Re: Declarative Security (RequestMinimum vs. RequestRefuse)

From: Ivan Medvedev [MS] (ivanmed@online.microsoft.com)
Date: 01/23/03

Next message: Ivan Medvedev [MS]: "Re: Declarative or Imperative Security"
Previous message: John Bristowe: "Declarative Security (RequestMinimum vs. RequestRefuse)"
In reply to: John Bristowe: "Declarative Security (RequestMinimum vs. RequestRefuse)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

From: "Ivan Medvedev [MS]" <ivanmed@online.microsoft.com>
Date: Thu, 23 Jan 2003 14:34:43 -0800

John -
the "refuse" action will refuse its permissions no mater what you have in
RequestMinimum and RequestOptional. By specifying RequestMinumum and
RequestOptional you are implicitly refusing everything else.
Here is the formal equation on how the permission grant is evaluated:

(MaxAllowed Ç (Minimum È Optional)) - Refused

Hope this helps.
--Ivan

This posting is provided "AS IS" with no warranties, and confers no rights

"John Bristowe" <john.bristowe@empowered.com> wrote in message
news:#QbiM9vwCHA.2372@TK2MSFTNGP12...
> All,
>
> From page 8 of "Supporting Security Declarations and Annotations"
> (DeclarativeSecuritySupport.doc):
>
> Code only needs a specific set of mandatory and optional
> permissions, the requests should be for just those
> permissions only and there is no need to explicitly refuse
> permissions never requested.
>
> This is confusing; why don't I want to define a mandatory and optional
> permission set and refuse everything else?
>
> Example (assembly-level permissions):
>
> // request permission to read a particular key
> [Assembly: RegistryPermission(SecurityAction.RequestMinimum,
> Read:="...")]
>
> // refuse permission to the rest of the registry
> [Assembly: RegistryPermission(SecurityAction.RequestRefuse, All:="*")]
>
> Cheers,
>
> John
> http://radio.weblogs.com/0112381/
>
>

Next message: Ivan Medvedev [MS]: "Re: Declarative or Imperative Security"
Previous message: John Bristowe: "Declarative Security (RequestMinimum vs. RequestRefuse)"
In reply to: John Bristowe: "Declarative Security (RequestMinimum vs. RequestRefuse)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: Article: Permissions View Tool (Permview.exe .Net FrameWork Tools Series)
... use even one RequestMinimum in order for this to happen. ... there is a set of permissions that will still be grantable even ... > You have to be careful here. ... If you specify RequestMinimum and ...
(microsoft.public.dotnet.framework)
Re: Principal of least privilege and code access security
... security until recently has been a very low priority. ... some of the growing pains (like I don't even have permissions to shut my ... Things like RequestMinimum work at the assembly level ... install and secure your application it will just ...
(microsoft.public.dotnet.security)
Re: Article: Permissions View Tool (Permview.exe .Net FrameWork Tools Series)
... Oh thanks - I'd never tried omitting the RequestMinimum when specifying RequestOptional ... Richard Blewett - DevelopMentor ... there is a set of permissions that will still be grantable even ...
(microsoft.public.dotnet.framework)
Re: Article: Permissions View Tool (Permview.exe .Net FrameWork Tools Series)
... one comment inline ... ... > There are 3 types of requested permissions which can be granted on ... (RequestMinimum) Permissions your code must have in ...
(microsoft.public.dotnet.faqs)
Re: Security Exception when I use IsolatedStorageFilePermissionAttribu
... the RequestMinimum and RequestOptional don't work *exactly* as you'd expect. ... In your case you have essentially stated that apart from access to File Dialogs, File IO and Isolated Storage *you don't want any other permissions granted to you* and so you will fail to get the UIPermission. ... I get a the following exception message when I run it in debug in visual ...
(microsoft.public.dotnet.framework)