Re: Permissions granted based on assembly and user
From: /kim/birkelund/aka/sekhmet (msnews_at_sekhmet.dk)
Date: 06/29/04
- Next message: Danny van Kasteel: "Ho do I present custom evidence of authentication to a server?"
- Previous message: rasta: "Re: app lease/licensing"
- In reply to: Telmo Sampaio: "Re: Permissions granted based on assembly and user"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 29 Jun 2004 08:24:32 +0200
Unfortunately impersonation and NFTS permissions is out of the question for
this scenario. Concerning code access security; that is actually the core of
the problem: setting the Policy for specific assemblies through the
SecurityManager isn't a problem, and that works as it should.
But can I make two CodeGroups and using some kind of MembershipCondition
have an assembly fall in the first group if user 1 is logged in and the
other group if user two is logged in? Keeping in mind that the system could
be handling request from both users simultaneously, so reconfiguring the
policy when the request begins wouldn't work.
"Telmo Sampaio" <telmo_sampaio@hotmail.com> wrote in message
news:uRF7PEYXEHA.3676@TK2MSFTNGP09.phx.gbl...
> You can set impersonation ON and use NTFS permissions on the files. You
> should also use Code Access Security to specify what folders the plugin
> will be able to use.
>
> Check out
> http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnbda/html/authaspdotnet.asp
>
> Telmo Sampaio
> tsampaio@gmail.com
> "/kim/birkelund/aka/sekhmet" <msnews@sekhmet.dk> wrote in message
> news:%23$nst0NXEHA.2844@TK2MSFTNGP11.phx.gbl...
>> Hi
>>
>> Considering a multiuser system that supports server-side plugins, where
>> users have access to different parts of the system through the same
>> plugins, I'd like to know if the following situation can be solved using
>> built-in .Net security functionality:
>>
>> We have a plugin P, and two users U1 and U2. For simplicity lets say that
>> P is a plugin that reads the content of a file and outputs it to the
>> users. U1 and U2 have access to different files, and it's important that
>> user U1 can't read user U2's files and vice versa. When U1 is logged in P
>> should be allowed only to access the files U1 has access to, so that a
>> badly written or malicious plugin is unable to, by accident or
>> purposfully, output the content of U2's files to U1.
>>
>> I know you can load an assembly and set its permissions, based on its
>> location, evidence or something else. But I'd like a way to give an
>> assembly different permissions based on the current user logged in.
>> Obviously this wouldn't be a problem if the assembly was loaded each time
>> a user logged in, but that isn't the case. Plugin assemblies are loaded
>> once when the system starts, and the system can have multiple users
>> working at the same time.
>>
>> In short: is there a way to grant an assembly different sets of
>> permissions at the same time based on something apart from the assembly
>> it self?
>>
>>
>> ----------------------------------------------------
>> /kim/birkelund/aka/sekhmet
>>
>
>
- Next message: Danny van Kasteel: "Ho do I present custom evidence of authentication to a server?"
- Previous message: rasta: "Re: app lease/licensing"
- In reply to: Telmo Sampaio: "Re: Permissions granted based on assembly and user"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
