Introduction
Introduction to Code Access Security
Following are basic operations of CAS
1)CLR Authenticate the code at the time of load operation
I.e. CLR uses evidence about the code to find the group that the code belongs to.
2)After identifying the code group , permissions are assigned to the code group and then the code is allowed to execute.
3)While executing the code permissions are checked at appropriate time to restrict the actions that the code can take. If the code takes a restricted action then Security Exception is thrown.
I have used the word ‘code ‘in the above listings, we need to define code in terms of security.
What is code?
Code when referring to the security on .net frame work, refers to a single assembly.
(A complete under standing of assembly is required here to proceed)
So
Code = Assembly
What it means ?
It means
All of the code in a single assembly will share the same security identity as well as the same permissions at runtime.
Assembly can be recognized as a unit of security; hence application with a single assembly can have multiple security identities. This is because any simple assembly in dot net uses code from BCL assemblies.
Since CAS deals with code in terms of assemblies, it is possible for code running in the same application to have different security permissions
Note: Assemblies comprising the BCL will have very high privileges in terms of CAS.
Have you heard of Demand? Demand is the corner stone of CAS. Lets see this in my next article .NET Security -3
Summary
Note this very important point ,
Assembly can be recognized as a unit of security; hence application with a single assembly can have multiple security identities. This is because any simple assembly in dot net uses code from BCL assemblies.
|
No responses found. Be the first to respond and make money from revenue sharing program.
|