Re: trying to figure out code permissions

From: David Thielen <thielen@xxxxxxxxxxxxx>
Date: Mon, 9 Apr 2007 09:38:02 -0700

ok - thanks

--
thanks - dave
david_at_windward_dot_net
http://www.windwardreports.com

Cubicle Wars - http://www.windwardreports.com/film.htm

"Dominick Baier" wrote:

in addition it turns out that declarative requests are not flexible enough
in most situations...

If you want to have complete controls over the permissions you want to grant
yourself, construct a PermissionSet object and add the permissions you need/don't
want. Then call Deny/PermitOnly on it. Do that in your main so that all stack
walks can find the marker.

-----
Dominick Baier (http://www.leastprivilege.com)

Developing More Secure Microsoft ASP.NET 2.0 Applications (http://www.microsoft.com/mspress/books/9989.asp)

Hi Dave,

What's the exact CAS behavior you want to achieve in your application?
For assembly level security requesting, there are three requesting
types:

** Minimum
**Optional
**Refusing
For Optional, you need to take care when using it becaue it will only
grant those CAS permissions you have declared through the "Optional"
request flag, but refuse all other CAS permissions even if the runtime
origionally can grant your application host. Here are some MSDN
reference that can help you better understand this:

#Requesting Optional Permissions
http://msdn2.microsoft.com/en-us/library/ea5yat38(vs.71).aspx
#How to: Request Optional Permissions by Using the RequestOptional
Flag http://msdn2.microsoft.com/en-us/library/ea5yat38.aspx

Please feel free to let me know if you have any particualr requirement
here.

Sincerely,

Steven Cheng

Microsoft MSDN Online Support Lead

This posting is provided "AS IS" with no warranties, and confers no
rights.

References:
- Re: trying to figure out code permissions
  - From: Dominick Baier
- Re: trying to figure out code permissions
  - From: David Thielen
- Re: trying to figure out code permissions
  - From: Dominick Baier
- Re: trying to figure out code permissions
  - From: Steven Cheng[MSFT]
- Re: trying to figure out code permissions
  - From: Dominick Baier

Prev by Date: Re: Integrated Windows Authentication Timeout?
Next by Date: Re: Lost ability to use membership system
Previous by thread: Re: trying to figure out code permissions
Next by thread: Lost ability to use membership system
Index(es):
- Date
- Thread

Relevant Pages

Re: trying to figure out code permissions
... in addition it turns out that declarative requests are not flexible enough in most situations... ... If you want to have complete controls over the permissions you want to grant yourself, construct a PermissionSet object and add the permissions you need/don't want. ... For assembly level security requesting, ... #Requesting Optional Permissions ...
(microsoft.public.dotnet.framework.aspnet.security)
Re: Problems creating keys under the HKEY_LOCAL_MACHINE in Windows XP
... If the user doesn't have permissions for a particular ... suggested to lower the access rights you're requesting. ... However, if you specify lower rights, such as KEY_READ, then the ... certain access rights for that particular key, ...
(microsoft.public.vb.winapi)
Re: Registry prmissions
... You are not SETTING any permissions. ... You are REQUESTING the key be opened with a specific permission (or ... I created a new account in the User group and ran a program while logged ... Read.writing keys was not prevented. ...
(microsoft.public.vb.winapi)
Re: Accessing Documents, Issues, and Risks
... Are all of their permissions correct? ... > 2003 using their Windows user accounts. ... > permissions allow them to view Documents, Risks, and Issues. ...
(microsoft.public.project.pro_and_server)
Re: Access denied when using active directory groups and windows authentication
... the token that was produced by IIS authentication to do the ACL check (regardless ... Dominick Baier - DevelopMentor ... Granting these permissions on the AD ...
(microsoft.public.dotnet.framework.aspnet.security)