|
|
|
|
|
Home
»
VB.NET
»
How to maintain a CodeGroup in Security Policy at runtime?
|
|
|
|
Total page views :
6402
|
|
Total downloads :
|
|
|
|
|
|
Similar ArticlesMost ReadTop RatedLatest
|
|
|
|
|
|
|
|
|
|
Whenever protected resources are accessed by an assembly, it's permissions are determined by the code access security system of CLR. Each permission set granted to an assembly is based on the assembly's evidence (such as its URL or publisher certificate, strong name), which in turn is based on configurable security policy.
Code groups are the building blocks of security policies. A Code Group is made of an association between an evidence value and a permission set.
- A hierarchical structure of Code Groups defines a security policy. The .NET framework comes with three different security policies: Enterprise, Machine, User. Additionally an host can define application domain-level policy by calling the AppDomain.SetAppDomainPolicy method on the System.AppDomain class. The first three policies are typically set by administrator while the latter is eventually defined by developers.
There are number of built-in permission sets as shown below.
- FullTrust
- Everything
- Internet
- LocalIntranet
- Execution
- SkipVerification
- Nothing
Let's see how to create/delete a code group at runtime.
Register CodeGroup.
We need to decide on the following while creating a code-group.
- At what level we need to set the code group?
- What evidence value is to be set?
- What permission set we need to provide for this code-group?
To access a security level.
Imports System.Security
Imports System.Reflection
Imports System.Security.Permissions
Imports System.Security.Policy
We can use SecurityManager.PolicyHierarchy()
Dim secLevels As IEnumerator = SecurityManager.PolicyHierarchy()
Dim policyMachineLevel As PolicyLevel = Nothing
Dim machineCodeGroupRoot As CodeGroup = Nothing
While secLevels.MoveNext()
Dim level As PolicyLevel = secLevels.Current '
If Not (level Is Nothing) And level.Label = "Machine" Then 'used to check whether the level is Machine Level
policyMachineLevel = level
machineCodeGroupRoot = level.RootCodeGroup
Exit While
End If
End While
Return policyMachineLevel
To provide evidence value.
We can use Assembly.GetExecutingAssembly() to get the assembly object and then we can use assembly.Evidence to get the evidence information.
Dim myAssembly As [Assembly] = [Assembly].GetExecutingAssembly()
Dim evidence As Evidence = myAssembly.Evidence
Dim enuEvd As IEnumerator = evidence.GetEnumerator()
Dim pubKey As StrongNamePublicKeyBlob = Nothing
While enuEvd.MoveNext() ' Get public key so as to use it as evidence
Dim obj As [Object] = enuEvd.Current
'It can be either of zone,url,strongname,hash
Dim sn As StrongName = obj '
'ToDo: Error processing original source shown below
If Not (sn Is Nothing) Then
pubKey = sn.PublicKey
Exit While
End If
End While
Return pubKey
Register a code-group with PublicKey as Evidence and FullTrust as PermissionSet.
Dim cdeGroupKey As StrongNamePublicKeyBlob
Dim policyMachineLevel As PolicyLevel
Dim machineCodeGroupRoot As CodeGroup
Dim myCodeGroup As New UnionCodeGroup(New StrongNameMembershipCondition(cdeGroupKey, Nothing, Nothing), New PolicyStatement(New NamedPermissionSet("FullTrust")))
'create a codegroup with public key as evidence
myCodeGroup.Description = "Code group grants full trust to all code originating from the Arsenal team"
myCodeGroup.Name = "MyGroup"
machineCodeGroupRoot.AddChild(myCodeGroup) 'add this group to the security level you have chosen
SecurityManager.SavePolicyLevel(policyMachineLevel) 'at last save the policy
To check whether a CodeGroup is present.
We can navigate through the machine level code group object to find whether the codegroup is already registered.
Dim codeGroup As CodeGroup
Dim machineCodeGroupRoot As CodeGroup
For Each codeGroup In machineCodeGroupRoot.Children
If codeGroup.Name = "MyGroup" Then
'already added
Return
End If
Next codeGroup
To delete a codegroup.
We just need to call in the above code before returning.
Dim codeGroup As CodeGroup
Dim machineCodeGroupRoot As CodeGroup
machineCodeGroupRoot.RemoveChild(CodeGroup)
NOTE: THIS ARTICLE IS CONVERTED FROM C# TO VB.NET USING A CONVERSION TOOL. ORIGINAL ARTICLE CAN BE FOUND ON C# CORNER (WWW.C-SHARPCORNER.COM).
|
|
|
Login
to add your contents and source code to this article
|
|
|
|
|
|
|
|
|
|
|
|
C# Consulting is founded in 2002 by the founders of C# Corner. Unlike a traditional
consulting company, our consultants are well-known experts in .NET and many of them
are MVPs, authors, and trainers. We specialize in Microsoft .NET development and
utilize Agile Development and Extreme Programming practices to provide fast pace
quick turnaround results. Our software development model is a mix of Agile Development,
traditional SDLC, and Waterfall models.
|
|
Click here to learn more about C# Consulting. |
|
|
|
|
|
|
|
Introducing MaxV - one click. infinite control. Hyper-V Hosting from MaximumASP.
Finally – a virtual platform that delivers next-generation Windows Server 2008 Hyper-V virtualization technology from a managed hosting partner you can truly depend on. Visit www.maximumasp.com/max for a FREE 30 day trial. Hurry offer ends soon.
Climb aboard the MaxV platform and take advantage of High Availability, Intelligent Monitoring, Recurrent Backups, and Scalability – with no hassle or hidden fees.
As a managed hosting partner focused solely on Microsoft technologies since 2000, MaximumASP is uniquely qualified to provide the superior support that our business is built on. Unparalleled expertise with Microsoft technologies lead to working directly with Microsoft as first to offer IIS 7 and SQL 2008 betas in a hosted environment; partnering in the Go Live Program for Hyper-V; and product co-launches built on WS 2008 with Hyper-V technology.
|
Dynamic PDF
ceTE software specializes in components for dynamic PDF generation and manipulation. The DynamicPDF™ product line allows you to dynamically generate PDF documents, merge PDF documents and new content to existing PDF documents from within your applications.
|
Go.NET
Build custom interactive diagrams, network, workflow editors, flowcharts, or software design tools. Includes many predefined kinds of nodes, links, and basic shapes. Supports layers, scrolling, zooming, selection, drag-and-drop, clipboard, in-place editing, tooltips, grids, printing, overview window, palette. 100% implemented in C# as a managed .NET Control. Document/View/Tool architecture with many properties&events. Optional automatic layout.
|
Dundas Software
Dundas Chart for .NET is the most advanced .NET charting package available today. With an extremely complete feature set, elegant architecture and easy implementation, Dundas Chart can quickly add advanced Charting functionality to enhance and transform ASP.NET and Windows Forms applications. Whether you are implementing charting into internal projects, or building applications for clients, Dundas Chart offers advanced technology and advanced results to get the most out of data.
|
60 FREE UI Controls from DevExpress
Register for your FREE copy on over 60 free presentation controls from
DevExpress - Absolutely Free-of-Charge without any royalties or distribution
costs. Visit Devexpress.com/60 today. Free controls include advanced lists box, dropdown calendar, rich text edit, spin
edit, tab control and so much more!
DevExpress engineers feature rich presentation controls and reporting tools for WinForms, ASP.NET, WPF, and Silverlight. Our technologies help you build your best, see complex software with greater clarity and deliver compelling business solutions for Windows and the web in the shortest possible time.
|
Clickatell's SMS Gateway
Clickatell's Developer Solutions allow you to SMS enable any website or
application via a range of API's. Learn More about our API connections.
|
Microsoft Visual Studio 2010
Visualize your workspace with new multiple monitor support, powerful Web development, new SharePoint support with tons of templates and Web parts, and more accurate targeting of any version of the .NET Framework. Get set to unleash your creativity.
|
Nevron Chart for .NET 2010.1 Now Available
The leading .NET charting control now features PDF, Flash and Silverlight export, visualization of large datasets and more. Deliver true charting functionality to your BI, Scorecard, Presentation or Scientific apps. Download evaluation now.
|
Developer-Ready ASP.NET 2.0 Web Hosting with 3 MONTHS FREE
Now supporting .NET 3.0 Framework with Windows Workflow Foundation, Windows Communication Foundation (WCF), Windows Presentation Foundation (WPF), windows CardSpace (WCS)! Providing more flexibility for Developers with Web Services Support and a User/Permission Manger. Also supporting MS SQL 2005/2000 with Real-Time Backups, FREE Automated Attach .MDF Tool, FREE SQL Restore and Shrink SQL DB Tools, and SQL
|
|
|
|
|
|
|
|
|
|
|
|
|