Re: .NET Security
- From: Mike <unknown@xxxxxxxxxx>
- Date: Tue, 02 Jun 2009 13:16:00 -0400
Thank you. I will the get updates.
Question: Does this suggest that the programming attributes and/or code groups will be applicatable now?
For example, in the DLL, which is a simple wrapper for our native WIN32 imports, I added this assembly attribute to the top:
<Assembly: AllowPartiallyTrustedCallers()>
Also, I "presumed" that from a sandboxing and security separation standpoint that installing our own code group would be the suggested method to isolated it. Is that still valid? If that make sense?
--
Henning Krause [MVP - Exchange] wrote:
Hi,.
with the latest updates (.NET 2.0 SP2 or .NET 3.5 SP1) Microsoft has relaxed security settings for the Intranet zone. You should be able to start a .NET exe file from a file share just like any other executable, provided that you have the latest updates.
Kind regards,
Henning Krause
"Mike" <unknown@xxxxxxxxxx> wrote in message news:uB$IYJ64JHA.4672@xxxxxxxxxxxxxxxxxxxxxxxHi,
I'm catching up to .NET development and I'll reached a point where the security aspects are raising a barrier to usefulness and productivity. It appears the CAS have evolved from 1.0 to present and it looks like the changing is on going. So yes, it is overwhelming to try to make sense of it all in a short period.
At the end of the day, we have a high-end secured RPC client/server framework.
Of course, the installation of the RPC server and/or RPC clients are not restricted to just local machine operations - it can be LAN or WAN as well.
I'll written a .NET SDK API class library DLL wrapping our native WIN32 API and have written new clients, some VB6 ports to .NET as well, using the new .NET DLL.
My main issue seems to be a chicken and egg issue. For the sake of illustration, given two files, and EXE and DLL
Wildcat.Net.Server.DLL <-- .NET SDK DLL
BSMiniReport.exe <-- Example .NET SDK application
installed on a shared network.
The only way I can get these to load/run is to change the Local Intranset zone security to full trust - which is fine, but we can't tell customers to do this in general. We need to sandbox our DLL and EXE to be able to run on a LAN or WAN.
I explored various security policy attributes, but none of the MSDN examples seem to work for me. Customizing/disabling the Project Security didn't seem to work as well. As long as the local intranet zone is at its default level and the EXE/DLL is on a remote drive, it yields security exception.
I wonder if this statement in a MSDN CAS design team blog explains it:
First of all, Identity permissions are granted to assemblies
by Policy not through the process of determining their Code
Groups membership, but rather as simple reflection of assembly's
identity. So you can't grant ZoneIdentityPermission for
MyComputer to a particular Code Group [e.g., Internet] via Policy
configuration. Instead, all the code "arriving" from Internet
will be automatically granted ZoneIdentityPermission for Internet
Zone, no matter how the machine code groups are set up.
Overall, I prefer to have a governing EXE or the DLL control the trust in our client/server application which is already a customer FQTA
(Fully Qualified Trusted Application). Why is .NET so restrictive (and complex) to the point that can defeat the purpose by promoting the likelihood of operators and users lowering their guard and simply turn off the security at the OS .NET RTE level?
Anyway, if possible, what attributes can I use to sandbox our application to be able to be installed and run from a FQTA Secured, Isolated shared drives?
I tried to use this simple vanilla example to figure it all out.
'File: testcas.vb
' Chicken and egg thing - need to use MSCORCFG.MSC to change the
' Intranet ZONE settings.
Imports System
Imports System.Security
Imports system.security.policy
Imports System.Security.Permissions
Imports System.Runtime.InteropServices
' exlored
#If 0 Then
<Assembly: ZoneIdentityPermissionAttribute( _
SecurityAction.RequestMinimum, _
Unrestricted:=True, _
Zone:=SecurityZone.Intranet)>
#End If
<Assembly: AllowPartiallyTrustedCallers()>
Module Module1
Structure MEMORYSTATUSEX
Public Length As Integer
Public MemoryLoad As Integer
Public TotalPhys As Long
Public AvailPhys As Long
Public TotalPageFile As Long
Public AvailPageFile As Long
Public TotalVirtual As Long
Public AvailVirtual As Long
Public AvailExtendedVirtual As Long
End Structure
'<SuppressUnmanagedCodeSecurity()> _
Declare Ansi Function GlobalMemoryStatusEx Lib "kernel32" _
(ByRef ms As MEMORYSTATUSEX) As Boolean
'<SecurityPermission(SecurityAction.Assert, Flags:=SecurityPermissionFlag.UnmanagedCode)> _
'<StrongNameIdentityPermission(SecurityAction.LinkDemand, unrestricted:=True)> _
<ZoneIdentityPermissionAttribute(SecurityAction.Demand, Zone:=SecurityZone.MyComputer)> _
Sub DotNetSecurity()
Try
Console.WriteLine("- Step 1")
Dim ms As MEMORYSTATUSEX
Console.WriteLine("- Step 2")
ms.Length = Marshal.SizeOf(ms)
Console.WriteLine("- Step 2.1")
If GlobalMemoryStatusEx(ms) Then
Console.WriteLine("- Memory Load: {0}%", ms.MemoryLoad)
End If
Console.WriteLine("- Step 3")
Catch ex As System.Security.SecurityException
Console.WriteLine("Permission Error")
Console.WriteLine("--------------------------------")
Console.WriteLine(ex.TargetSite)
Console.WriteLine("--------------------------------")
Console.WriteLine(ex.Message)
Console.WriteLine("--------------------------------")
Console.WriteLine(ex.StackTrace)
Console.WriteLine("--------------------------------")
Catch ex As System.Exception
' React to other exceptions here.
Console.WriteLine("Permission Error 2")
End Try
End Sub
Sub main()
'Dim perm As SecurityPermission = New SecurityPermission(SecurityPermissionFlag.UnmanagedCode)
'perm.Assert()
'Dim level As PolicyLevel = Nothing
'Dim ph As System.Collections.IEnumerator = System.Security.SecurityManager.PolicyHierarchy()
'Dim sl As IList = level.NamedPermissionSets
'Dim p As StrongNameIdentityPermission = New StrongNameIdentityPermission(PermissionState.Unrestricted)
'p.Assert()
'Dim z1 As ZoneIdentityPermission = New ZoneIdentityPermission(SecurityZone.MyComputer)
DotNetSecurity()
Console.ReadKey(True)
End Sub
End Module
I tried many things, but it seems you can't run this from a share drive regardless of what the attributes used.
Is that correct?
Full trust is full trust. MS needs to stop dumbing down developers making it highly restrictive and complex and potentially more dangerous by making people turn everything off. Its not like a BAD GUY couldn't bypass .NET if they really really wanted to anyway. So why so complex? Thats a rhetorical question.
I just need to get going with .NET and this part has been a drag for the last week.
Thanks for understanding and any insights you can provide.
--
- References:
- .NET Security
- From: Mike
- Re: .NET Security
- From: Henning Krause [MVP - Exchange]
- .NET Security
- Prev by Date: Re: .NET Security
- Next by Date: Re: .NET Security
- Previous by thread: Re: .NET Security
- Next by thread: Re: .NET Security
- Index(es):
Relevant Pages
|
