Skip to main content

Code Access Security in .Net



Namespace: System.Security

What is Code Access Security?
Code Access Security is a mechanism through which Developers and administrators can restrict code from accessing different resources, without caring about the users’ access level.

You can also control resource that can’t be controlled through traditional RBS (Role Based Security), e.g. Web Requests and DNS requests etc.

It can be only applied to Managed Applications. These restriction are applied not to the user instead to the Application, thus it does not require username or password.

Evidence:
It is the information that runtime gather about the assembly to determine which Code Groups the assembly belongs to.

The following table shows the common types of evidence that a host can present to the runtime.

Evidence
Description
Application directory
The application's installation directory.
Hash
Cryptographic hash such as SHA1.
Publisher
Software publisher signature; that is, the Authenticode signer of the code.
Site
Site of origin, such as http://www.microsoft.com.
Strong name
Cryptographically strong name of the assembly.
URL
URL of origin.
Zone
Zone of origin, such as Internet Zone.

Permissions
System.Security.Permissions provides different type of permissions that can be assigned to assemblies. Like FileDialogPermissions, FileIOPermessions etc.

Permissions Set
A Permission Set is a CAS Access Control List. Like the InternetZone contains the following Permissions:
File Dialog, Isolated Storage File, Security, User Interface and Printing.
Built-in named Permission Set includes:
Permission set
Description
Nothing
No permissions (code cannot run).
Execution
Permission to run (execute), but no permissions to use protected resources.
Internet
The default policy permission set suitable for content from unknown origin.
LocalIntranet
The default policy permission set within an enterprise.
Everything
All standard (built-in) permissions, except permission to skip verification.
FullTrust
Full access to all resources.
SkipVerfication
Enables an Assembly to bypass Security Checks, which can improve performance but scarifies security.

Code Groups
Code Groups are authorization devices that associate assemblies with Permission Set.

All the assemblies belong to Code Group A if they fulfill the MemberShip Condition of the Code Group A. Then Code Group A applies all the Permissions those are defined in its Permission Set to those member assemblies. Nested Code Groups are allowed.





Security policy

Security Policy is a logical grouping of Code Groups and Permission Sets. A security policy can contain custom assemblies that define other types of security Policies. It also helps administrators to configure security at four differ Levels.

                Enterprise Level:              Can be configured using Active Directory
                Machine Level:                                 Applies to Code that reside on a machine
                User Level:                         Applies restriction per user bases

It grants Minimum Permissions to the application by disallowing any Permission that is restricted in any Permission Set. Each Assembly is a member of Enterprise, Machine and User Code Groups.

How CAS Work with Operating System
CAS works independently from OS and sits on top of OS Security, and any permission is evaluated on mutual basis. No assembly can have more permissions than the user running the assembly.

Code Access Security Policy Tool
caspol.exe is command line tool to manage configuration and policies, it works similar to .Net configuration tool.

Caspol Parameters: Command Line Options
Option
Description
-addfulltrust assemblyfile
Used to add a strong name assembly that provides custom permissions or membership conditions.
-addgroup parent_name membership_condtion Permission_set_name [flags]
Parent_name is the parent code group under which this code group will be added.
-all
Indicates that the specified options will be applied to all Policy level that is: enterprise, user and machine leve.
-chggroup name { membership_conditin | permission_set_name | flags }

-enterprise
Options will be applied to only enterprise level policy.
-execution { ON | OFF}
Turns on or off the mechanism that checks for permissions.
-help

-list
Lists the code group hierarchy and permission for the specified policy level or for all levels.
-listdescription
Code groups + descriptions of the specified policy level.
-listfulltrust
Lists the contents of the full trust assembly of specified policy level.
-listgroups
Displays Code Groups of the specified policy or all levels.
-listpset
Shows permission set of the specified policy or all levels.
-machine
Options will be applied to only machine level policy.
-quiet
Temporarily disables the command prompt.
-recover
Recovers a policy from a backup file. When every a change is made, caspol makes a backup copy of the old policy.
-remgroup groupname
Removes a code group along with child code groups.
-rempset permission_set_name
Removes the permission set if it is not a built-in permission set and not associated with any code group.
-reset
Resets the policy levels to default, also deletes custom permissions, Permissions sets and code groups.
-resolvegroup assemblyfile
Shows the Code groups to which the assembly belongs.
-resolveperm assemblyfile
Shows all permission that security policy would grant the assembly.
-security {on | off}
Turn on / off the Code Access Security.
-user
Options will be applied to user level policy of the current user.

Caspol Membership conditions
Membership condition
Specifies
-all
All Codes.
-appdir
Condition satisfies if URL evidence matches with application directory evidence of the coed.
-hash hash_alogrithm {hex hash_values –file assembly_file}
Condition satisfies if the assembly has specified hash evidence.
-pub { -cert cert_file_name | -file signed_file_name | -hex hex_string }
Condition satisfies if that assembly have the specified publishers signature, or specified certificate of X509 Certifiacte.
-site website
If application have the specified site of origin.
-strong –file file_name {name | -noname} {version | -noversion}
Condition satisfies if the code have the strong name specified by the assembly file_name + version
-url URL
Code that originates from the URL. Wild card (*) is allowd.
-zone zonename
If code have the specified zonename, it could be MyComputer, Intranet, Trusted, Internet, or Untrusted.

-description and –name flags can be used with –addgroup and –chggroup.

Labels:

Comments

Post a Comment

Popular posts from this blog

Culture Information and Localization in .NET

Namespace: System.Globalization CultureInfo Class:                 It provides information like the Format of numbers and dates, Culture’s Calendar, Culture’s language and sublanguage (if applicable), Country and region of the culture. The Basic use of CultureInfo class is shown here: • How string Comparisons are performed • How Number Comparison & Formats are performed • Date Comparison and Formats. • How resources are retrieved and used. Cultures are grouped into three categories: Invariant Culture : It’s Culture Insensitive. It can be used to build some trial application. It can be also used to build an application with hard-coded expiry date that ignores cultures. But using it for every comparison will be incorrect and inappropriate. Neutral Culture : English(en), Frensh(fr), and Spanish(sp). A neutral culture is related to language but it’s not related to specific regi...
Post a Comment
Continue Reading »

Concept of App Domain in .Net

Creating Application Domains: Application domain is just like process, provides separate memory space, and isolates from other code. But it’s quite light weight. It also provides the following advantages: 1-       Reliability : If a domain crashes, it can be unloaded. Hence doesn’t affect the other assemblies. 2-       Efficiency : Loading all assemblies in one domain can be cumbersome and can make the process heavy but Appdomains are efficient in this manner. Important properties of AppDomain: ApplicationIdentity , ApplicationTrust , BaseDirectory , CurrentDomain , DomainManager , DomainDirectory , Evidence , FriendlyName , ID , RelativeSearchPath , SetupInformation , ShadowCopyFiles . Important methods of AppDomain: ApplyPolicy , CreateCOMInstanceFrom , CreateDomain , CreateInstance (Assembly). To create an AppDomain: AppDomain adomain = AppDomain.CreateDomain(“D”); To execute an assembly:...
Post a Comment
Continue Reading »

Asynchronous Execution in ASP.NET

Asynchronous Execution: Two ways either implement IHTTPAsyncHandler interface or in ASP.NET 2.0 set <%@ Page Async=”true” %>. The second option implements IHTTPAsyncHandler interface automatically for the page when parsed or compiled. AddOnPreRenderCompleteAsync ( new BeginEventHandler(BeginTask), new EndEventHandler(EndTask)); AddOnPreRenderCompleteAsync() shoud be called in Page_load. The BeginEventHandler and EndEventHandler are delegates defined as follows: IAsyncResult BeginEventHandler( object sender, EventArgs e, AsyncCallback cb, object state) void EndEventHandler( IAsyncResult ar) AsyncProcess starts and completes between PreRender and PreRenderComplete. Other way to perform Async Task is using AsyncPageTask structure. It also allows multiple tasks to execute simultaneously. void Page_Load (object sender, EventArgs e) { PageAsyncTask task = new PageAsyncTask( new BeginEventHandler(BeginTask), new EndEventH...
Continue Reading »