Re: Code Access Security Enforcement anamoly - - Thx in advance.

From: Krishna Moturi (moturi@hotmail.com)
Date: 02/18/03 

From: "Krishna Moturi" <moturi@hotmail.com>
Date: Mon, 17 Feb 2003 16:01:48 -0800

Hi Shawn,

My thoughts on this.

If we look at the documentation and security changes since v1.0 of .NET, the
only solutions that is recommended so far are:

1) Use 'AllowPartiallyTrustedCaller' attribute at assembly level to trust
partially trusted callers...runtime will skip 'LinkeDemand-FullTrust' call.
    Scenarios where u're in control of end-to-end application chain
(asp.net->.Net componensts->db) and u expect everything to be fully trusted
as they're all signed with u'r SPC,..whic is a security compromise
2) Use 'ApplicationDirectory' membership condition to make all dynamically
generated aspx assemblies (they are at
C:\WINNT\Microsoft.NET\Framework\v1.0.3705\Temporary ASP.NET Files) so that
aspnet_wp.exe who is above that folder could trust those assemblies...agian
this also would be a security compromise.
3) Use site membership condition (ex; http://www.acme.com as fully trusted)
so that any assemblies under that website would be considered as fully
trusted.

Ideally , framework should provide some faciltiy where in runtime even signs
those dynamically compiled aspx pages..that would be the true security
facility..not working workarounds and not solving the root cause and
providing a way for malignant code to use that 'partiallytrustedcallers'
compromise.

We should be committed to making this .NET based computing environment the
most trusted and secured computing environment ever put into work, if that's
what the place where we could ask our customers to trust our services.

Thanks
Krishna

"Krishna Moturi" <moturi@hotmail.com> wrote in message
news:#tCyvdt1CHA.1752@TK2MSFTNGP10...
> Hi Shawn,
>
> Thanks for swift response.
>
> What would be the best-practices approach to tackle this most commonly
> anticipated situation for any enterprise ?
>
> Do we have any guidance from MSFT dictating any authoritative policy ?
>
> we would really appreciate your response to this as we're totally
> sincere/serious in providing 'total secure computing envionment' promise
to
> our customers on .NET platform.
>
> Thanks
>
>
>
> "Shawn Farkas [MS]" <shawnfa@online.microsoft.com> wrote in message
> news:OZXziqs1CHA.2576@TK2MSFTNGP11.phx.gbl...
> > Hi Krishna,
> >
> > You are probably running into a situation with dynamic compilation.
> > ASP.Net will dynamically compile its web pages into an assembly. This
> > assembly will not be signed by your certificate, and as such will not
have
> > execution permissions.
> >
> > -Shawn
> >
> > --
> > This posting is provided "AS IS" with no warranties, and confers no
> rights.
> > Please do not send email directly to this alias, this alias is for
> newsgroup
> > purposes only.
> >
> >
> > "Krishna Moturi" <moturi@hotmail.com> wrote in message
> > news:e29Sk4r1CHA.1616@TK2MSFTNGP11.phx.gbl...
> > > Hi,
> > >
> > > We have role-based security, strong naming and
publisher-signature(SPC)
> in
> > > place for our 75k c# codebase (23 assemblies).
> > > We are trying to enforce CAS so that only our SPC trusted assemblies
> could
> > > be granted 'FullTrust' permisson set.
> > >
> > > 1) we changed 'Machine' level security policy so that
'My_Computer_Zone'
> > no
> > > longer would be carrying 'FullTrust' permission set.
> > > ( we don't want any malignant code installed to have fullTrust
> > > permission set.).
> > > 2) We created a new child code group and granted 'FullTrust' to our
> > > certificate signed assemblies with appropriate code membership
> condition.
> > >
> > > Our custom windows services with all 23 assemblies are working
> fine...but
> > > ASP.NET process no longer works.. (every aspx page just hit deadlock
> > timeout
> > > threshold)..........
> > > we are looking for guidance on this enforcement policy.
> > >
> > >
> > > Thanks in advance
> > > Krishna
> > >
> > >
> >
> >
>
>

Relevant Pages

  • Re: Am I the only one with doubts about .NET for commercial apps?
    ... > So far, I have found only these two weaknesses, but these are BIG ... harder to do in unmanaged code, no licensing restrictions you add there are ... sense of security by making it clearer how easy it is to do. ... You can make reusing your assemblies a bit harder by using identity demands, ...
    (microsoft.public.dotnet.general)
  • RE: Decleration Excel.Application or what
    ... security error when you call into the NanoSort class. ... When you create and build your VSTO project a .NET security policy is ... assemblies reside rather than just the VSTO assembly and this should correct ...
    (microsoft.public.vsnet.vstools.office)
  • ANN: Free .NET Workshops
    ... Richard Grimes has made available some of his .NET training courses as ... - Location of .NET assemblies and how to change the default locations ... ..NET Security Workshop ... - Cryptography; Crypto transforms and crypto streams; Keys and ...
    (microsoft.public.dotnet.faqs)
  • ANN: Free .NET Workshops
    ... Richard Grimes has made available some of his .NET training courses as ... - Location of .NET assemblies and how to change the default locations ... ..NET Security Workshop ... - Cryptography; Crypto transforms and crypto streams; Keys and ...
    (microsoft.public.dotnet.framework)
  • ANN: Free .NET Workshops
    ... Richard Grimes has made available some of his .NET training courses as ... - Location of .NET assemblies and how to change the default locations ... ..NET Security Workshop ... - Cryptography; Crypto transforms and crypto streams; Keys and ...
    (microsoft.public.dotnet.general)