Security Code Snafu


DevX Home    Today's Headlines   Articles Archive   Tip Bank   Forums   

Results 1 to 2 of 2

Thread: Security Code Snafu

  1. #1
    Join Date
    Feb 2010
    Posts
    1

    Security Code Snafu

    CodeAccessPermission fiop = new FileIOPermission(PermissionState.Unrestricted);
    CodeAccessPermission ep = new EnvironmentPermission
    (EnvironmentPermissionAccess.Read, "USERNAME"));
    CodeAccessPermission fdp = new FileDialogPermission(FileDialogPermissionAccess.Open));
    CodeAccessPermission isfp = new IsolatedStorageFilePermission(PermissionState.Unrestricted));
    CodeAccessPermission rp = new ReflectionPermission(ReflectionPermissionFlag.MemberAccess));
    CodeAccessPermission uip = new UIPermission(UIPermissionWindow.SafeTopLevelWindows));
    CodeAccessPermission pp = new PrintingPermission(PrintingPermissionLevel.SafePrinting));
    Console.WriteLine(fiop.GetType().ToString() + ": " + SecurityManager.IsGranted(fiop));
    Console.WriteLine(ep.GetType().ToString() + ": " + SecurityManager.IsGranted(ep));
    Console.WriteLine(fdp.GetType().ToString() + ": " + SecurityManager.IsGranted(fdp));
    Console.WriteLine(isfp.GetType().ToString() + ": " + SecurityManager.IsGranted(isfp));
    Console.WriteLine(rp.GetType().ToString() + ": " + SecurityManager.IsGranted(rp));
    Console.WriteLine(uip.GetType().ToString() + ": " + SecurityManager.IsGranted(uip));
    Console.WriteLine(pp.GetType().ToString() + ": " + SecurityManager.IsGranted(pp));



    If the above code is ran from a command prompt from C:\ and with administrator privileges, it produces ‘true’ to all permissions (C:\Permissions.exe) since My_Computer_Zone (C:\) has the Full Trust permission set.
    If the above code is ran from a command prompt through a loopback with administrator privileges, it should NOT produce ‘true’ for several permissions (\\127.0.0.1\C$\Permissions.exe). Permissions.exe is now running from a shared folder and hence under the Internet Zone. Specifically IsolatedStorageFilePermission. Yet in my case it does!

    .NET Configuration Tool shows everything as normal. Zones and their respective trusts are as follows. My Computer: Full Trust; Local Intranet: Medium Trust; Internet: Low Trust; Trusted Sites: Low Trust; Untrusted Sites: No Trust.
    Runtime Security Policy –> Machine –> Code Groups –> All_Code –> Internet_Zone –> Internet_Same_Site_Access also reset to normal settings.

    I’m baffled! Any help is welcomed.

    * Code, although modified, is courtesy of Tony Northrup’s book “Microsoft .NET Framework – Application Development Foundation”.

  2. #2
    Join Date
    Mar 2004
    Location
    UK
    Posts
    31
    Do you have .NET Framework 3.5 SP1 installed? The CAS policies changed in SP1 so that applications run from the local network have the same permissions as applications run from the local computer.

    http://blogs.msdn.com/brada/archive/...ork-share.aspx
    http://blogs.msdn.com/vancem/archive...ork-share.aspx

Similar Threads

  1. Control Arrays in VB.NET
    By Gary Nelson in forum .NET
    Replies: 277
    Last Post: 10-01-2003, 12:00 AM
  2. Are Comments a Waste of Time?
    By Glen Kunene in forum Java
    Replies: 25
    Last Post: 04-22-2002, 05:45 PM
  3. .NET equals Efficiency
    By Kevin in forum .NET
    Replies: 150
    Last Post: 03-04-2002, 05:40 PM
  4. establishing security
    By Chris Boyle in forum Security
    Replies: 1
    Last Post: 06-20-2001, 11:59 AM
  5. Replies: 90
    Last Post: 04-17-2001, 12:45 AM

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
HTML5 Development Center
 
 
FAQ
Latest Articles
Java
.NET
XML
Database
Enterprise
Questions? Contact us.
C++
Web Development
Wireless
Latest Tips
Open Source


   Development Centers

   -- Android Development Center
   -- Cloud Development Project Center
   -- HTML5 Development Center
   -- Windows Mobile Development Center