Re: Enabling Access to Private Fields

From: Joe Kaplan \(MVP - ADSI\) (joseph.e.kaplan_at_removethis.accenture.com)
Date: 11/01/03 

Date: Fri, 31 Oct 2003 18:35:38 -0600

You could do this with permissions. Let's say you want to make a property
or method available only to certain callers, then you could use some type of
permissionattribute on that member to make sure only certain callers would
be able to call the method, with other receiving a SecurityException. The
type of attribute to use would depend on how you want to restrict callers,
but signing the calling assembly with a strong name key and using a
StrongNamePermissionAttribute on the associated member in the callee. You
would probably need to make the member Public though.

I'm not sure about how to add attributes using CodeDom, but I assume that is
possible. If not, you can always add the imperative syntax (create an
instance of the permission class and call it's Demand method).

HTH,

Joe K.

"Jeff Benson" <blaster151@hotmail.com> wrote in message
news:%23vlSfELnDHA.684@TK2MSFTNGP09.phx.gbl...
> Are you saying that what I'm asking about isn't possible?
>
> Is there no way to designate fields as accessible only by certain clients
> who declare certain security rights? I was under the impression that
that's
> what code-level permissions are all about.
>
> Maybe I'm approaching the question the wrong way. How about if I frame it
> like this: can I fabricate a new class using CodeDom and have it be
> considered part of the current, running assembly? With the same
permissions
> and access?
>
> Jeff
> blaster151@hotmail.com
>
>
>
> "Russell B. Eggen" <NOreggen@gte.netSPAM> wrote in message
> news:epPfLRKnDHA.3320@tk2msftngp13.phx.gbl...
> > In that case, I would add a method to pass along the outside data to
other
> > methods of the assembly. These internal methods would then safely,
> without
> > breaking your encapsulation, do what you want and send the results back.
> >
> > Food for thought. <g>
> >
> > --
> > Russ Eggen
> > www.radfusion.com
> >
> >
> > "Jeff Benson" <blaster151@hotmail.com> wrote in message
> > news:%23Rp2U2JnDHA.2964@tk2msftngp13.phx.gbl...
> > Thanks for replying. I want to make them available for writing *only*
to
> > the newly fabricated assembly. They should still be private to
everything
> > else. :)
> >
> > Basically, what I'm trying to do is dynamically create a data access
> object
> > (that knows how to perform direct field read/sets) based on metadata.
> It's
> > working perfectly except for the unfortunate fact that the new object
> > doesn't have permissions to actually do what it's supposed to do.
> >
> > Jeff
> > blaster151@hotmail.com
> >
> > "Russell B. Eggen" <NOreggen@gte.netSPAM> wrote in message
> > news:%23%23SW1n9mDHA.2080@TK2MSFTNGP10.phx.gbl...
> > > Why not add a method to return the value of your private fields? I
> would
> > > not bother with methods that could write to them, otherwise, what
would
> be
> > > the point of making them private? <g>
> > >
> > > --
> > > Russ Eggen
> > > www.radfusion.com
> > >
> > >
> > > "Jeff Benson" <blaster151@hotmail.com> wrote in message
> > > news:uJAdfi9mDHA.684@TK2MSFTNGP09.phx.gbl...
> > > Hello,
> > >
> > > I am wondering if it is possible to use declarative security
permissions
> > (or
> > > some other technique) to allow a dynamically synthesized assembly (one
> > that
> > > I'm compiling on-the-fly from C# code I've built myself at runtime) to
> > > access private fields on classes in the assembly that's performing the
> > > dynamic compilation.
> > >
> > > In other words, code in Assembly A wants to dynamically compile a new
> > > Assembly B (using the System.CodeDom.Compiler namespace) and allow
> > Assembly
> > > B to access private fields in Assembly A. (I could probably make them
> > > "protected" or "internal" if I had to, but would prefer to let them
> remain
> > > private.)
> > >
> > > Since I know that Assembly B could access Assembly A's private fields
> > > through reflection (just much more slowly), it seems to me that it
must
> be
> > > possible to enable it to access them directly. I've done some
> preliminary
> > > reading about code-level permissions, but haven't found the solution.
> Any
> > > advice or even pointers in the right direction would be tremendously
> > > appreciated!
> > >
> > > Thanks in advance,
> > >
> > > Jeff Benson
> > > blaster151@hotmail.com
> > >
> > >
> > >
> >
> >
> >
>
>

Relevant Pages

  • Code Access Security [Was .NET Framework Security Projects]
    ... > Comparing the granularity of security would be interesting. ... > in UIs, plus when I started, there was a mentality of "It's Java, so it's ... Defines permissions and permission sets that represent the right to ... Enables code to demand that its callers have specific permissions. ...
    (microsoft.public.dotnet.security)
  • Re: Code Access Security [Was .NET Framework Security Projects]
    ... Java security checks/stack walks for everything, ... Defines permissions and permission sets that represent the right to ... Enables code to demand that its callers have specific permissions. ...
    (microsoft.public.dotnet.security)
  • Re: Changing groups
    ... pleaderb, sue, frank, ed are members of group projectb ... Everyone is a member of group user. ... depending on the file's permissions they can read and write the ... I do this all the time, using Samba. ...
    (Debian-User)
  • Re: Outside Users RDP into WS2008???
    ... Name it DL-Consultants ... Assign permissions on a resource to domain local group '. ... add any user account belonging to your consultants to become member of G-Consultants group. ... End disconnected session: ...
    (microsoft.public.windows.server.general)
  • Re: How to remove a user from a mail group (Tried to search...)
    ... If you're using Distribution Groups, these cannot show up in any ACLs ... If it is a Security Group, you'll need to figure out the what different ... resources the group could have permissions on. ... I go to "member of" tab. ...
    (microsoft.public.exchange.admin)