Re: CASPOL - StrongName trusts not being applied

From: "Adam Clauss" <cabadam@xxxxxxxx>
Date: Mon, 30 Oct 2006 11:29:43 -0600

"Nicole Calinoiu" <calinoiu REMOVETHIS AT gmail DOT com> wrote in message
news:95044A7F-0508-4096-A3B6-017BA604AEAF@xxxxxxxxxxxxxxxx

If your assembly has SecurityPermission\Assertion permission as well as
the permission being demanded (as evaluated under the CAS policy settings
only), the assertion will prevent the call stack walk from reaching the
app domain boundary, so the lesser permission set assigned at the app
domain level will be irrelevant. If you need to convince yourself that
this works, why not just go ahead and try it?

I'm in the process of doing so, but there are a lot of 'entry' points to
nail down.

So maybe I am misunderstanding the goal of the assert and what the problem
is.

So, initially, the AppDomain is loaded, and as it in itself has no strong
name, we get the LocalIntranet zone permissions. Our assembly is then
loaded into the AppDomain, with the same permission set. However, by
putting an Assert in there, the CLR (I assume this is where the security
check is done?) will recognize that this particular assembly actually
matches the Strong Name condition, and allow it to perform the actions?

--
Adam Clauss

.

References:
- CASPOL - StrongName trusts not being applied
  - From: Adam Clauss
- Re: CASPOL - StrongName trusts not being applied
  - From: Nicole Calinoiu
- Re: CASPOL - StrongName trusts not being applied
  - From: Adam Clauss
- Re: CASPOL - StrongName trusts not being applied
  - From: Nicole Calinoiu
- Re: CASPOL - StrongName trusts not being applied
  - From: Adam Clauss
- Re: CASPOL - StrongName trusts not being applied
  - From: Adam Clauss
- Re: CASPOL - StrongName trusts not being applied
  - From: Nicole Calinoiu

Prev by Date: Re: COM+ Security error
Next by Date: Re: Kerberos Token Renewal
Previous by thread: Re: CASPOL - StrongName trusts not being applied
Next by thread: Re: Thread.CurrentPrincipal only set once
Index(es):
- Date
- Thread

Relevant Pages

Re: security/strong name/zones clarification needed
... Does the Assert code go in its ... >this AppDomain needs to be setup before your assembly can ... >will recieve the permission grant you expect (in this ... All my assemblies are strong named. ...
(microsoft.public.dotnet.security)
Re: security/strong name/zones clarification needed
... Does the Assert code go in its ... >>this AppDomain needs to be setup before your assembly can ... >>will recieve the permission grant you expect (in this ... All my assemblies are strong named. ...
(microsoft.public.dotnet.security)
Re: AppDomain and SecurityPermission
... In practice, Deny just stops the stackwalk, but it does not change the ... assembly grant set [and assembly can assert everything that it was granted]. ... So, if you want to create an AppDomain with restricted Security in it, you ... will need to create a permission set with all the permissions your ...
(microsoft.public.dotnet.security)
Re: Identity Permission and Code Access Permission classes
... I'm working on a several-part blog series on Assert ... however a lot of the concepts will apply to the other stack modifiers as well. ... >Subject: Re: Identity Permission and Code Access Permission classes ... and you want to protect its contents from modification by ...
(microsoft.public.dotnet.security)
Re: Code Acess Security
... I don't entirely understand the Assert function either, ... this line in the documentation: "Assert is only effective for granted ... > 2) I have tried to change the Permission Set for All_Code code group to ...
(microsoft.public.dotnet.security)