Re: Security Policy Confusion...
From: Nicole Calinoiu (calinoiu)
Date: 10/27/04
- Next message: Mary Chipman: "Re: protecting .NET assemblies against hackers"
- Previous message: Nicole Calinoiu: "Re: System.ComponentModel.Win32Exception: Access is denied"
- In reply to: DT: "Security Policy Confusion..."
- Next in thread: DT: "Re: Security Policy Confusion..."
- Reply: DT: "Re: Security Policy Confusion..."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 27 Oct 2004 07:51:25 -0400
Permissions granted by code groups within a policy level are unioned, not
intersected, by default. This means that your assembly will be granted the
sum of all permissions permitted within the policy level, not the most
restrictive permissions defined by any single group. Since your assembly
presumably meets the membership condition for at least one other code group
(most likely My_Computer_Zone or LocalIntranet_Zone), it would be receiving
the execution permission from that other group.
To prevent permissions from other groups being granted to assemblies that
meet the membership conditions for your group, mark your group as exclusive
(see
http://msdn.microsoft.com/library/en-us/cpguide/html/cpconadministrationwithcodegroupattributes.asp
for details).
For an overview of how the .NET Framework computes a given assembly's
permissions based on policy, see
http://msdn.microsoft.com/library/en-us/cpguide/html/cpconcomputingallowedpermissionset.asp.
HTH,
Nicole
"DT" <dt@nospam.co.uk> wrote in message
news:417ec11a$0$87823$65c69314@mercury.nildram.net...
> Hi,
>
> In an effort to learn about the .NET security settings I tried a simple
> experiment. I created a noddy console application and assigned it a
> strong name. I then extracted the public key token from the assembly.
> This was all on my local disk. I then tried stop the console application
> be executed be giving it the permission set of 'Nothing' using the .NET
> configuration tool.
>
> Here are the steps I took
>
> 1) I created a new code group in the user code groups section under all
> code.
> 2) I then set the condition type to 'Strong Name' and supplied the token
> from my assembly.
> 3) I then set the permission set to 'Nothing'
>
> Once I'd completed this I tried to run the console application again, and
> it runs fine? I expected it to be denied execution rights?
>
> Can anybody help me in making sense of my mistakes / misunderstanding?
>
> Any url's to articles would be a great help!
>
> many thanks
>
> DT
>
>
>
- Next message: Mary Chipman: "Re: protecting .NET assemblies against hackers"
- Previous message: Nicole Calinoiu: "Re: System.ComponentModel.Win32Exception: Access is denied"
- In reply to: DT: "Security Policy Confusion..."
- Next in thread: DT: "Re: Security Policy Confusion..."
- Reply: DT: "Re: Security Policy Confusion..."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
