System.Security.Permissions namespace By Venkata Krishna Date: Instructor 06/19/2007 Dr. Ravi Mukkamala

Overview Introduction Classes in System.Security.Permissions Namespace Permissions Code access security References

Introduction Permissions are the mechanism through which the.NET runtime enforces code-access security. The System.Security.Permissions namespace contains permission classes and their attributes.

There are a lot of classes and enumerations in this namespace. Few of the important classes are Classes EnvironmentPermission FileDialogPermission FileIOPermission IsolatedStorageFilePermission IsolatedStoragePermission ReflectionPermission RegistryPermission SecurityPermission UIPermission  Each of these classes have many methods. Classes in System.Security.Permissions Namespace

Permissions There are three distinct categories of permissions defined in the System.Security.Permissions namespace:  Code-Access Permissions,  Identity Permissions and  Role-based Permissions Code-Access Permissions: The Common Language Runtime (CLR) allows code to perform only those operations that the code has permission to perform. Restrict what your code can do Restrict which code can call your code Identify code

Identity Permissions: The identity permission classes represent the value of host evidence that an assembly or application domain presents to the runtime. Role-based Permissions: Permissions based on roles of a user on whose behalf code is running.

The elements of CAS are permissions permission sets code groups evidence policy Code access security

Demo Creating permission sets and code groups

Two different kinds of syntax when coding security are Declarative Declarative syntax uses attributes to mark the method, class or the assembly with the necessary security information. [FileIOPermission(SecurityAction.Demand, Unrestricted=true)] public calss MyClass { public MyClass() {...} // all these methods public void MyMethod_A() {...} // demands unrestricted access to public void MyMethod_B() {...} // the file system } Imperative Imperative syntax uses runtime method calls to create new instances of security classes. public calss MyClass { public MyClass() { } public void Method_A() { // Do Something FileIOPermission myPerm = new FileIOPermission(PermissionState.Unrestricted); myPerm.Demand(); // rest of the code won't get executed if this failed // Do Something } // No demands public void Method_B() { // Do Something }

Requesting Permissions An assembly can request permissions before it is loaded. RequestMinimum The code will be only allowed to run if all the required permissions are granted by the security policy. [assembly:RegistryPermission(SecurityAction.RequestMinimum, Write="HKEY_LOCAL_MACHINE\\Software")] RequestOptional Permissions that the code can use, but not required in order to run. [assembly:FileIOPermission(SecurityAction.RequestOptional, Write="C:\\")] RequestRefuse To specify the permissions that the assembly would never require. [assembly:FileIOPermission(SecurityAction.RequestRefuse, Write="C:\\")]

Overriding Security An assembly can override the permissions in three ways. Assert Assert method to stop the stack walk from going beyond the current stack frame. FileIOPermission myPerm = new FileIOPermission(FileIOPermissionAccess.Read, "C:\\"); myPerm.Assert(); // don't check above stack frames. Deny Deny the current set of permissions. WebPermission myWebPermission = new WebPermission(NetworkAccess.Connect, " myWebPermission.Deny(); PermitOnly PermitOnly in some situations when needed to restrict permissions granted by security policy. WebPermission myWebPermission = new WebPermission(NetworkAccess.Connect, " myWebPermission.PermitOnly();

References O’Reilly : Programming.NET Security By Adam Freeman, Allen Jones, June ’03 us/library/system.security.permissions.aspx us/library/system.security.permissions.aspx

Discussion