames = "username")]

Now, my library compiles fine, but when I try to compile my little test app,
I get an error like:
"C:\projects\SecurityContextTest\Class1.cs(23): Error emitting
'SecurityContext.ApplicationPermissionAttribute' attribute -- 'Unexpected
exception processing attribute -- System.NullReferenceException: Object
reference not set to an instance of an object..'"

I'm including the code of my custom attribute here:

using System;
using System.Security;
using System.Security.Permissions;
namespace SecurityContext
{
/// <summary>
/// ApplicationPermissionAttribute defines a declarative attribute to be
used inside code that
/// requires ApplicationPermissions defined declaratively.
/// </summary>
[AttributeUsage(AttributeTargets.All, Inherited = false, AllowMultiple =
true)]
public class ApplicationPermissionAttribute : CodeAccessSecurityAttribute
{
    private string m_ActionName;
    private string[] m_PrincipalNames = null;
    private PrincipalType m_PrincipalType;

    public ApplicationPermissionAttribute(SecurityAction action) :
base(action) {
    // Do nothing here ...
    }

    /// <summary>
    /// ActionName accessor
    /// </summary>
    public virtual string ActionName {
        get {
            return m_ActionName;
        }
        set {
            m_ActionName = value;
        }
    }

    /// <summary>
    /// PrincipalNames accessor
    /// </summary>
    public virtual string PrincipalNames {
        get {
            System.Text.StringBuilder sb = new System.Text.StringBuilder();
            foreach(string principal in m_PrincipalNames)
                sb.Append(principal+",");
            return sb.ToString();
        }
    set {
        m_PrincipalNames = value.Split(new char[] {','});
       }
    }

/// <summary>
/// PrincipalType accesssor (User,Role)
/// </summary>
public virtual PrincipalType PrincType {
    get {
        return m_PrincipalType;
    }
    set {
        m_PrincipalType = value;
    }
}

public new bool Unrestricted {
get {
return false;
}
set {
// Do nothing
}
}

    public override IPermission CreatePermission(){
        Console.Out.WriteLine("Creating a new ApplicationPermission");
        return new ApplicationPermission(m_ActionName, m_PrincipalNames,
m_PrincipalType);
        }
    }
}

... now, originally I've went about by deriving from SecurityPermission &
SecurityAttribute. However, although my two projects compiled ok, the
attribute wasn't being emitted (just a guess), so the call to Demand() on my
custom permission was never being made. That's why I switched to deriving
from the CodeAccessSecurityPermission & CodeAccessSecurityAttribute, signed
my assembly & put it in the GAC ... and all sorts of problems followed,
until I've hit the wall with the one I've described in the beginning :(

Is there anybody out there who could possibly shed some light on my dark
coding day ?
Cheers,

Angel
O:]

Hello Angelos Karantzalis" akarantzalis[at]yahoo.com,

in addition to SNing, installing in the GAC, applying [Serializable] and
[AllowPartiallyTrustedCallers], you have to install the assembly containing
the permission and attribute in the "policy assemblies" list by using mscorcfg.msc
or programmatically - i have some code that describes the progammatic way
on my blog:

http://www.leastprivilege.com/PolicyAssembliesHeadaches.aspx

---------------------------------------
Dominick Baier - DevelopMentor
http://www.leastprivilege.com

Show quoteHide quote

Hi Dominick ...

... thanx for the reply, I've gotten your code & built the tool. Indeed, the
project compiled fine now, BUT ...
UPon running my little test, I got a SecurityException (it didn't come from
my permission):

An unhandled exception of type 'System.Security.SecurityException' occurred
in SecurityContextTest.exe

Additional information: Failure decoding embedded permission set object.

.... well, I'd found on the Web a guy with a similar problem, but when he
implemented the constructor with the PermissionState param, his code worked
ok .. unfortunately .. mine didn't :(

So, I'm attaching the Permission & attribute code here as well .. :? .. oh
boy, why isn't there clear documentation on doing anything out of the
ordinary, i wonder ??

Cheers,
Angel
O:]



[attached file: ApplicationPermissionAttribute.cs]
[attached file: ApplicationPermission.cs]

Apparently, attaching files to newsgroup posts is not the most clever thing
to do, innit?

So, I'm forced to include the code inline, inside the post ... I hope it's
readable ...

using System;

using System.Text;

using System.Reflection;

using System.Security;

using System.Security.Permissions;

using System.Collections;

using System.Collections.Specialized;

namespace SecurityContext

{

/// <summary>

/// Will be used by the ApplicationPermission class, to indicate

/// granting permission for a given action on the specified user, or the
specified

/// role

/// </summary>

public enum PrincipalType {

User = 0,

Role

}

/// <summary>

/// Wrapper around an atomic perimission definition,

/// only regarding the principal/group name & target.

/// </summary>

internal struct PermissionPrincipal {

public string PrincipalName;

public PrincipalType Type;

}

/// <summary>

/// ApplicationPermission.

/// </summary>

[Serializable]

public class ApplicationPermission : CodeAccessPermission,
IUnrestrictedPermission

{

/// <summary>

/// List that will store PerimissionPrincipal objects

/// </summary>

private ArrayList m_PermList = new ArrayList();

/// <summary>

/// The name of the action we're giving permission for

/// </summary>

private string m_ActionName;

/// <summary>

/// Affected principal names

/// </summary>

private string[] m_Principals;

/// <summary>

/// Type of principal (User, Role)

/// </summary>

private PrincipalType m_PrincipalType;

/// <summary>

/// Private Constructor, for use only internally within this class

/// </summary>

private ApplicationPermission() {

// Do nothing ...

}

/// <summary>

/// Just to make the framework happy ...

/// </summary>

/// <param name="state"></param>

public ApplicationPermission(PermissionState state) {


}

/// <summary>

/// Constructs an ApplicationPermission object for multiple users/groups

/// </summary>

/// <param name="actionName">The name of the Action we're giving execute
permission for</param>

/// <param name="principal">User or Role names</param>

/// <param name="principalType">Principal type we're giving the permission
to: User or Role</param>

public ApplicationPermission(string actionName, string[] principals,
PrincipalType principalType){

this.m_ActionName = actionName.Trim();

this.m_PermList.Clear();

this.m_Principals = principals;

this.m_PrincipalType = principalType;

foreach(string strPrincipal in principals){

PermissionPrincipal pPrinc = new PermissionPrincipal();

pPrinc.PrincipalName = strPrincipal.Trim();

pPrinc.Type = principalType;

m_PermList.Add(pPrinc);

}

}

/// <summary>

/// Returns a reference to the ActionName for this permission instance

/// </summary>

public string ActionName {

get {

return m_ActionName;

}

}

/// <summary>

/// Gets/Sets the Affected Principals for this permission, in a
comma-delimited string format.

/// </summary>

public string Principals {

get {

System.Text.StringBuilder sb = new System.Text.StringBuilder();

foreach(string principal in m_Principals){

sb.Append(principal+",");

}

return sb.ToString();

}

set {

if(value==null)

throw new ArgumentException("Cannot set null Principals");

this.m_Principals = value.Split(new char[]{','}); // Probable should trim as
well, but ... whatever ... TODO!!!

}

}

/// <summary>

/// Compares this Permission to another one

/// </summary>

/// <param name="target">The ApplicationPermission I'm comparing to</param>

/// <returns>true / false</returns>

public bool Equals(ApplicationPermission target){

// Ok, now I need to compare:

// 1. The ActionName

// 2. The PrincipalType

// 3. The Principals count and names ...

if(!this.ActionName.Equals(target.ActionName)) return false;

//ok, now the fun part. Check that the principal count is the same, and make
sure

// each one of my principals is contained within the target's principals ...

if(this.m_Principals.Length!=target.m_Principals.Length)

return false;

if(!this.m_PrincipalType.Equals(target.m_PrincipalType))

return false;

/* Now for the hack .. I assume that going through each item in my
principals, and

* checking whether it exists inside the target's principals (by sequentially
searching for

* it) is rather ... inefficient. So what I propose to do is:

*

* Copy the array into an ArrayList, and remove each principal that matches
with mine. So, with

* every next search in the List, I'll be searching one item faster ... :)

*

* .. hope it works ;]

*/

ArrayList targetList = new ArrayList(target.m_Principals.Length);

int index = 0;

bool exists = true;

while(exists && index<=this.m_Principals.Length){

exists = targetList.Contains(this.m_Principals[index]); // check ...

if(exists)

targetList.Remove(this.m_Principals[index]); // remove ...

index++; // increment ...

}

return exists; // since all the checks have been succesful, exists is either
true or false ... which is the right answer :D

}

/// <summary>

/// Ensures that the IPermission instance being passed in the Intersect,
IsSubsetOf & Union methods

/// is actually an ApplicationPermission or a subclass of it

/// </summary>

/// <param name="target">An IPermission instance</param>

private void CheckType(IPermission target){

if
(!target.GetType().IsSubclassOf(MethodBase.GetCurrentMethod().ReflectedType)
)

throw new ArgumentException("Not an ApplicationPermission or subclass there
of", "target");

}

/// <summary>

/// Ensures that the ActionNames for this Permission instance & the one
we're doing

/// an Intersect, Union with are the same

/// </summary>

/// <param name="target"></param>

private void CheckAction(ApplicationPermission target){

if(!this.m_ActionName.Equals(target.ActionName))

throw new ArgumentException("ActionNames do not match", "target");

}

#region IPermission Members

public override IPermission Intersect(IPermission target) {

// Check we're of the same type or subclass

CheckType(target);

// Check we've the same ActionName

ApplicationPermission pTarget = (ApplicationPermission)target;

CheckAction(pTarget);

// TODO: Add ApplicationPermission.Intersect implementation

return null;

}

public override bool IsSubsetOf(IPermission target) {

// Check we're of the same type or subclass

CheckType(target);

// TODO: Add ApplicationPermission.IsSubsetOf implementation

return false;

}

public override IPermission Copy() {

// Create a new ApplicationPermission & copy the private members into it

ApplicationPermission retVal = new ApplicationPermission();

retVal.m_ActionName = this.m_ActionName;

retVal.m_PermList = (ArrayList)this.m_PermList.Clone(); //Clone the
collection, just to be on the safe side ..


return retVal;

}

public override IPermission Union(IPermission target) {

// Check we're of the same type or subclass

CheckType(target);

// Check we've the same ActionName

ApplicationPermission pTarget = (ApplicationPermission)target;

CheckAction(pTarget);

// TODO: Add ApplicationPermission.Union implementation

return null;

}

public new void Demand() {

// TODO: Get a reference to the current UserPrincipal object from the

// PrincipalFactory, and inquire whether it has the given permission.

// If it doesn't, throw a SecurityException

throw new SecurityException("Not Authorized");

}

#endregion

#region ISecurityEncodable Members

// TODO: Implement fully ...

public override void FromXml(SecurityElement e) {

this.m_ActionName = e.Attribute("action");

this.m_PrincipalType = (PrincipalType)Enum.Parse(typeof(PrincipalType),
e.Attribute("principalType"), false);

this.Principals = e.Attribute("principals");

}

public override SecurityElement ToXml() {

//Encode the current permission to XML using the

//SecurityElement class.

SecurityElement element = new SecurityElement("IPermission");

Type type = this.GetType();

StringBuilder AssemblyName = new StringBuilder(type.Assembly.ToString());

AssemblyName.Replace('\"', '\'');

element.AddAttribute("class", type.FullName + ", " + AssemblyName);

element.AddAttribute("version", "1");

element.AddAttribute("action", this.m_ActionName);

element.AddAttribute("principals", this.Principals);

element.AddAttribute("principalType", this.m_PrincipalType.ToString());


return element;

}

#endregion

#region IUnrestrictedPermission members


public bool IsUnrestricted() {

return true;

}

#endregion

}

}



using System;

using System.Security;

using System.Security.Permissions;

namespace SecurityContext

{

/// <summary>

/// ApplicationPermissionAttribute defines a declarative attribute to be
used inside code that

/// requires ApplicationPermissions defined declaratively.

/// </summary>

[AttributeUsage(AttributeTargets.All, Inherited = false, AllowMultiple =
true)]

public class ApplicationPermissionAttribute : CodeAccessSecurityAttribute

{

private string m_ActionName;

private string[] m_PrincipalNames = null;

private PrincipalType m_PrincipalType;

public ApplicationPermissionAttribute(SecurityAction action) : base(action)
{

// Do nothing here ...

}

/// <summary>

/// ActionName accessor

/// </summary>

public virtual string ActionName {

get {

return m_ActionName;

}

set {

m_ActionName = value;

}

}

/// <summary>

/// PrincipalNames accessor

/// </summary>

public virtual string PrincipalNames {

get {

System.Text.StringBuilder sb = new System.Text.StringBuilder();

foreach(string principal in m_PrincipalNames)

sb.Append(principal+",");

return sb.ToString();

}

set {

m_PrincipalNames = value.Split(new char[] {','});

}

}

/// <summary>

/// PrincipalType accesssor (User,Role)

/// </summary>

public virtual PrincipalType PrincType {

get {

return m_PrincipalType;

}

set {

m_PrincipalType = value;

}

}

public new bool Unrestricted {

get {

return false;

}

set {

// Do nothing

}

}

public override IPermission CreatePermission(){

Console.Out.WriteLine("Creating a new ApplicationPermission");

return new ApplicationPermission(m_ActionName, m_PrincipalNames,
m_PrincipalType);

}

}

}


Show quoteHide quote

Have you had similar problems using caspol -af?  If so, were some particular
set of conditions involved?


Show quoteHide quote

Hi Nic. To be honest, I havent used caspol, so I can't really answer your
question.
As things are, upon running the application I get the "Failure decoding
embedded permission set object" exception ...

I 've used the Reflector tool, and saw the emitted permission set object. It
seems fine, the xml structure emitted for my custom permission seems to be
ok. Still, the exception remains :?

... this is getting soooo frustrating. But what is even more frustrating is
the lack of proper documentation ... :? .. the MSDN walkthrough I've located
(meaning the MSDN DVD with my VS.NET) only gives you half the story i guess
Show quoteHide quote

Actually, that question was meant for Dominick. <g>  I'm sufficiently lazy
that I woudn't bother writing similar code myself unless caspol -af weren't
working properly, which has me wondering if perhaps his motivation for
writing it may have been encountering some problem with the caspol
approach...



You might have better luck with that if you were to complete the
ISecurityEncodable implementation so that all necessary data is transfered
to and from the XML encoding.

BTW, since your permission doesn't seem to require a stack walk, you might
want to consider not inheriting from CodeAccessPermission (even if the
attribute inherits form CodeAccessPermissionAttribute).



Show quoteHide quote

Hi Nic, thanks for the reply

... I've just changed my Permission class as you suggested, so that now it
doesn't inherit from CodeAccessPermission, but rather implements
IPermission, ISecurityEncodable, IUnrestrictedPermission.

But now, I get the exception upon compiling my 'client' console app:
C:\projects\SecurityContextTest\Class1.cs(23): Error emitting
'SecurityContext.ApplicationPermissionAttribute' attribute -- 'Unexpected
exception processing attribute -- System.NullReferenceException: Object
reference not set to an instance of an object..'

.... this is driving me crazy man :? Should I have stayed with the Java
crowd??? At least with them, "out-of-the-beaten-path" IS the beaten path :D
....

Could you please post the current code for both the permission and
attribute?  (I suspect that you're probably getting the null reference
exception because one of your action, principal name, or principal type
variables still isn't getting properly assigned from the XML
deserialization, but it's hard to tell without seeing the current state of
the code.)


Show quoteHide quote

Hello Nicole Calinoiu" calinoiu REMOVETHIS AT gmail DOT com,

no i haven't tried caspol - i wrote the code some day and though i share
it :)

---------------------------------------
Dominick Baier - DevelopMentor
http://www.leastprivilege.com

Show quoteHide quote

Thanks!


Show quoteHide quote

WindowsPrincipal in a component used in classic ASP always returns the same identity
Refresh .Net Framework policy
Encrypting Logon Passwords
File Permission System.UnauthorizedAccessException
HttpWebRequest & https
Are .NET Caches Secure from Memory Dumps etc?
Failure Audit errors on device name
Ensuring that calling assembly signed by certain keys
Windows service and Certificate
FREE New Indian oil for men!