Questions and observations about CAS and the StrongNameIdentityPermssionAttribute.

From: John Sheppard (John.Sheppard_at_newsgroups.nospam)
Date: 08/30/05


Date: Tue, 30 Aug 2005 12:19:48 -0500

Hi Folks,

            Hope someone out there can shed some light on this for me. I'm
having trouble figuring out how to correctly use security attributes, in
particular StrongNameIdentityPermssionAttribute. I apologize upfront for
the long winded nature of this post but I am trying to be clear on my
intent.

            Let put some context to the problem before I start to ask
question. Application consists of multiple assemblies with the controlling
assembling being an executable. The following is all pseudo code to
illustrate how things are configured.

ExecutableA.exe is signed with keyFileA.snk

ComponentB.dll is signed with keyFileB.snk

ComponentC.dll is signed with keyfileC.snk

ComponentC has two classes:

namespace ComponentC

{

[StrongNameIdentityPermissionAttribute(SecurityAction. InheritanceDemand,

 PublicKey="Public Key of keyFileB.snk"]

public class RestrictrictedObjectInheritance

{

            // constructor here

            public void UnrestrictedFunctionA()

            {}

            [StrongNameIdentityPermissionAttribute(SecurityAction.
LinkDemand,

            PublicKey="Public Key of keyFileA.snk"]

            public virtual void RestrictrictedFunctionB()

            {}

}

public abstract class RestrictedFunctionOverideObject

{

            // constructor here

public void UnrestrictedFunctionB()

            {}

[StrongNameIdentityPermissionAttribute(SecurityAction. InheritanceDemand,

 PublicKey="Public Key of keyFileB.snk"]

            public virtual void RestrictedFunctionC()

            {

            }

}

}

Now ComponentB has three classes

namespace ComponentB

{

[StrongNameIdentityPermissionAttribute(SecurityAction. SecurityAction.
LinkDemand,

 PublicKey="Public Key of keyFileA.snk"]

            public class RestrictedObjectA

            {

                        public void DoSomeWork()

{

}

            }

public class OverrideRestrictrictedObjectInheritance :
RestrictrictedObjectInheritance

{

            public override void RestrictrictedFunctionB()

{

}

}

public class InheritRestrictedFunctionOverideObject :
RestrictedFunctionOverideObject

{

            public override void RestrictedFunctionC()

{

}

}

}

Okay now for what I expect.

1. Only assemblies signed with the private key counterpart of the
public key contained in keyFileB.snk can inherit from
RestrictrictedObjectInheritance.

2. If RestrictrictedObjectInheritance is instantiated directly only
assemblies that are signed with the counterpart of the public key contained
in keyFileA.snk can invoke RestrictrictedObjectInheritance.
RestrictrictedFunctionB.

3. Only assemblies signed with the private key counterpart of the
public key contained in keyFileB.snk can override
RestrictedFunctionOverideObject. RestrictedFunctionC but any object
inheriting from RestrictedFunctionOverideObject can override
UnrestrictedFunctionB.

4. Only assemblies signed with the private key counterpart of the
public key contained in keyFileA.snk can instantiate and/or use ComponentB.
RestrictedObjectA.

Now for what I observed:

1. This held true.

2. If I signed ExecutableA with keyFileA.snk or any other key for that
matter and I try to instantiate RestrictrictedObjectInheritance I get a
security exception. Anyone know why this would be?

3. This holds true for the first part of the statement but throws an
exception if I try to override RestrictedFunctionOverideObject.
UnrestrictedFunctionB.

4. This holds true.

Can anyone give me any insight as to why items 2 & 3 would be failing like
they are? If I have not provided enough information let me know and I'll
try to clarify. The reason for all the convoluted permissions is because
this is a plugin framework and somethings can be overridden in base classes
and some can't and some functions and objects can only be
called/instantiated by the plug in framework while others are completely
unrestricted.

Thanks for any advice,

John

-- 
Life should NOT be a journey to the grave with the intention of
arriving safely in an attractive and well preserved body, but rather
to skid in sideways, chocolate in one hand, martini in the other, body
thoroughly used up, totally worn out and screaming "WOO HOO what a
ride!" 


Relevant Pages