Code Access Security in .NET

This article is an introduction to the Code Access Security . Protecting resources from unauthorized use is what Code Access Security is all about . Both Role based and Code access security is based on the notion of the permissions. Permissions in the Role based security is about the authorized users to run the code. In Code access security, we authorize code to access resources.These are independent of the user who runs the code . Whenever a code is executed in .NET , the .NET runtimeverifies it based on the permissions and evidence ( place where the code came from ) . Some examples of Code Access Security are

  • Directory Services Permission allows you to access active directory.
  • File IO Permission gets the access to the File system.
  • Printing permissions allows you to access printer.
  • SqlClientPermission
  • Registry permission is the permission to access the registry. etc.

In CAS, what permissions are really all about is identifying the resources and trying to assess what kind of security level , code might have for that resource. The constructor of all the permissions are different . They are dependent on the type of resource that they are protecting. Eg :

FileIOPermission objPermission = new FileIOPermission(FileIOPermissionAccess.Read,"C:\TEST\senthil.txt");

Similar to Role based Security , the code access security also follows 2 models Imperative and declarative There are a few classes that you can use with the imperative model, which inherits from System.Security.CodeAccessPermission

public void Check() 
{ 
FileIOPermission obj =  new FileIOPermission(FileIOPermissionAccess.Read,@"C:\test.txt"); 
try 
{ 
   obj. PermitOnly (); 
} 
catch (SecurityException ex) 
{ 
// Incorrect permission process 
} 
}

The above example defines an (Read permission) and uses the PermitOnly method to check the user’s permissions. If permissions do not match those specified, a SecurityException will be thrown. The class member,method etc that is tagged with a CodeAccessSecurityAttribute must have the specified permissions, otherwise a SecurityException will be thrown.

 public void Check1() { File.Create(@"E:\test.txt"); }

The above example denies the Write operations in the Drive “E” . So when an Write Operation is Executed , an Exception is thrown which denies the creation of the file test.txt .

If you enjoyed this post, please consider leaving a comment or subscribing to the RSS feed to have future articles delivered to your feed reader.

Leave a Reply


x

Interesting BlogPosts to read

How to remove duplicates from integer array in C# ?
Below is a sample code snippet demonstrating the usage of the extension methods to get the distinct ...
How to Switch to ART in Moto G (Android) device ?
ART stands for Android Runtime which is a method developed by the android development team for handl...
Different Ways to get the computer name in c#
There are different ways in which the developers can get the computer name in their .NET application...