Re: CASPOL - StrongName trusts not being applied



"Nicole Calinoiu" <calinoiu REMOVETHIS AT gmail DOT com> wrote in message
news:95044A7F-0508-4096-A3B6-017BA604AEAF@xxxxxxxxxxxxxxxx
If your assembly has SecurityPermission\Assertion permission as well as
the permission being demanded (as evaluated under the CAS policy settings
only), the assertion will prevent the call stack walk from reaching the
app domain boundary, so the lesser permission set assigned at the app
domain level will be irrelevant. If you need to convince yourself that
this works, why not just go ahead and try it?

I'm in the process of doing so, but there are a lot of 'entry' points to
nail down.

So maybe I am misunderstanding the goal of the assert and what the problem
is.

So, initially, the AppDomain is loaded, and as it in itself has no strong
name, we get the LocalIntranet zone permissions. Our assembly is then
loaded into the AppDomain, with the same permission set. However, by
putting an Assert in there, the CLR (I assume this is where the security
check is done?) will recognize that this particular assembly actually
matches the Strong Name condition, and allow it to perform the actions?

--
Adam Clauss


.



Relevant Pages

  • Re: security/strong name/zones clarification needed
    ... Does the Assert code go in its ... >this AppDomain needs to be setup before your assembly can ... >will recieve the permission grant you expect (in this ... All my assemblies are strong named. ...
    (microsoft.public.dotnet.security)
  • Re: security/strong name/zones clarification needed
    ... Does the Assert code go in its ... >>this AppDomain needs to be setup before your assembly can ... >>will recieve the permission grant you expect (in this ... All my assemblies are strong named. ...
    (microsoft.public.dotnet.security)
  • Re: AppDomain and SecurityPermission
    ... In practice, Deny just stops the stackwalk, but it does not change the ... assembly grant set [and assembly can assert everything that it was granted]. ... So, if you want to create an AppDomain with restricted Security in it, you ... will need to create a permission set with all the permissions your ...
    (microsoft.public.dotnet.security)
  • Re: Identity Permission and Code Access Permission classes
    ... I'm working on a several-part blog series on Assert ... however a lot of the concepts will apply to the other stack modifiers as well. ... >Subject: Re: Identity Permission and Code Access Permission classes ... and you want to protect its contents from modification by ...
    (microsoft.public.dotnet.security)
  • Re: Code Acess Security
    ... I don't entirely understand the Assert function either, ... this line in the documentation: "Assert is only effective for granted ... > 2) I have tried to change the Permission Set for All_Code code group to ...
    (microsoft.public.dotnet.security)