Re: trying to figure out code permissions

From: Dominick Baier <dbaier@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
Date: Mon, 9 Apr 2007 05:48:35 +0000 (UTC)

in addition it turns out that declarative requests are not flexible enough in most situations...

If you want to have complete controls over the permissions you want to grant yourself, construct a PermissionSet object and add the permissions you need/don't want. Then call Deny/PermitOnly on it. Do that in your main so that all stack walks can find the marker.

-----
Dominick Baier (http://www.leastprivilege.com)

Developing More Secure Microsoft ASP.NET 2.0 Applications (http://www.microsoft.com/mspress/books/9989.asp)

Hi Dave,

What's the exact CAS behavior you want to achieve in your application?
For assembly level security requesting, there are three requesting
types:

** Minimum
**Optional
**Refusing
For Optional, you need to take care when using it becaue it will only
grant those CAS permissions you have declared through the "Optional"
request flag, but refuse all other CAS permissions even if the runtime
origionally can grant your application host. Here are some MSDN
reference that can help you better understand this:

#Requesting Optional Permissions
http://msdn2.microsoft.com/en-us/library/ea5yat38(vs.71).aspx
#How to: Request Optional Permissions by Using the RequestOptional
Flag http://msdn2.microsoft.com/en-us/library/ea5yat38.aspx

Please feel free to let me know if you have any particualr requirement
here.

Sincerely,

Steven Cheng

Microsoft MSDN Online Support Lead

This posting is provided "AS IS" with no warranties, and confers no
rights.

Follow-Ups:
- Re: trying to figure out code permissions
  - From: David Thielen

References:
- Re: trying to figure out code permissions
  - From: Steven Cheng[MSFT]

Prev by Date: Re: trying to figure out code permissions
Next by Date: Re: Integrated Windows Authentication Timeout?
Previous by thread: Re: trying to figure out code permissions
Next by thread: Re: trying to figure out code permissions
Index(es):
- Date
- Thread

Relevant Pages

Re: Problems creating keys under the HKEY_LOCAL_MACHINE in Windows XP
... If the user doesn't have permissions for a particular ... suggested to lower the access rights you're requesting. ... However, if you specify lower rights, such as KEY_READ, then the ... certain access rights for that particular key, ...
(microsoft.public.vb.winapi)
Re: Registry prmissions
... You are not SETTING any permissions. ... You are REQUESTING the key be opened with a specific permission (or ... I created a new account in the User group and ran a program while logged ... Read.writing keys was not prevented. ...
(microsoft.public.vb.winapi)
Re: Accessing Documents, Issues, and Risks
... Are all of their permissions correct? ... > 2003 using their Windows user accounts. ... > permissions allow them to view Documents, Risks, and Issues. ...
(microsoft.public.project.pro_and_server)
Re: trying to figure out code permissions
... If you want to have complete controls over the permissions you want to grant ... Dominick Baier ... For assembly level security requesting, ... #Requesting Optional Permissions ...
(microsoft.public.dotnet.framework.aspnet.security)
Re: trying to figure out code permissions
... What's the exact CAS behavior you want to achieve in your application? ... assembly level security requesting, ... #Requesting Optional Permissions ... Microsoft MSDN Online Support Lead ...
(microsoft.public.dotnet.framework.aspnet.security)