Re: Custom principles and DnsPermission.Demand()

From: andrew lowe (andrew.lowe###a-t###geac.com)
Date: 03/30/05

Next message: serge calderara: "HELP Security in .Net framework"
Previous message: Michel Gallant: "Re: IIS "secure communications"and "certificate" sections disabled"
In reply to: Joe Kaplan \(MVP - ADSI\): "Re: Custom principles and DnsPermission.Demand()"
Next in thread: Nicole Calinoiu: "Re: Custom principles and DnsPermission.Demand()"
Reply: Nicole Calinoiu: "Re: Custom principles and DnsPermission.Demand()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Wed, 30 Mar 2005 14:37:33 +1000

"Joe Kaplan (MVP - ADSI)" <joseph.e.kaplan@removethis.accenture.com> wrote
in message news:uqvnuRINFHA.1392@TK2MSFTNGP10.phx.gbl...
>I think there is some confusion here regarding how CAS works. CAS does not
>make security decisions based on who the current user is. CAS makes
>security decisions based on the permissions granted to the actual code.
>This is done at the assembly level and is based on evidence provided by the
>assembly about what it is and where it came from.
>
> Thus, changing the current IPrincipal on the thread won't affect what CAS
> is doing.
>
> So, it seems to me that you need to figure out why the code you are
> executing doesn't have DNS permissions and then figure out how to ensure
> that it has the permissions it needs.

Joe,

Thanks for your reply. The problem is that if i put a call to
Dns.GetHostByName() in the constructor of my main form it works, however in
another class which resides in another assembly the same call fails. All
assemblies have the attribute

[assembly: DnsPermission(SecurityAction.RequestMinimum, Unrestricted=true)]

I've tried stripping the project down but can't seem to find a way to
replicate what i am experiencing.

bugger.....

Next message: serge calderara: "HELP Security in .Net framework"
Previous message: Michel Gallant: "Re: IIS "secure communications"and "certificate" sections disabled"
In reply to: Joe Kaplan \(MVP - ADSI\): "Re: Custom principles and DnsPermission.Demand()"
Next in thread: Nicole Calinoiu: "Re: Custom principles and DnsPermission.Demand()"
Reply: Nicole Calinoiu: "Re: Custom principles and DnsPermission.Demand()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: .net security vs. windows security
... granted the permissions associated with that code-group. ... assemblies being digitally signed with the private ... certificates can figure quite prominently into CAS infrastructure. ... >> Generally speaking Code Access Security, ...
(microsoft.public.dotnet.security)
Re: .NET CAS vs OS security
... I was catching the SecurityException and the Exception. ... CAS won't come into play if your assembly is installed on the local file ... absolutely no interaction between CAS permissions and OS permissions. ... is layered over the top of the OS security and they are based on two totally ...
(microsoft.public.dotnet.security)
Re: .NET CAS vs OS security
... CAS won't come into play if your assembly is installed on the local file ... absolutely no interaction between CAS permissions and OS permissions. ... is layered over the top of the OS security and they are based on two totally ... Co-author of "The .NET Developer's Guide to Directory Services Programming" ...
(microsoft.public.dotnet.security)
Re: Tightening the default CAS policy
... sufficient IMHO to increase an assemblies trust permission. ... say the user is requested by a internet site to download ... permissions as any other unmanaged application thus nullifying CAS. ...
(microsoft.public.dotnet.security)
Re: Simulating an Application Pool
... The APTCA attribute as it is called is for CAS, not role-based security. ... All of the assemblies used by the web service ...
(microsoft.public.dotnet.security)