Permissions granted based on assembly and user

From: /kim/birkelund/aka/sekhmet (msnews_at_sekhmet.dk)
Date: 06/28/04 

Date: Mon, 28 Jun 2004 08:56:55 +0200

Hi

Considering a multiuser system that supports server-side plugins, where
users have access to different parts of the system through the same plugins,
I'd like to know if the following situation can be solved using built-in
.Net security functionality:

We have a plugin P, and two users U1 and U2. For simplicity lets say that P
is a plugin that reads the content of a file and outputs it to the users. U1
and U2 have access to different files, and it's important that user U1 can't
read user U2's files and vice versa. When U1 is logged in P should be
allowed only to access the files U1 has access to, so that a badly written
or malicious plugin is unable to, by accident or purposfully, output the
content of U2's files to U1.

I know you can load an assembly and set its permissions, based on its
location, evidence or something else. But I'd like a way to give an assembly
different permissions based on the current user logged in. Obviously this
wouldn't be a problem if the assembly was loaded each time a user logged in,
but that isn't the case. Plugin assemblies are loaded once when the system
starts, and the system can have multiple users working at the same time.

In short: is there a way to grant an assembly different sets of permissions
at the same time based on something apart from the assembly it self?

----------------------------------------------------
/kim/birkelund/aka/sekhmet

Relevant Pages

  • Re: Permissions granted based on assembly and user
    ... setting the Policy for specific assemblies through the ... > You can set impersonation ON and use NTFS permissions on the files. ... > should also use Code Access Security to specify what folders the plugin ...
    (microsoft.public.dotnet.security)
  • RE: Probing assemblies for security requirements
    ... There is no way to programatically determine the permissions that an assembly is going to require. ... Probing assemblies for security requirements ... In a situation where assemblies are dynamically loaded (i.e. plugin infrastructure), is there a way to probe a assembly for it's security ...
    (microsoft.public.dotnet.security)
  • Re: Permissions granted based on assembly and user
    ... Since CAS is built upon restricting permissions based upon the code's identity, not the user's identity, there's no membership condition that does ... setting the Policy for specific assemblies through the ... >> should also use Code Access Security to specify what folders the plugin ... >>> We have a plugin P, and two users U1 and U2. ...
    (microsoft.public.dotnet.security)
  • Re: Permissions granted based on assembly and user
    ... You can set impersonation ON and use NTFS permissions on the files. ... should also use Code Access Security to specify what folders the plugin will ... Plugin assemblies are loaded ...
    (microsoft.public.dotnet.security)
  • Re: Side-by-side, within an app
    ... If u would have a peek through link send by me on msdn, then it clearly states about various App. ... Define Qualify Assembly parameter in config file with complete details. ... Get ur assemblies only in GAC, ... each AppDomain has its PrivateBinPath set to the folder of the plugin? ...
    (microsoft.public.dotnet.framework.clr)