In this blog, I’m explaining about Code Access security in .NET
What is Code Access Security?
The .Net framework provides a security mechanism to protect the computer system from malicious to protect the computer system from malicious code and to provide a way to allow mobile code to run safely, the mechanism called code Access security (CAS).
CAS allows code to be trusted to varying degrees, as determined by the security policy, depending on where the code comes from and on other aspects of the code’s identity, such as its strong assembly name. CAS reduces the likelihood of our code being misused by other malicious code. It allows us to specifically set of operations our code should be allowed to perform as well as the operations our code should never allow to perform. Specifically, CAS supports a permission support mechanism by which code can explicitly request particular permission and explicitly refuse others.
Components of Code Access Security
Evidence-Based Security
Evidence represents the origin of the code. At runtime, the .NET common language Runtime(CLR) gathers evidence on an assembly that it uses for security as the application executes. .NET calculates evidence at runtime because it cannot resolve the origin of an assembly until that assembly is executing.
Permissions
The evidence is the input to CAS policy and permissions are the output. Permissions specify what a piece of code is allowed to do. The code can only perform actions for the permissions.
CAS provides two security modes to define permissions for code.
Declarative and imperative security
Declarative security (method metadata)
Imperative security (method implementation)
Imperative Security
This kind of security could be used to perform demands and overrides. This helps in a situation where you want to check the permissions at runtime. However, this kind of security cannot be used to perform requests. In imperative syntax, a new instance of the security permission object needs to be created before calling. Also, you need to initialize the permission set to invoke a security object. A permission set consists of a group of permissions; initializing a permission group provides means to perform assert calls on multiple permissions in one method. For this purpose, you could use the NamedPermissionSet and PermissionSet class for grouping of permissions. You can then call the required method to invoke the appropriate security call.
Types of method Permission Requests:
1. Assert
Instructs the runtime to ignore the fact that callers might not have the specified permission. Assemblies must have the Assert any permission that has been granted security permission setting.
2. Demand
Instruction the runtime to throw an exception if the caller and all callers higher in the stack lack the specified permission.
3. Deny
Causes the runtime to reduce the method’s access by removing the specified permission.
4. InheritanceDemand
Instructs the runtime to throw an exception if an assembly inheriting from the class lacks the specified permissions.
5. LinkDemand
Causes the runtime to throw an exception if the immediate caller, but not callers higher in the stack, lack the specified permission.
6. PermitOnly:
Instructions the runtime to reduce the method’s access by removing all permissions except for the specified permission.
Declarative security (method metadata)
Declarative security is
1. Part of a method’s metadata
2. Implemented with custom attributes
3. Processed by CLR
There are only three types of CAS assembly declarations (RequestOptional, RequestMinimum, and RequestRefuse).
[FileIOPermissionAttribute(SecurityAction.RequestRefuse, "C:\Program Files")]
public class RestrictPF
{
public RestrictPF()
{
//security call protects the constructor.
}
public void SomeMethod()
{
//security call also protects this method.
}
}
Leave Comment