Re: HOWTO Install security with CASPOL for UserControls



"ATS" <ATS@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:C9D7EEE2-1246-4ADC-A9A5-E8FDB86368F3@xxxxxxxxxxxxxxxx
<snip>
> So, with all that said, how can we setup security with CASPOL to ensure
> that
> our UserControl will always run with "Full-Trusr". Under no circumstances
> will we use a "Strong-Name", or the actualy DLL of the UserControl, or its
> name.

Have you considered using a signing key (rather than any assembly-specific
information) as part of the evidence. Given that you appear to be deploying
a commercial solution intended to be used while online, applying
authenticode signatures to your assemblies and using corresponding publisher
evidence as part of your code group evidence would seem like a reasonable
approach. (BTW, you could also use a strong name signing key as evidence
without including any assembly-specific information, but this would not be
as robust an approach as publisher evidence based on an authenticode
signature.)


> The security must be set by a URL, period. The reason for this is
> simply that the UserControl's name, (including any possible Strong Name)
> will
> change rapidly over time, as well as new UserControls will be added
> rapidly
> over time. The "Full Trust" must somehow be established by the URL.

While I would certainly recommend using URL evidence as well for this
scenario, there's nothing stopping you from using strong name or publisher
key evidence as well, even if you do want to cover multiple assemblies since
the key evidence need not specify anything that is assembly-specific.


> About the only thing I can see to do this would be these two CASPOL steps:
>
> CASPOL Command to Add Group with Full-Trust:
> caspol -enterprise -addgroup 1 -url ~~~MY-URL~~~/* FullTrust
>
> CASPOL Command to change Group with Full-Trust:
> caspol -enterprise -chggroup -url ~~~MY-URL~~~/* FullTrust

The above won't grant additional full trust to your assemblies if either the
machine or user policy further restricts those permissions. Since default
machine policy does not grant full trust to assemblies run from the internet
zone, the above will have no effect on client machines with default policy
settings.


> Please correct me, if I got the syntax wrong.

Well, there's at least one syntax problem in the above statements, but the
approach is much worse than the syntax, so why don't we focus on that
instead? ;) Assuming that what you're attempting to do did actually work,
you would be exposing your clients to considerable risk by making such a
"loose" modification to their policy. Raising CAS permissions beyond those
granted under default policy is _dangerous_, and you should probably be
seeking to protect your clients by making the most "narrow" change possible.
This would involve using the most specific evidence you possibly can for the
new code group.

For starters, the new code group should be placed under the appropriate zone
group, not the All_Code group. If your controls will be hosted on the
client's intranet, then this would presumably be the LocalIntranet_Zone
group. Otherwise, it would presumably be the Internet_Zone group. The next
step is selecting appropriate evidence. While the URL is a good start, it
should be the "lowest" common parent URL for all the controls, not your site
URL. For example, if the control assemblies are all hosted under
http://www.yoursite.com/SomeApplication/UserControls, you should use
http://www.yoursite.com/SomeApplication/UserControls/* as the URL, not
http://www.yoursite.com/*. Also, you really ought to add some sort of
signature evidence. Publisher evidence would be best, but strong name
evidence would at least be a start.


> And please provide links to
> any documentation that better explains the CASPOL, MORE SO, than the MSDN,
> if
> possible.

Caspol is just a command line tool. It sounds like you're probably looking
for a backgrounder on general CAS policy management more than on specific
caspol use. If so, you might want to take a look at the "Security Policy
Management" topic on MSDN
(http://msdn.microsoft.com/library/en-us/cpguide/html/cpconSecurityPolicyManagement.asp)
rather than the caspol topic.


.



Relevant Pages

  • Re: Is Strong Naming is Tamper-Proof?
    ... you can require a policy that requires a particular strong ... name as evidence, so unless someone had the private key the original ... >> with assemblies. ... Strong naming provides help with versioning, ...
    (microsoft.public.dotnet.security)
  • Calling a Webservice in Reflected class
    ... using Reflection from another Assembly. ... CompilerParameters parameters, Evidence evidence) at ... assemblies) at ... Typetypes, String defaultNamespace, String location, Evidence ...
    (microsoft.public.dotnet.general)
  • XmlSerialization with CLR
    ... I have created the CLR Trigger Project. ... System.Xml.Serialization.Compiler.Compile(Assembly parent, String ns, ... CompilerParameters parameters, Evidence evidence) ... CompilerParameters parameters, Assembly assembly, Hashtable assemblies) ...
    (microsoft.public.dotnet.framework.clr)
  • XSD.EXE serialization and complex type issue
    ... I used XSD.EXE to generate the helper class. ... String ns, XmlSerializerCompilerParameters xmlParameters, Evidence ... Assembly assembly, Hashtable assemblies) ...
    (microsoft.public.dotnet.xml)
  • Re: Code Access Security - Evidence
    ... This is why it is IMPERATIVE that you have a very strong CAS policy for which assemblies get the CAS permission to modify assembly evidence. ... if they have that permission, you are stating you completely trust that assembly 100% to do the right thing, and if it presents false evidence to get more permissions... ...
    (microsoft.public.dotnet.security)