CAS, mixing assembly (RequestOptional) and method permissions

Collapse
This topic is closed.
X
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • codefragment@googlemail.com
    #1

    CAS, mixing assembly (RequestOptional) and method permissions

    Hi
    (Second CAS question)

    At the assembly level I have:

    [assembly: PermissionSet(S ecurityAction.R equestOptional)]

    at the method level I have

    [ReflectionPermi ssion(SecurityA ction.Demand,
    Flags=Reflectio nPermissionFlag .RestrictedMemb erAccess,
    RestrictedMembe rAccess=true)]

    my method is empty.

    However this gives me this message:

    Request for the permission of type "..ReflectionPe rmission..." failed

    Can you mix and match these permissions? I thought the method level
    permission was an explicit Demand for the security so would be ok?

    thanks
    Tags: None
    • codefragment@googlemail.com
      #2
      Re: CAS, mixing assembly (RequestOptiona l) and method permissions

      Also, this might be useful for other people to know as its taken a
      while to get this working

      (1) Permissions at the policy level (user/machine/enterprise) are
      intersected
      (2) Permissions at the Code group level (regardless of if nested) are
      union'd

      assuming they are applicable to your assembly of course

      So, in practice, how can I make my assembly more or less secure?

      (1) To make it more secure add a new code group which applies to just
      your assembly. Once you've created it right click on it, properties,
      and click on the first checkbox you can see. This means only the
      permissions you see here are applicable, others are ignored
      (2) To make it less secure just add a new Code Group which applies
      just to your assembly. The permissions you add will get union'd with
      the others to make it less secure

      Last thing, how can you refer to your assembly? One of 2 ways
      (1) StrongName (purely for testing)

      // run this in Visual Studio command prompt, place the new file where
      the application can see it
      sn -k PublicPrivatePa ir.snk

      // add these attributes to the AssemblyInfo.cs file
      [assembly: AssemblyDelaySi gn(false)]
      [assembly: AssemblyKeyFile ("PublicPrivate Pair.snk")] (this is
      deprecated but it does the job for testing)

      (2) By URL, e.g. file://C$/<rest of path to your executables filename)

        Comment

        Previous template Next
        Working...