How can I set Code Access Security, User Policy Level, policy for a certain
user
on a machine?

regards
Kjetil Kristoffer Solberg

Either use the various policy modification tools (e.g.: caspol, .NET
Framework configuration MSC, or coded policy level modification) while
logged in as that user, or modify/replace the user's security.config file
(located in <user settings>\Application Data\Microsoft\CLR Security
Config\<framework version> directory) while logged in as any account with
sufficient permissions on the file.  If you need an automated mechanism for
deployment of the policy to multiple machines, some options are described at
http://msdn.microsoft.com/library/en-us/dnnetsec/html/entsecpoladmin.asp.
For a user-level policy modification, you might also have some other
options.  If you would like more information, please provide a bit more
detail concerning what you're attempting to accomplish (e.g.: modification
vs complete replacement of policy level, one target machine or many, one
target user account or many, etc.).

HTH,
Nicole



Show quoteHide quote

Hi Kjetil,

In .Net Framework, there's two type of security: Role-based security and
Code Access Security. Role-based Security base on the Permission represents
the identity or role of the user. Code Access Security also bases on the
Permission,
but the permissions represent system resources and control access to those
resources. A good example is the file system. We can implement security in
our
application by using Imperative or Declarative. In Imperative Security, you
have to
write your code to protect your application, and the CLR will prevent the
malicious
or unauthorized user from running your app. Declarative security, on the
other
hand, specifies permissions required by the assembly in the assembly manifest
by using Attribute in your code.

I can show you how to implement the simple code using Code Access Security
to allow user to write the HelloWorld.txt file:

1) Imperative Code Access Security:
In .Net, there alot of built-in Permission objects. All of them implements
IPermission
interface. For examples. EventLogPermission, FileIOPermision, ...ect...

[C#]
FileIOPermission myPermission = new  
FileIOPermission(FileIOPermissionAccess.Write, "C:\\HelloWorld.txt");
myPermission.PermitOnly();

2) Declarative Code Access Security:
[C#]
[FileIOPermission(SecurityAction.PermitOnly,    Write="C:\\myFile.txt")]
public void WriteFile()
{  
    // Method implementation omitted
}

Hope that it help!
NghiaNgo



Show quoteHide quote

Error instantiating RSACryptoServiceProvider
Error from CAS Config util
Assembly.Load fails after assembly preloaded using Assembly.LoadFrom (v1.1.4322)
IIS Authentication Problem?
AddDomain with FullTrust