Best IT Recipes

Using the .NET Framework Security System

I was wondering: Do any of you really use the various classes in the System.Security.Permissions namespace? I mainly develop components on the desktop / server side (i.e. No network), and the general assumption is that FullTrust is always available and testing is not performed in environments for which this is not the case. In addition to the MS source code (EnterpriseLibrary, etc.), I have yet to see the actual, used source code that uses these constructs.

Is this common, or are we an exception? I know, of course, that not doing this kind of testing is a problem on our side ...

+3
security cas code-access-security
04 Oct '08 at 8:01
source share
4 answers

The security of accessing the .NET code is more important when users run the code directly from the server via the Internet, in which case they cannot trust it to automatically do things like access to the file system. I do not know anyone who makes their code the same as this.

+3
04 Oct '08 at 8:32
source share

I use PrincipalPermissionAttribute to require user access (using roles) from the Thread Principle - it saves a lot of manual validation in my business code (obviously, the user interface should also check and disable buttons, etc. - this is just a double check for back-end).

I find the Foundational Security very versatile, especially with the ordinary Principal. But I do not use CAS material.

+3
04 Oct '08 at 8:51
source share

If you are deploying your desktop applications using ClickOnce, then a security sandbox can come into play.

+1
Oct 04 '08 at 8:11
source share

I have never seen anyone use permission, claim functionality.

I suspect that some developers are virtually unaware of the functionality.

I think it would be useful to limit calls to dangerous functions.

It will depend on what you do, but who wants to make the deployment more complicated than it already is?

+1
04 Oct '08 at 8:19
source share


More articles:


All Articles