Hi there,
I don't know if anyone can help me but I've been trying to secure my VB.NET web application so that no outside applications can call my application's custom resources.
Basically I want my code to check to see if the code calling it has permission to do so. I don't want any code that hasn't been written by me to access any of these custom resources.
I've been researching CAS the last few weeks and really like the idea of using Demands to check the application stack and make sure that all the calling code has a particular key.
I understand that this works using Strong Names and Trust Levels. (I could be wrong here so if anyone knows more I'd be grateful!)
I've managed to try out this technology and have successfully used Demands on a practice project that uses all .NET technology.
BUT my web application uses a resource that is unmanaged code (not .NET). All of my attempts to use the CAS have failed because of this small but major detail.
It seems that I cannot use .NET' CAS Security features for any of my web application's resources because of this one function call to an unmanaged assembly (which I also need to secure).
Does anyone know if I'm heading in the right direction here?
Is there a way to somehow use CAS even though I reference an unmanaged code assembly ?
(I've been trying to wrap it inside a .NET wrapper class but all my attempts have failed....)
Is there a way to some how use the Interop assembly in all of this?
Is this possible?
Is there another way to do this?
Thanks in advance!
-Frinny
I don't know if anyone can help me but I've been trying to secure my VB.NET web application so that no outside applications can call my application's custom resources.
Basically I want my code to check to see if the code calling it has permission to do so. I don't want any code that hasn't been written by me to access any of these custom resources.
I've been researching CAS the last few weeks and really like the idea of using Demands to check the application stack and make sure that all the calling code has a particular key.
I understand that this works using Strong Names and Trust Levels. (I could be wrong here so if anyone knows more I'd be grateful!)
I've managed to try out this technology and have successfully used Demands on a practice project that uses all .NET technology.
BUT my web application uses a resource that is unmanaged code (not .NET). All of my attempts to use the CAS have failed because of this small but major detail.
It seems that I cannot use .NET' CAS Security features for any of my web application's resources because of this one function call to an unmanaged assembly (which I also need to secure).
Does anyone know if I'm heading in the right direction here?
Is there a way to somehow use CAS even though I reference an unmanaged code assembly ?
(I've been trying to wrap it inside a .NET wrapper class but all my attempts have failed....)
Is there a way to some how use the Interop assembly in all of this?
Is this possible?
Is there another way to do this?
Thanks in advance!
-Frinny
Comment