Is it possible to secure an assembly called by a web app?

B

Bosco

I am writing an assembly in the 1.1 framework that will be called by an
ASP.NET application and I have a few questions about security.

First off the assembly to be called by the web app is 'privileged code' as
it makes numerous calls to both DirectoryServices and possibly in the future
ADO.

I am trying to understand how I can use Code Access Security or
Identity/Principal objects in order to authorize access to the public Classes
and methods of my privileged dll.

I cannot strong name the ASP assembly so I couldn't simply place Code Access
Security on the privileged assembly limiting it to the ASP assembly only.
And also, if I understand correctly, ASP Principal and Identity objects work
differently in ASP assemblies than in non-ASP assemblies. i.e. in non-ASP
assemblies the identity is tied to the thread where as in ASP the identity is
tied to
cookies or some other form of session state.

So how does a privileged dll that is to be called by an ASP web application
assembly restrict access to it's public classes and methods or implement any
sort of security policy at all?

Thanks in advance,
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

Forum statistics

Threads
473,734
Messages
2,569,441
Members
44,832
Latest member
GlennSmall

Latest Threads

Top