Re: Custom Security Permission & Security Attribute troubles

From: Dominick Baier [DevelopMentor] (dbaier_at_pleasepleasenospamdevelop.com)
Date: 09/09/05 

Date: Fri, 09 Sep 2005 03:55:39 -0700

Hello Angelos Karantzalis" akarantzalis[at]yahoo.com,

in addition to SNing, installing in the GAC, applying [Serializable] and
[AllowPartiallyTrustedCallers], you have to install the assembly containing
the permission and attribute in the "policy assemblies" list by using mscorcfg.msc
or programmatically - i have some code that describes the progammatic way
on my blog:

http://www.leastprivilege.com/PolicyAssembliesHeadaches.aspx

---------------------------------------
Dominick Baier - DevelopMentor
http://www.leastprivilege.com

> Hi guys,
>
> I'm trying to write a library that will allow me to add a custom
> permission for my applications (let's call it ApplicationPermission
> for now), and a custom security attribute to support declarative
> syntax.
>
> I've gone about this, creating my ApplicationPermission class, derived
> from CodeAccessPermission, implementing the IUnrestrictedPermission as
> well. Marked Serializable also.
>
> I've derived my custom attribute from CodeAccessSecurityAttribute, in
> order to use the following declarative syntax:
> [ApplicationPermission(SecurityAction.Demand, ActionName="test",
> PrincType = PrincipalType.User, PrincipalNames = "username")]
>
> Now, my library compiles fine, but when I try to compile my little
> test app,
> I get an error like:
> "C:\projects\SecurityContextTest\Class1.cs(23): Error emitting
> 'SecurityContext.ApplicationPermissionAttribute' attribute --
> 'Unexpected
> exception processing attribute -- System.NullReferenceException:
> Object
> reference not set to an instance of an object..'"
> I'm including the code of my custom attribute here:
>
> using System;
> using System.Security;
> using System.Security.Permissions;
> namespace SecurityContext
> {
> /// <summary>
> /// ApplicationPermissionAttribute defines a declarative attribute to
> be
> used inside code that
> /// requires ApplicationPermissions defined declaratively.
> /// </summary>
> [AttributeUsage(AttributeTargets.All, Inherited = false, AllowMultiple
> =
> true)]
> public class ApplicationPermissionAttribute :
> CodeAccessSecurityAttribute
> {
> private string m_ActionName;
> private string[] m_PrincipalNames = null;
> private PrincipalType m_PrincipalType;
> public ApplicationPermissionAttribute(SecurityAction action) :
> base(action) {
> // Do nothing here ...
> }
> /// <summary>
> /// ActionName accessor
> /// </summary>
> public virtual string ActionName {
> get {
> return m_ActionName;
> }
> set {
> m_ActionName = value;
> }
> }
> /// <summary>
> /// PrincipalNames accessor
> /// </summary>
> public virtual string PrincipalNames {
> get {
> System.Text.StringBuilder sb = new
> System.Text.StringBuilder();
> foreach(string principal in m_PrincipalNames)
> sb.Append(principal+",");
> return sb.ToString();
> }
> set {
> m_PrincipalNames = value.Split(new char[] {','});
> }
> }
> /// <summary>
> /// PrincipalType accesssor (User,Role)
> /// </summary>
> public virtual PrincipalType PrincType {
> get {
> return m_PrincipalType;
> }
> set {
> m_PrincipalType = value;
> }
> }
> public new bool Unrestricted {
> get {
> return false;
> }
> set {
> // Do nothing
> }
> }
> public override IPermission CreatePermission(){
> Console.Out.WriteLine("Creating a new ApplicationPermission");
> return new ApplicationPermission(m_ActionName,
> m_PrincipalNames,
> m_PrincipalType);
> }
> }
> }
> .. now, originally I've went about by deriving from SecurityPermission
> & SecurityAttribute. However, although my two projects compiled ok,
> the attribute wasn't being emitted (just a guess), so the call to
> Demand() on my custom permission was never being made. That's why I
> switched to deriving from the CodeAccessSecurityPermission &
> CodeAccessSecurityAttribute, signed my assembly & put it in the GAC
> ... and all sorts of problems followed, until I've hit the wall with
> the one I've described in the beginning :(
>
> Is there anybody out there who could possibly shed some light on my
> dark
> coding day ?
> Cheers,
> Angel
> O:]

Relevant Pages

  • Re: security/strong name/zones clarification needed
    ... Does the Assert code go in its ... >>this AppDomain needs to be setup before your assembly can ... >>will recieve the permission grant you expect (in this ... All my assemblies are strong named. ...
    (microsoft.public.dotnet.security)
  • Re: assembly doesn permit partially trustets calls
    ... To mitigate the risk, think very carefully about the permissions that you assign to the application running on the file share so that it permits exactly and only the request to satisfy the permission demand, block everything else. ... we can give all the assemblies in the ... Microsoft Online Community Support ...
    (microsoft.public.dotnet.framework)
  • RE: CAS prevents call to ConvertTo used by custom TypeConverter
    ... the InstanceDescriptor code path is called even at runtime. ... In the .ConvertTo method, this block: ... So for our custom asp.net web control, ... > | The following is a list of types within these APTCA decorated assemblies ...
    (microsoft.public.dotnet.framework.aspnet.buildingcontrols)
  • Re: security/strong name/zones clarification needed
    ... Does the Assert code go in its ... >this AppDomain needs to be setup before your assembly can ... >will recieve the permission grant you expect (in this ... All my assemblies are strong named. ...
    (microsoft.public.dotnet.security)
  • Re: security/strong name/zones clarification needed
    ... Dim zz As New System.Security.PermissionSet ... >> When assemblies are ... >>>needs to host the CLR, it creates an AppDomain, but due ... >>>will recieve the permission grant you expect (in this ...
    (microsoft.public.dotnet.security)