none
Permission Set RRS feed

  • Question

  • If I attonate a method with attribute [PermissionSet(SecurityAction.Demand)], what would be the impact or implications?
    Saturday, January 22, 2011 12:53 AM

Answers

  • Hi Shah,

    Using SecurityAction.Demand would instruct the runtime to throw an exception if the calling method or any calling method higher in the stack lack the required permission.

    Further you can use the PermissionSet class to define a collection of permissions that can be used within the method. For example, say you want to check if the user has permission to read from one file and write to another on the C drive.

     

     

    public void Test()
    {
        try
       
    {
           
    PermissionSet permissions = new PermissionSet(PermissionState.None);
           
    permissions.AddPermission(new FileIOPermission(FileIOPermissionAccess.Read, @"C:\PermissionNeededToRead.txt"));
            permissions.AddPermission(
    new FileIOPermission(FileIOPermissionAccess.Write, @"C:\PermissionNeededToWrite.txt"));
            permissions.Demand();
           
           
    //Should the calling method posess the permission necessary then the rest of the method follow, else a SecurityException will be thrown.

     

     

            //...
       
    }
       
    catch (SecurityException se)
        {
           
    MessageBox.Show("Insufficient priviledges" + se.Message);
        }
    }

    I am not sure whether you can use PermissionSet as a attribute.

     


    Regards Brendon Greyling
    • Marked as answer by Cookie Luo Monday, January 31, 2011 1:37 AM
    Monday, January 24, 2011 6:57 AM
  • Hi Shah,

    I see what you're getting at, from what I can tell the attribute declaration below would contain no permissions to check against, so any caller to the GetCurrentPageTitle method would succeed.

    [
    PermissionSet(SecurityAction.Demand)]

    On the downside however, If you use .Net framework's code access security a certain portion of your method will execute to the point, where the calling assembly needs permission to continue. If the caller does not have the permission required, then the runtime will throw an exception.

    Hope this helps otherwise let me know.


    Regards Brendon Greyling
    • Marked as answer by Cookie Luo Monday, January 31, 2011 1:37 AM
    Monday, January 24, 2011 8:36 PM

All replies

  • Hi Shah,

    Using SecurityAction.Demand would instruct the runtime to throw an exception if the calling method or any calling method higher in the stack lack the required permission.

    Further you can use the PermissionSet class to define a collection of permissions that can be used within the method. For example, say you want to check if the user has permission to read from one file and write to another on the C drive.

     

     

    public void Test()
    {
        try
       
    {
           
    PermissionSet permissions = new PermissionSet(PermissionState.None);
           
    permissions.AddPermission(new FileIOPermission(FileIOPermissionAccess.Read, @"C:\PermissionNeededToRead.txt"));
            permissions.AddPermission(
    new FileIOPermission(FileIOPermissionAccess.Write, @"C:\PermissionNeededToWrite.txt"));
            permissions.Demand();
           
           
    //Should the calling method posess the permission necessary then the rest of the method follow, else a SecurityException will be thrown.

     

     

            //...
       
    }
       
    catch (SecurityException se)
        {
           
    MessageBox.Show("Insufficient priviledges" + se.Message);
        }
    }

    I am not sure whether you can use PermissionSet as a attribute.

     


    Regards Brendon Greyling
    • Marked as answer by Cookie Luo Monday, January 31, 2011 1:37 AM
    Monday, January 24, 2011 6:57 AM
  • Hi Brendon,

    Thanks for the response. Sticking to your example I am not adding anything kind of permission to check for i.e. I've specied the "permissionset" as an attribute to a method, which I believe doesn't have any permission to check for as this is all that I'm specifying " [PermissionSet(SecurityAction.Demand)]". so what permission will the method to which the attribute is applied will check for?

    [PermissionSet(SecurityAction.Demand)]

    private string GetCurrentPageTitle()

    { //Some code... }

    Also Note that I am raising this cause I runned the code analysis tool of VS2010 and I got a "CA2122 : Microsoft.Security :" warning. so one way to address this is to add the attribute " [PermissionSet(SecurityAction.Demand)]" to the method, but I am unsure of runtime implications.

     

    Monday, January 24, 2011 6:24 PM
  • Hi Shah,

    I see what you're getting at, from what I can tell the attribute declaration below would contain no permissions to check against, so any caller to the GetCurrentPageTitle method would succeed.

    [
    PermissionSet(SecurityAction.Demand)]

    On the downside however, If you use .Net framework's code access security a certain portion of your method will execute to the point, where the calling assembly needs permission to continue. If the caller does not have the permission required, then the runtime will throw an exception.

    Hope this helps otherwise let me know.


    Regards Brendon Greyling
    • Marked as answer by Cookie Luo Monday, January 31, 2011 1:37 AM
    Monday, January 24, 2011 8:36 PM
  • So it would be correct to interpret, there would be no impact on the code as far as code acess security is concerned.
    Monday, January 24, 2011 9:16 PM
  • I believe that would be the correct interpretation yes.
    Regards Brendon Greyling
    Tuesday, January 25, 2011 6:26 AM