|
The basics of CAS is whenever any code is being executed in managed world the .NET runtime verifies whether that code is allowed or not based on evidence and set of permissions. Two important things that are very much importance to the framework is:
- Evidence:- From where the code comes? Is the code managed or unmanaged.
- Permissions:- The permission set on which the code executes.
Permissions and Permission Sets
Permission is what a code can do with particular resource like File, Registry etc., and Permission Set is collection of permission.
Policy Levels
NET System comes up with 4 Policies that are Enterprise , Machine User, and AppDomain (which can be done through programmatically). Each policy has multiple code groups and multiple permission sets.They have the hierarchy given below.
Enterprise : All managed code in an enterprise setting.
Machine: All managed code on the computer.
User: Code in all processes associated with the current user.
Application Domain: Managed code in the host's application domain.
Example:- To get the permission set of Current Assembly.
Form13.cs
using System;
using System.Collections.Generic;
using System.ComponentModel;
using System.Data;
using System.Drawing;
using System.Text;
using System.Windows.Forms;
using System.Threading;
using System.Diagnostics;
using System.Reflection;
using System.Security;
using System.Security.Policy;
using System.Security.Permissions;
using System.Collections;
namespace _CSharpApplication
{
public partial class Form13 : Form
{
const string sFullTrust = "FullTrust" ;
static PermissionSet finalSet = new NamedPermissionSet ( "FinalAssemblySet" );
static PermissionSet permSet = null ;
static bool fullTrust = true ;
public Form13()
{
InitializeComponent();
}
private void Form13_Load( object sender, EventArgs e)
{
}
static bool isResGroups( CodeGroup _codeGroupparent, PolicyLevel _policyLevel)
{
NamedPermissionSet _namedPermissionSet = _policyLevel.GetNamedPermissionSet( _codeGroupparent.PermissionSetName);
if (isFullTrust(_namedPermissionSet)) return true ;
if (permSet == null ) permSet = ( PermissionSet )_namedPermissionSet;
else permSet = permSet.Union(_namedPermissionSet);
if (_codeGroupparent.Children.Count > 0)
{
foreach ( CodeGroup cp in _codeGroupparent.Children)
{
if (cp.Children.Count > 0)
isResGroups(cp, _policyLevel);
else
{
NamedPermissionSet nps2 = _policyLevel.GetNamedPermissionSet( cp.PermissionSetName);
if (isFullTrust(nps2))
return true ;
permSet = permSet.Union(nps2);
}
}
}
return false ;
}
static bool isFullTrust( NamedPermissionSet _namedPermissionSet)
{
if (_namedPermissionSet.Name.Equals( "FullTrust" ))
return true ;
return false ;
}
static void getOutput( PermissionSet _permissionSet, ListBox _listBox)
{
IEnumerator psEnumerator = _permissionSet.GetEnumerator();
while (psEnumerator.MoveNext())
_listBox.Items.Add(psEnumerator.Current);
}
private void button1_Click( object sender, EventArgs e)
{
lstPermission.Items.Add( "List of permissions assign to current assembly" );
IEnumerator policy = SecurityManager .PolicyHierarchy();
while (policy.MoveNext())
{
PolicyLevel currentLevel = ( PolicyLevel )policy.Current;
CodeGroup group = currentLevel.ResolveMatchingCodeGroups ( Assembly .GetExecutingAssembly().Evidence);
fullTrust &= isResGroups(group, currentLevel);
if (!fullTrust)
{
if (finalSet == null ) finalSet = permSet;
else finalSet = finalSet.Intersect(permSet);
permSet = null ;
}
else
{
lstPermission.Items.Add( "Current Level-" + currentLevel.Label + " || " + "Group--" + group.Name + " || " + "Group Policy--" + group.PermissionSetName);
}
}
if (fullTrust)
lblMode.Text = "Assembly is running in full-trust mode." ;
else
getOutput(finalSet, lstPermission);
}
}
}
Output:
Clicking on the “Assembly Information” button.
 |
Total Members
Delicious
Digg
Technorati
Blink
Furl
Reddit
Newsvine
Google
