Re: cutome Code Access Permission Attribute Problem

From: Dominick Baier [DevelopMentor] (dbaier_at_pleasepleasenospamdevelop.com)
Date: 11/03/05

  • Next message: Pieter: "mission impossible: How to protect a Sql Server (with VB.NET) from somebody who as administrator rights?" 
    Date: Wed, 02 Nov 2005 23:14:22 -0800

    Hello Sanjaya,

    have you looked at the source with Reflector??

    PrincipalPermission does NOT derive from CodeAccessPermission - BUT implements
    IPermission.

    ---------------------------------------
    Dominick Baier - DevelopMentor
    http://www.leastprivilege.com

    > hi,
    >
    > you are correct . I only need to implement something similar to
    > PrinciplePermission, but with a different implementation of Demand()
    > method.
    >
    > I found out following things.
    >
    > The same code get built in VS 2005.(on framework 2)
    > even if it complied, since the Demand method is not abstract or
    > virtual, it
    > calls the base class's(CodeAccessPermissons) Demand ()when the
    > attribute is
    > set .
    > I wonder why it get complied in 2005 and not in 2003. and again any
    > work around for this?
    >
    > Best regards
    > Sanjaya
    > "Dominick Baier [DevelopMentor]"
    > <dbaier@pleasepleasenospamdevelop.com> wrote in message
    > news:4256546011781d8c7a42e562a4690@news.microsoft.com...
    >
    >> Hello Sanjaya,
    >>
    >> you are not really building a code access permission, because you
    >>
    > implemented
    >
    >> demand yourself - you are not doing a stack walk here - what you are
    >>
    > trying
    >
    >> to build is something like PrincipalPermission.
    >>
    >> grab a copy of reflector (www.aisto.com/roeder) and have a look at
    >>
    > System.Security.Permissions.PrincipalPermission
    >
    >> and see how MS does it.
    >>
    >> e.g. you only have to derive from IPermission, ISecurityEncodable
    >>
    >> my From/To Xml looks like this:
    >>
    >> public void FromXml(SecurityElement e)
    >> {
    >> string oid = e.Attribute("OperationID");
    >> this._operationId = Convert.ToInt32(oid,
    >> CultureInfo.InvariantCulture);
    >> }
    >> public SecurityElement ToXml()
    >> {
    >> SecurityElement element = new SecurityElement("IPermission");
    >> Type type = this.GetType();
    >> StringBuilder AssemblyName = new
    >> StringBuilder(type.Assembly.ToString());
    >> AssemblyName.Replace('\"', '\'');
    >> element.AddAttribute("class", type.FullName + ", " + AssemblyName);
    >> element.AddAttribute("version", "1");
    >> element.AddAttribute("OperationID",
    >>
    > _operationId.ToString(CultureInfo.InvariantCulture));
    >
    >> return element;
    >> }
    >> ---------------------------------------
    >> Dominick Baier - DevelopMentor
    >> http://www.leastprivilege.com
    >>> Hi Dominick,
    >>>
    >>> Yes it is 1.1 and i have added it to the "policy assembly" as well.
    >>>
    >>> I'm not sure if it is something to do with the de/serialization in
    >>> FromXml/ToXml. attached here is my code. pls see if you can find wny
    >>> errors.
    >>>
    >>> Best Regards
    >>> Sanjaya
    >>> "Dominick Baier [DevelopMentor]"
    >>> <dbaier@pleasepleasenospamdevelop.com> wrote in message
    >>> news:42565460115b5f8c7a37ad0e31550@news.microsoft.com...
    >>>> Hello Sanjaya,
    >>>>
    >>>> is this 1.1 ?
    >>>>
    >>>> if yes- the assembly containig the perm and attr must be in the
    >>>> "policy
    >>>>
    >>> assembly"
    >>>
    >>>> list in mscorfg.msc.
    >>>>
    >>>> Your error sounds like a problem with de/serialization in
    >>>> FromXml/ToXml.
    >>>>
    >>>> ---------------------------------------
    >>>> Dominick Baier - DevelopMentor
    >>>> http://www.leastprivilege.com
    >>>>> Hi
    >>>>>
    >>>>> I have implemented a custom code access permission class and a
    >>>>> corresponding attribute class. I have inherited my permission
    >>>>> class from CodeAccessPermission and the attribute class from
    >>>>> CodeAccessSecurityAttribute class.
    >>>>>
    >>>>> I have assign a strong name to the assembly and deploy it to GAC.
    >>>>>
    >>>>> when I try to use my custom permission class for imperative
    >>>>> check, it happens successfully. but when I try to use the
    >>>>> attribute
    >>>>> class(MyPermissionAttribute) for declarative check, the
    >>>>> application
    >>>>> give following compilation error.
    >>>>> "C:\MyTestApp\Form1.cs(197): Error emitting
    >>>>> 'MySecurity.MyPermissionAttribute' attribute -- 'Unexpected
    >>>>> exception processing attribute -- System.ArgumentNullException:
    >>>>> Value cannot be null. Parameter name: child.'
    >>>>> can anyone pls help me to with this?
    >>>>>

  • Next message: Pieter: "mission impossible: How to protect a Sql Server (with VB.NET) from somebody who as administrator rights?"

    Relevant Pages

    • Re: Security Attribute on Event?
      ... >.net 's PrincipalPermission attribute in asp.net app, ... >programmatically use PrincipalPermission class instance to demand the ... Is it only happen when you apply the security demand on ... >a helper function rather than control's event handler function? ...
      (microsoft.public.dotnet.framework.aspnet)
    • Re: Security Exception
      ... > the connecting users according to the Local Users and Groups on ... > permission = permission.Union(new PrincipalPermission(null, ... Demand() method does. ... or not the role and ID of the PrincipalPermission match ...
      (microsoft.public.dotnet.framework.aspnet)
    • RE: Security Attribute on Event?
      ... Regarding on the program on using Declarative role based security through ... ..net 's PrincipalPermission attribute in asp.net app, ... programmatically use PrincipalPermission class instance to demand the ... a helper function rather than control's event handler function? ...
      (microsoft.public.dotnet.framework.aspnet)
    • Quantcast