Re: [assembly: SecurityPermission] question



sorry - :)

Hi,

and also -->DON'T<-- forget that there is a good reason why .NET has the
APTCA
attribute - you should be really sure that you want your code to be
callable from arbitrary partially trusted code.

---------------------------------------
Dominick Baier - DevelopMentor
http://www.leastprivilege.com

Hi,

and also forget that there is a good reason why .NET has the APTCA
attribute - you should be really sure that you want your code to be
callable from arbitrary partially trusted code.

Otherwise you should think about how to make sure that only the
"right" partially trusted applications can call into your code, e.g. a
custom CAS permission.

---------------------------------------
Dominick Baier - DevelopMentor
http://www.leastprivilege.com
Hi

Don't forget that the assembly in the GAC may need some assert
statements, as otherwise the whole call stack will be checked. MS
recommend that you make a demand before making an assert, and a
common design pattern is to create a custom permission for this.

Here's some samples from patterns and practices:

http://msdn.microsoft.com/practices/compcat/default.aspx?pull=/librar
y /en-us/dnnetsec/html/THCMCh09.asp

'sandboxing' is actually used for calling components that don't have
the APTCA attribute, but the example will show you how to use Assert
to stop the stack walk.

Hope this helps

"Pieter Philippaerts" wrote:

"Lloyd Dupont" <net.galador@ld> wrote in message
news:OTsSN%23nkGHA.4884@xxxxxxxxxxxxxxxxxxxxxxx
Thanks!

Speaking of that, with a strong named library in the GAC, is it
possible to grant high permission to the library itself while
requiring little permission from calling code?

Yes, that's why the GAC is there for... :-)
Starting from .NET 2.0, all assemblies that are placed in the GAC
are
granted full trust (so they can basically do anything they want).
Other
assemblies running in lower privilege domains (ie assemblies from
the
internet or intranet zone) can call into your GAC library without
requiring
any special permission (unless your library demands a specific
permission).
Of course, it's your job as a class library designer to make sure
that your
API is safe.
One gotcha though: if you want to make your library available to
partially
trusted callers, make sure you specify the
AllowPartiallyTrustedCallers attribute in the AssemblyInfo file.
Regards,
Pieter Philippaerts


.