Use declarative CAS demands - ensure that assm has all necessary permissions but none that it does not require.
Reasons to use CAS Assm Decl
- To ensure that the runtime will never run your app without granting access to all required resources - if user attempts to run app and CAS security policy does not grant a required permission, an exception is thrown. Use SecurityAction.RequestMinimum - to declare all CAS perms required by app.
- To create a sandbox for app to ensure an attacker does not manipulae it to access unintended resources - use CAS decl to reduce your assms
Classes for CAS Permissions
- For each type of resource (e.g. files/folders, printers, network access,...) that can be restricted by CAS there is a .NF class.
- Permission Attribute classes - inherit from CodeAccessSecurityAttribute class.
- Action property - specifies how the runtime will interpret the permission. Set to...
- 1) SecurityAction.RequestMinimum - requires a perm. for assm to run. If assm lacks specified perm then runtime throws exception.
- 2) SecurityAction.RequestOptional -
- 3) SecurityAction.RequestRefuse -
- NOTE: CAS is significant only for partially trusted assmebles. The runtime completely ignores CAS decl for fully trusted assemblies.
- combine RequestMinimum and RequestOptional - for non-negotiable permissions for 1 thing, but nothing else required.
- UIPermission, Unrestricted = true - for debugging + RequestOptional.
No comments:
Post a Comment