Home > DeveloperSection > Articles > Introduction of Code Access Security in .Net Framework

Introduction of Code Access Security in .Net Framework


Security in .Net C#  .NET  Security 
Ratings:
0 Comment(s)
 724  View(s)
Rate this:

Introduction of Code Access Security in .Net Framework

Hi everyone in this article I’m explaining about Code Accessing security in .net framework.

Introduction:

The common language runtime and the .net framework provide many useful classes and services that enable developers to easily write secure code and enable system administrator to customize the permissions granted to code so that it can access protected resources.

Code access security is a feature that enable you to define restrictions on code that would be executing in the manage environment. You can use code access security to restrict access to your code, define policy levels, code groups and grant to revoke permissions etc. you can also implement both imperative and declarative security mode in your applications.

What is code access security?

Code access security is security features in .net that provides restrictions on the code that is to be executed based on who the owner of the code is, where it has been downloaded from, the evidences etc. The CLR would allow your code to only perform operations that are permitted.

In the Microsoft .NET framework is Microsoft’s solutions to prevent untrusted code from performing privileged actions. When the CLR loads       an assembly it will obtain evidence for the assembly and use this to identify the code group that the assembly belongs to. A code group contains a permission set (one or more permission). Code that performs a privileged action will perform a code access demand which will cause the CLR to walk up the call stack and examine the permission the permission set granted to the assembly of each method in the call stack. The code groups and permission sets are determined by the administrator of the machine who defines the security policy.

You can use code access security to restrict what all your code can do, restrict which code can invoke your code and also identify code. Code access security imposes certain restrictions and policies based on which access to protected resources and operations are governed.

Note that code access security is based on two key concepts, namely, code groups and permissions. Each and every .NET assembly belongs to a particular code group. Each code group in turn is granted a set of permission that are specified in the permission set to which it is associated. You can use the following command in the command line to see the code groups defined your system.

Code Access Security comprises of the following elements:

Permissions: these represent a resource that is protected, or, the ability to perform an operation that is protected.

Permissions Sets: permission sets comprise of a collection of permissions. The built-in permission sets provided by the CLR include: nothing, Execution, internet, local internet.

Code Groups: code groups are defined as logical grouping of code with a specified membership conditions.

Evidence: this can be defined as information that is associated with an assembly. It denotes the origin of code. The CLR examines the evidence associated with the code group. Some typically types of evidence include: site, strong name, and publisher, URL and zones. in essence, evidence is typically used to authenticate the code. The various identity permissions that are used to authenticate code include.

Policies: policies are defined as a configurable set of rules that determine the permissions to grant access to a piece of code. Policies typically represent the user roles. There consist of the following types: application domain policy, user policy, machine policy and enterprise policy.

Using Declarative and Imperative Syntax:

You can define code access security in your code either using declarative syntax using imperative syntax. While you use attributes to define code access security declarative, the imperative syntax used runtime method calls.

Here is how you can implement code access security declaratively:

[FileIOPermission(SecurityAction.Demand, Unrestricted=true)]

 

  public class Test

  {

      public void DoWork()

      {

        //Some code

      }

  }

 

  Here is how you can implement Code Access Security using imperative syntax:

  public class Test

  {

      public void DoWork()

      {

         FileIOPermission fileIOPermission =

            new FileIOPermission(PermissionState.Unrestricted);

          fileIOPermission.Demand();

      }

  }

 

check more post on security in .net here


Don't want to miss updates? Please click the below button!

Follow MindStick