Code Access Security

Discussion in 'ASP .Net Security' started by A.M, Feb 11, 2004.

  1. A.M

    A.M Guest

    Hi,
    I am developing an ASP.NET application which works as a very restricted
    identity on IIS6.0
    The application will just have communication with DB server (no file system
    or registery access)

    Is there any benefit to consider code access security inside assemblies?

    Thanks,
    Ali
    A.M, Feb 11, 2004
    #1
    1. Advertising

  2. A.M

    [MSFT] Guest

    Hi AIi,

    Thank you for using the community. From the description, you have a single
    ASP.NET appliaction and it only access a database server. In this case, the
    Code Access Security may do little help on security. Code Access Security
    is important when the application access local resource or cooperating with
    another appplication. In your situation, you only need to ensure the
    restricted identity has proper permission to execute the ASP.NET
    appliaction and access the database server. And, from the database side, it
    should restrict the access, only allow the restricted identity open an
    connection.

    For more information on Code Access Security and ASP.NET, you may refer to:

    http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cpguide/htm
    l/cpconASPNETCodeAccessSecurity.asp

    Hope this help,

    Luke
    Microsoft Online Support

    Get Secure! www.microsoft.com/security
    (This posting is provided "AS IS", with no warranties, and confers no
    rights.)
    [MSFT], Feb 12, 2004
    #2
    1. Advertising

  3. if u wnat onle specify assembly call ur assembly
    then u can use codeAS
    with strong naming conventions...


    --
    Thanks and Regards,

    Amit Agarwal
    Software Programmer(.NET)
    "[MSFT]" <> wrote in message
    news:eek:...
    > Hi AIi,
    >
    > Thank you for using the community. From the description, you have a single
    > ASP.NET appliaction and it only access a database server. In this case,

    the
    > Code Access Security may do little help on security. Code Access Security
    > is important when the application access local resource or cooperating

    with
    > another appplication. In your situation, you only need to ensure the
    > restricted identity has proper permission to execute the ASP.NET
    > appliaction and access the database server. And, from the database side,

    it
    > should restrict the access, only allow the restricted identity open an
    > connection.
    >
    > For more information on Code Access Security and ASP.NET, you may refer

    to:
    >
    >

    http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cpguide/htm
    > l/cpconASPNETCodeAccessSecurity.asp
    >
    > Hope this help,
    >
    > Luke
    > Microsoft Online Support
    >
    > Get Secure! www.microsoft.com/security
    > (This posting is provided "AS IS", with no warranties, and confers no
    > rights.)
    >



    ---
    Outgoing mail is certified Virus Free.
    Checked by AVG anti-virus system (http://www.grisoft.com).
    Version: 6.0.583 / Virus Database: 369 - Release Date: 2/10/2004
    .NET Follower, Feb 12, 2004
    #3
  4. In my opinion, it is always good in theory to consider CAS when writing a
    DLL as that will make it a better .NET citizen. However, if you are sure
    the assembly will only run in a FullTrust environment, then in reality, you
    can safely ignore CAS as all permission demands will be granted.

    However, ASP.NET does allow administrators to run sites partially trusted,
    so you need to make sure that your app will not run partially trusted if you
    wish to ignore CAS.

    HTH,

    Joe K.

    "A.M" <> wrote in message
    news:...
    > Hi,
    > I am developing an ASP.NET application which works as a very restricted
    > identity on IIS6.0
    > The application will just have communication with DB server (no file

    system
    > or registery access)
    >
    > Is there any benefit to consider code access security inside assemblies?
    >
    > Thanks,
    > Ali
    >
    >
    >
    Joe Kaplan \(MVP - ADSI\), Feb 12, 2004
    #4
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Namratha Shah \(Nasha\)
    Replies:
    1
    Views:
    475
    Richard Blewett [DevelopMentor]
    Nov 8, 2004
  2. Namratha Shah \(Nasha\)
    Replies:
    0
    Views:
    1,715
    Namratha Shah \(Nasha\)
    Nov 6, 2004
  3. .NET Follower

    Anyone has links to Code Access Security?

    .NET Follower, Jan 31, 2004, in forum: ASP .Net
    Replies:
    0
    Views:
    304
    .NET Follower
    Jan 31, 2004
  4. Namratha Shah \(Nasha\)
    Replies:
    0
    Views:
    391
    Namratha Shah \(Nasha\)
    Nov 6, 2004
  5. Marc

    Security Access, Access Denied

    Marc, Aug 16, 2006, in forum: ASP .Net Security
    Replies:
    0
    Views:
    127
Loading...

Share This Page