Getting Permission set of the assembly

The basics of CAS is whenever any code is being executed in managed world the .NET runtime verifies whether that code is allowed or not based on evidence and set of permissions. Two important things that are very much importance to the framework is:


* Evidence:- From where the code comes? Is the code managed or unmanaged.

* Permissions:- The permission set on which the code executes.


Permissions and Permission Sets

Permission is what a code can do with particular resource like File, Registry etc., and Permission Set is collection of permission.



Policy Levels

NET System comes up with 4 Policies that are Enterprise , Machine User, and AppDomain (which can be done through programmatically). Each policy has multiple code groups and multiple permission sets.They have the hierarchy given below.





Enterprise : All managed code in an enterprise setting.

Machine: All managed code on the computer.

User: Code in all processes associated with the current user.

Application Domain: Managed code in the host's application domain.



Example:- To get the permission set of Current Assembly.



Form13.cs



using System;

using System.Collections.Generic;

using System.ComponentModel;

using System.Data;

using System.Drawing;

using System.Text;

using System.Windows.Forms;

using System.Threading;

using System.Diagnostics;

using System.Reflection;

using System.Security;

using System.Security.Policy;

using System.Security.Permissions;

using System.Collections;



namespace _CSharpApplication

{

public partial class Form13 : Form

{

//NAME OF THE BUILD_IN NAMED PERMISSION SET FOR FULLTRUST.

const string sFullTrust = "FullTrust" ;

static PermissionSet finalSet = new NamedPermissionSet ( "FinalAssemblySet" );

static PermissionSet permSet = null ;

//FIND OUT WHETHER THIS ASSEMBLY IS FULLTRUST PERMISSIONS.

static bool fullTrust = true ;

public Form13()

{

InitializeComponent();

}

private void Form13_Load( object sender, EventArgs e)

{

}

//FIGURE OUT THE CODEGROUP AND THE POLICY LEVEL OF THE ASSEMBLY.

static bool isResGroups( CodeGroup _codeGroupparent, PolicyLevel _policyLevel)

{

NamedPermissionSet _namedPermissionSet = _policyLevel.GetNamedPermissionSet( _codeGroupparent.PermissionSetName);

if (isFullTrust(_namedPermissionSet)) return true ;

if (permSet == null ) permSet = ( PermissionSet )_namedPermissionSet;

else permSet = permSet.Union(_namedPermissionSet);

if (_codeGroupparent.Children.Count > 0)

{

foreach ( CodeGroup cp in _codeGroupparent.Children)

{

if (cp.Children.Count > 0)

isResGroups(cp, _policyLevel);

else

{

NamedPermissionSet nps2 = _policyLevel.GetNamedPermissionSet( cp.PermissionSetName);

if (isFullTrust(nps2))

return true ;

permSet = permSet.Union(nps2);

}

}

}

//FULL TRUST CODE NOT FOUND

return false ;

}

//CHECK WHETHER THE PERMISSION SET IF FULLTRUST OR NOT FOR THE CURRENT ASSEMBLY.

static bool isFullTrust( NamedPermissionSet _namedPermissionSet)

{

if (_namedPermissionSet.Name.Equals( "FullTrust" ))

return true ;

return false ;

}

//PASS THE PERMISSION SET AND LISTBOX AS ARGUMENT TO THE FUNCTION.

static void getOutput( PermissionSet _permissionSet, ListBox _listBox)

{

IEnumerator psEnumerator = _permissionSet.GetEnumerator();

while (psEnumerator.MoveNext())

_listBox.Items.Add(psEnumerator.Current);

}

private void button1_Click( object sender, EventArgs e)

{ //Fetching the Permission Set of the Assembly

lstPermission.Items.Add( "List of permissions assign to current assembly" );

IEnumerator policy = SecurityManager .PolicyHierarchy();

while (policy.MoveNext())

{

PolicyLevel currentLevel = ( PolicyLevel )policy.Current;

CodeGroup group = currentLevel.ResolveMatchingCodeGroups ( Assembly .GetExecutingAssembly().Evidence);

fullTrust &= isResGroups(group, currentLevel);

if (!fullTrust)

{

if (finalSet == null ) finalSet = permSet;

else finalSet = finalSet.Intersect(permSet);

permSet = null ;

}

else

{

lstPermission.Items.Add( "Current Level-" + currentLevel.Label + " || " + "Group--" + group.Name + " || " + "Group Policy--" + group.PermissionSetName);

}

}

if (fullTrust)

lblMode.Text = "Assembly is running in full-trust mode." ;

else

getOutput(finalSet, lstPermission);

}

}

}



Comments

Guest Author: Tasqia02 May 2012

Pretty neat idea, I bet you could use a dynamic QR code to send people different information depending on what time of day that it is. That way Jack in the box could target the late night drinkers with breakfast sandwiches and the early morning commuters with coffee.



  • Do not include your name, "with regards" etc in the comment. Write detailed comment, relevant to the topic.
  • No HTML formatting and links to other web sites are allowed.
  • This is a strictly moderated site. Absolutely no spam allowed.
  • Name:
    Email: