Mobile Code, which come from various sources like e-mail, documents and downloaded code over the Internet are the main cause for the damage, destroy or copy private data. So to help protect computer systems from malicious mobile code and to provide a way to allow mobile code to run safely, the .NET Framework provides a security mechanism called code access security.
Code access security is a mechanism that controls the access code has to protected resources and operations. NET Framework, code access security performs functions like Defining Permission, Enables administrators to configure security policy, Allows code to request the permissions it requires in order to run, Grants permissions to each assembly that is loaded, based on the permissions requested by the code and Enables code to demand that its callers have specific permissions.
Code access security is a mechanism that grants/denies access to resources within a method call. For example, code written by a person may be allowed to write to the disk while code from another one may be forbidden from accessing the disk. This control can be enforced even if the code written by both of them is used within a single application.
System.Security Namespace Provides the underlying structure of the .NET Framework security system, including interfaces, attributes, exceptions, and base classes for permissions and CodeAccessPermission class defines the underlying structure of all code access permissions.
Let see a sample application, which attempts to access a disk file and an environment variable .
Code shown below will create permission to set read access to Temp environment and full access to some files. Before changing every file will be have a default permission set.
// Create a permission set that allows read access to the TEMP
// environment variable and read, write, and append access to SomeFile from
//default permission
PermissionSet ps = new PermissionSet(PermissionState.None);
ps.AddPermission(
new EnvironmentPermission(EnvironmentPermissionAccess.Read, "TEMP"));
//adding various type of file level permission
ps.AddPermission(
new FileIOPermission(FileIOPermissionAccess.Read |
FileIOPermissionAccess.Write | FileIOPermissionAccess.Append,
"SomeFile"));
// Make the permissions indicate all that we're allowed to do.
ps.Assert();
PermissionSet class (in System.security) represents a collection and it contains many different kinds of permissions, and supports the methods that use and modify those permissions. We can add, remove, assert, deny and copy permission.
// Deny access to the resources we specify
ps.Deny();
// Make the permissions indicate the only things that we're allowed to do.
ps.PermitOnly();
// Remove the FileIOPermissions from the permission set
ps.RemovePermission(typeof(FileIOPermission))
// Remove the EnvironmentPermission from the permission set
ps.RemovePermission(typeof(EnvironmentPermission));
Deny method prevents callers from accessing the protected resource even if they have been granted permission to access it. PemitOnly Ensures that only the resources specified by this permission object can be accessed, even if the code has been granted permission to access other resources. FileIOPermissionAccess specifies the actions that can be performed on the file or folder. EnvironmentPermission Class as the ability to query and modify system and user environment variables.
Conclusion:
We have seen how to write a secure code using the publicly available .Net SDK. Although what I have shown you is simple in functionality you can even create your own code access permission and much more advance security futures in you code.