Re: Medium Level Trust and Reflection

From: Nicole Calinoiu (calinoiu)
Date: 02/26/05 

Date: Sat, 26 Feb 2005 09:29:39 -0500

Even with approach (b), assertion will most likely be required due to
ASP.NET's dynamic page compilation.

""Shawn Farkas [MS]"" <shawnfa@online.microsoft.com> wrote in message
news:F1BGzV6GFHA.2164@TK2MSFTNGXA02.phx.gbl...
> Hi Paul,
>
> Looks correct to me :-) Although you won't need Assertion permission if
> you go route b, since, if I understand your scenario correctly, you no
> longer will need to Assert any permissions.
>
> -Shawn
> http://blogs.msdn.com/shawnfa
> --
> This posting is provided "AS IS" with no warranties, and confers no
> rights.
>
>
> Note:
> For the benefit of the community-at-large, all responses to this message
> are best directed to the newsgroup/thread from which they originated.
> --------------------
>> From: "Paul Hatcher" <phatcher@spamless.cix.co.uk>
>> References: <Oy8Y4M1GFHA.2744@tk2msftngp13.phx.gbl>
> <u3y8$I4GFHA.3352@TK2MSFTNGP10.phx.gbl>
> <#1XfeZ4GFHA.3088@tk2msftngp13.phx.gbl>
> <#zmyks4GFHA.576@TK2MSFTNGP15.phx.gbl>
> <#VfQqN5GFHA.3272@TK2MSFTNGP10.phx.gbl>
>> Subject: Re: Medium Level Trust and Reflection
>> Date: Sat, 26 Feb 2005 00:54:08 -0000
>> Lines: 77
>> X-Priority: 3
>> X-MSMail-Priority: Normal
>> X-Newsreader: Microsoft Outlook Express 6.00.3790.224
>> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.224
>> Message-ID: <#vGgt25GFHA.2860@TK2MSFTNGP12.phx.gbl>
>> Newsgroups: microsoft.public.dotnet.security
>> NNTP-Posting-Host: lan2.phatch.adsl.alcom.co.uk 212.47.82.102
>> Path:
> TK2MSFTNGXA02.phx.gbl!TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP1
> 2.phx.gbl
>> Xref: TK2MSFTNGXA02.phx.gbl microsoft.public.dotnet.security:9248
>> X-Tomcat-NG: microsoft.public.dotnet.security
>>
>> Is this correct...
>>
>> 1. Assert the Reflection permission declaratively in the code.
>> a.. Place the assembly in the GAC
>> or
>> b. Modify the web_mediumtrust.config to grant Assertion and Reflect
>> permission based on the strong name
>>
>> Paul
>>
>>
>> "Joe Kaplan (MVP - ADSI)" <joseph.e.kaplan@removethis.accenture.com>
>> wrote
>> in message news:#VfQqN5GFHA.3272@TK2MSFTNGP10.phx.gbl...
>> > That's pretty much what I thought. I wasn't sure if the code he was
>> calling
>> > that demanded the Reflection permission did a full demand or not, so I
>> > thought he should probably know about Assert as well, just in case.
>> >
>> > Thanks!
>> >
>> > Joe K.
>> >
>> > "Nicole Calinoiu" <calinoiu REMOVETHIS AT gmail DOT com> wrote in
> message
>> > news:%23zmyks4GFHA.576@TK2MSFTNGP15.phx.gbl...
>> > > Depends on whether the code that's being called makes a link demand
>> > > or
>> > > full demand. If it's a full demand, then an assertion will be
> required,
>> > > but assertion permission can be acquired by the same means as
> reflection
>> > > permission.
>> > >
>> > >
>> > > "Joe Kaplan (MVP - ADSI)" <joseph.e.kaplan@removethis.accenture.com>
>> wrote
>> > > in message news:%231XfeZ4GFHA.3088@tk2msftngp13.phx.gbl...
>> > >> Won't he need to assert the permissions he's using to if he wants to
>> > >> prevent a stack walk? That would apply in either situation (GAC or
>> > >> non-GAC) if his assembly had permissions that the rest of the
>> application
>> > >> did not by default, right?
>> > >>
>> > >> Joe K.
>> > >>
>> > >> "Nicole Calinoiu" <calinoiu REMOVETHIS AT gmail DOT com> wrote in
>> message
>> > >> news:u3y8$I4GFHA.3352@TK2MSFTNGP10.phx.gbl...
>> > >>> Have you tried adding it to the GAC? Did it work? If so, would
>> > >>> you
>> > >>> stiff
>> > >>> prefer an alternate approach? For example, you might try to alter
> the
>> > >>> web_mediumtrust.config to grant additional permissions to your
>> assembly
>> > >>> based on its
>> > >>> strong name.
>> > >>>
>> > >>>
>> > >>> "Paul Hatcher" <phatcher@spamless.cix.co.uk> wrote in message
>> > >>> news:Oy8Y4M1GFHA.2744@tk2msftngp13.phx.gbl...
>> > >>>> Is there any way of granting a specific assembly Reflection
>> permission
>> > >>>> when
>> > >>>> the web server is set to Medium level trust? The assembly is
> signed
>> > >>>> and
>> > >>>> may
>> > >>>> be placed in the GAC if necessary
>> > >>>>
>> > >>>> Paul
>> > >>>>
>> > >>>>
>> > >>>
>> > >>>
>> > >>>
>> > >>
>> > >>
>> > >
>> > >
>> >
>> >
>>
>>
>>
>

Relevant Pages

  • Re: security/strong name/zones clarification needed
    ... Does the Assert code go in its ... >>this AppDomain needs to be setup before your assembly can ... >>will recieve the permission grant you expect (in this ... All my assemblies are strong named. ...
    (microsoft.public.dotnet.security)
  • Re: Identity Permission and Code Access Permission classes
    ... I'm working on a several-part blog series on Assert ... however a lot of the concepts will apply to the other stack modifiers as well. ... >Subject: Re: Identity Permission and Code Access Permission classes ... and you want to protect its contents from modification by ...
    (microsoft.public.dotnet.security)
  • Re: Code Acess Security
    ... Assert is used to prevent a stack walk. ... - My assembly is granted permission A as well as the permission to Assert ... Note that there are some major assemblies in the ...
    (microsoft.public.dotnet.security)
  • Re: security exception for aspx page
    ... You can't just inherit, you have wrap. ... assert each permission that their code demands in order to block the stack ... you just create a permission object of the same type that is ... or just a class that delegates the functions to 3rd party control ...
    (microsoft.public.dotnet.security)
  • Re: Identity Permission and Code Access Permission classes
    ... The most common use of assert and deny is when mapping from one permission ... to making the assertion that allows the unmanaged code to be run. ... and you want to protect its contents from modification by ...
    (microsoft.public.dotnet.security)