Security in .NET

Encode QR Code in .NET Security

Sub RealMain(ByVal args() As String) Here you can use strongly typed references to types in the assemblies. End Sub

Using the LoadFrom method to assign a custom evidence object works only with DLLs. Loading an .exe assembly with custom evidence requires a technique based on the AppDomain.ExecuteAssembly method:

(This code assumes that EV is a custom evidence object.) Dim appdom As AppDomain = AppDomain.CreateDomain( newappdom ) appdom.ExecuteAssembly( AnotherAssembly.exe", ev)

You already know that a stack walk is performed whenever you access one of the sys tem resources that are protected with a permission object (for example, the file sys tem). The stack walk ensures that all the assemblies in the call chain have the permission to access the resource. Most of the CAS-related code you ll write in your applications has to do with stack walks. You can affect how stack walks are performed by adopting imperative or declarative coding style. In the former case, you create permission objects and then invoke one of their methods; in the latter case, you apply security attributes at the class or method level.

All the permission objects in the .NET Framework expose the Demand method, which forces a stack walk to verify that all callers have that specific permission and throws a security exception if this isn t the case. You can use the Demand method to verify that your code has been granted the permission to access a given resource:

Verify that code has unrestricted permission on the registry. Dim regPerm As New RegistryPermission(PermissionState.Unrestricted) Try regPerm.Demand() Console.WriteLine( Access to registry is granted. ) Catch ex As Exception Console.WriteLine( Access to registry is forbidden. ) End Try

A permission object can only test CAS-related constraints, not ACL-related permissions enforced by the operating system. For example, your executable is prevented from reading or writing to the registry if it is running under a user account that doesn t have enough privileges to do so, even if CAS settings allow registry access. You can encapsulate a Demand method in a function that checks whether a given permission is available:

Part VII:

Function IsFilePermissionGranted() As Boolean Try Dim filePerm As New FileIOPermission(PermissionState.Unrestricted) filePerm.Demand() Return True Catch ex As Exception Return False End Try End Function

You might wonder why you should force a stack walk with a Demand method instead of just waiting for the exception to be thrown when the code accesses the protected resource. There are actually a few reasons why an induced stack walk is desirable or even necessary. For example, knowing whether your code can access the file system or the printer lets you create a more consistent user interface. (End users prefer to know immediately that they can t save or print a document rather than discovering this limi tation after hours of editing work.) Here s another case where the Demand method is not only useful, it s also essential to enforce security correctly. Let s suppose you ve written the following method, which reads an .ini file and caches it in a string variable:

Shared iniText As String Function GetIniFile() As String Read the .ini file only if it hasn t been cached already. If iniText Is Nothing Then Dim sr As New StreamReader( C:\myapp\data.ini ) iniText = sr.ReadToEnd() sr.Close() End If Return iniText End Function

Let s say that the GetIniFile method is invoked by a fully trusted caller. The reference to the StreamReader object causes a stack walk, which succeeds because the caller has the right to access the file system. So far, so good. Can you predict what happens if an assembly with no permission on the file system calls the GetIniFile method now The call should fail but it doesn t because the code returns a value without using the StreamReader object and without causing a stack walk. To fix this security hole, you must make an explicit demand for permission: