Writing Secure Code using CSharpSubmitted ByUser LevelDate of SubmissionC.Vinodh KumarIntermediate04/06/2001
Mobile Code, which come from various sources like e-mail, documents and downloaded code over the Internet are the main cause for the damage, destroy or copy private data. So to help protect computer systems from malicious mobile code and to provide a way to allow mobile code to run safely, the .NET Framework provides a security mechanism called
code access security .Code access security is a mechanism that controls the access code has to protected resources and operations. NET Framework, code access security performs functions like Defining Permission, Enables administrators to configure security policy, Allows code to request the permissions it requires in order to run, Grants permissions to each assembly that is loaded, based on the permissions requested by the code and Enables code to demand that its callers have specific permissions.
Code access security is a mechanism that grants/denies access to resources within a method call. For example, code written by a person may be allowed to write to the disk while code from another one may be forbidden from accessing the disk. This control can be enforced even if the code written by both of them is used within a single application.
System.Security Namespace Provides the underlying structure of the .NET Framework security system, including interfaces, attributes, exceptions, and base classes for permissions and CodeAccessPermission class defines the underlying structure of all code access permissions.
Let see a sample application, which attempts to access a disk file and an environment variable .
Code shown below will create permission to set read access to Temp environment and full access to some files. Before changing every file will be have a default permission set.
// Create a permission set that allows read access to the TEMP
// environment variable and read, write, and append access to SomeFile from
//default permission
PermissionSet ps = new PermissionSet(PermissionState.None);
ps.AddPermission(
new EnvironmentPermission(EnvironmentPermissionAccess.Read, "TEMP"));
//adding various type of file level permission
ps.AddPermission(
new FileIOPermission(FileIOPermissionAccess.Read |
FileIOPermissionAccess.Write | FileIOPermissionAccess.Append,
"SomeFile"));
// Make the permissions indicate all that we're allowed to do.
ps.Assert();
PermissionSet class (in System.security) represents a collection and it contains many different kinds of permissions, and supports the methods that use and modify those permissions. We can add, remove, assert, deny and copy permission.
// Deny access to the resources we specify
ps.Deny();
// Make the permissions indicate the only things that we're allowed to do.
ps.PermitOnly()