Article : Code Access Security Part - 2 (.Net FrameWork Tools Series)

Discussion in 'ASP .Net' started by Namratha Shah \(Nasha\), Nov 6, 2004.

  1. Hey Guys,

    Before we start with our sample app we need to view the security
    configuration files on the machine. You will find them under

    <drive>\WInNT\Microsoft.NET\FrameWork\<version>\Config

    Enterprise Level Security configuration file is :- enterprise.config

    Machine Level Security configuration file is :- security.config



    You will find the user security configuration file in

    <drive>:\Documents and Settings\<userprofile>\Application

    Data\Microsoft\CLR Security Config\v1.1.4322\security.config

    Let us now create our sample app.In this we will create .Windows Forms
    application which will try and read and write to the local disk.

    1) Go to VS.NET create a new Win App.

    2) On the Form Place one text box And one button Make the multiline property
    of the text box true.

    3) In the click event of the button write the followinf piece of code which
    writes to a file wat ever is written in the text box.

    StreamWriter sWriter = new StreamWriter("C://MyTextFile.txt");

    sWriter.Write(textBox1.Text);

    sWriter.Flush();

    sWriter.Close();

    4) If you run this from your machine you will be able to create the file and
    write the textbox contents in it.

    Well Currently this code is executing on the local machine cause in the
    local mahinc policy MyComputer Zone has Full trust permission set.

    Check it out by typing caspol -m -lg


    Suppose if we were to run this same app from a local network share then the
    Intranet code access group does not have the permission to write to the
    local hard disk.

    5) Place the exe on a network share and execut it. It should give you a
    Security Permission Exception.

    6) Modify your code to catch the exception and give a user friendly message.
    Run the file again from the network share.

    Suppose that we wanted this application to run from the network share. For
    that we will need to change the Intranet Permission set.

    caspol.exe -chggroup 1.2 FulTrust. // This command tells to fully trust all
    the intranet applications

    Note : Please be extremely careful to chagne the permission sets as this can
    coz a lot viruses and other spy wares to come in. Change the permission sets
    only if you have not made any custom changes to your PC. After changing the
    permission set use

    caspol.exe -reset command this resets the .NET default permission sets for
    all code groups

    Thus in this way we can prevent malicious code to access our resources.

    Lets now explore the other options of caspol.exe

    Turning the Security On/Off

    It is possible to turn the .Net Security Off if so for any reason. By

    default it is On.

    caspol.exe -security off // to turn of the .Net security

    To reset the security to .Net default security use

    caspol.exe -reset

    To create a new code group

    caspol.exe -addgroup 1.3 -site www. <name of the site> /// this will add
    full trust for any content from this site.

    To create a code group under intranet with fulltrust to a particular share
    on the network

    caspol.exe -addgroup 1.2 -url file:///\\<machinename>/<foldername>/*
    FullTrust

    To remove a code group give the codegroup number (as shown in the list
    groups) with -remgroup option

    caspol.exe -remgroup 1.3.2

    To change the code group's permission( we just sw above when we changed the
    permission for our intranet code group)

    caspol.exe -chggroup 1.2 FullTrust

    You can add code group for a particular strong name E.g. If you have an
    application MyApp.exe and you want any version of this application have
    FullTrust you can achieve that by using the a similar command

    caspol.exe -addgroup l -strong -file \bin\debug\MyApp.exe -
    noname -noversion FullTrust

    This command will a new strong Name code group. You can view it by giving
    caspol -lg command.

    You will see that are already 2 strong name code groups installed by
    default. They belong to Microsoft and ECMA.



    -- Please post your queries and comments for my articles in the usergroup
    for the benefit of all. I hope this step from my end is helpful to all of
    us.

    Regards,

    Namratha (Nasha)
    Namratha Shah \(Nasha\), Nov 6, 2004
    #1
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Namratha Shah \(Nasha\)
    Replies:
    1
    Views:
    483
    Richard Blewett [DevelopMentor]
    Nov 8, 2004
  2. Namratha Shah \(Nasha\)
    Replies:
    0
    Views:
    606
    Namratha Shah \(Nasha\)
    Nov 23, 2004
  3. Namratha Shah \(Nasha\)

    Article : Security Tools Part -- 2 (.Net FrameWork Tools Series)

    Namratha Shah \(Nasha\), Nov 23, 2004, in forum: ASP .Net Datagrid Control
    Replies:
    0
    Views:
    205
    Namratha Shah \(Nasha\)
    Nov 23, 2004
  4. Namratha Shah \(Nasha\)

    Article : Security Tools Part -- 2 (.Net FrameWork Tools Series)

    Namratha Shah \(Nasha\), Nov 23, 2004, in forum: ASP .Net Mobile
    Replies:
    0
    Views:
    195
    Namratha Shah \(Nasha\)
    Nov 23, 2004
  5. Namratha Shah \(Nasha\)

    Article : Security Tools Part -- 2 (.Net FrameWork Tools Series)

    Namratha Shah \(Nasha\), Nov 23, 2004, in forum: ASP .Net Security
    Replies:
    0
    Views:
    216
    Namratha Shah \(Nasha\)
    Nov 23, 2004
Loading...

Share This Page