This article has been
excerpted from book "The Complete Visual C# Programmer's Guide" from the Authors
of C# Corner.
You can place security attributes in your classes or methods to assert, demand,
deny, or permit only certain permissions.
There can be zero or more public properties set in the attribute, each separated
by a comma. For example, the FileIOPermissionAttribute has properties for
controlling how a user can append, read, and write to a file. Setting these
properties in this attribute defines which files or directories you wish to
check for access permissions.
In Listing 22.22, FileIOPermissionAttribute demands permission to read C:\dir1\
whenever a method in MyClass is called. The EnvironmentPermissionAttribute
demands permission for reading the TEMP environment variable before a call to
MyMethod can succeed. If either of the demands fails, the system throws a
security exception for calls to MyMethod.
Listing 22.22: PermissionAttribute Example
// PermissionAttribute for class and method
[FileIOPermissionAttribute(SecurityAction.Demand,
Read = @"c:\dir1\")]
public
class
MyClass
{
[EnvironmentPermissionAttribute(SecurityAction.Demand,
Read = "TEMP")]
public void
MyMethod()
{
}
}
In Listing 22.23, AnyClass defines two assembly permission set attributes, which
will cause it to request to read, at a minimum, the minimum_permission.xml file
and, optionally, the optional_permission.xml file.
Listing 22.23: PermissionSetAttribute Example
// PermissionSetAttribute
[assembly:
PermissionSetAttribute(SecurityAction.Request.Minimum,
File = "minimum_permission.xml")]
[assembly:
PermissionSetAttribute(SecurityAction.RequestOptional,
File = "optional_permission.xml")]
public
class
AnyClass
{
public static
void Main()
{
Console.WriteLine("Permissions");
}
}
Listing 22.24 illustrates the declarative use of Deny to override security
checks. RegistryPermissionAttribute includes a SecurityAction enumeration for
Deny and the registry key to which write access will be denied.
Listing 22.24: RegistryPermissionAttribute Example
// Declarative demand1
[RegistryPermissionAttribute(SecurityAction.Deny, Write =
"HKEY_LOCAL_MACHINE")]
public
class
MyClass
{
public MyClass()
{
}
// no writes but read to
HKLM is allowed!
public void
ReadRegistry()
{
//Access the registry.
}
}
Listing 22.25 shows how to use Assert declaratively to override security checks.
Using Assert in FileIOPermission causes demands for access to C:\temp\trace1.txt
to succeed, since the Assert method is called during JIT compilation.
Listing 22.25: FileIOPermission Example
// Declarative demand2
[FileIOPermission(SecurityAction.Assert, All =
@"C:\temp\trace1.txt")]
public
void SaveTrace()
{
StreamWriter TextStream = new StreamWriter(@"C:\temp\trace1.txt");
TextStream.WriteLine("created on:" +
DateTime.Now);
TextStream.Close();
}
Listing 22.26 shows how a link demand can be used to check only the immediate
caller of your code during a security check performed as part of a JIT
compilation. The immediate caller of the CoolApp class must have the strong name
used in the StrongNameIdentityPermissionAttribute defined in the listing, since
we used the LinkDemand security action. CoolApp class can be linked only by the
assembly that has the strong name specified in the LinkDemand attribute.
Listing 22.26: LinkDemand Example
// link demand
[StrongNameIdentityPermissionAttribute(SecurityAction.LinkDemand,
PublicKey="0024000004800000940000000602000000240000525341310004000001000100bf01b056
b9778a08f3b7b7a573b1a6e6e1bf18af004f8f017997a28b4378ea7b389932c9f537df90190b994c1e0
849a4222a6d87761bc96d2a16d8a36865c6d7d031fa3109ed9711d064d20e7059aa945dfe10cdd64d32
49c10b76e2759556d3554f7708ade90c9453b1118f97a492b81ba33d193ee8df19b29af7dabae691d5"
,
Name = "CoolApp", Version =
"1.0.0.2"]
public
class
CoolApp
{
// Additional code here
}
Conclusion
Hope this article would have helped you in understanding
tPermissionAttribute Class using C#. See other articles on the website on .NET and C#.
![visual C-sharp.jpg]()
|
The Complete Visual
C# Programmer's Guide covers most of the major components that make
up C# and the .net environment. The book is geared toward the
intermediate programmer, but contains enough material to satisfy the
advanced developer. |