So let us create an assembly set some requested and declarative permissions on it and view them with Permview.
Let us start by creating an assembly and setting some Requested permissions on it.
1) Open a new WindowsApplication.2) Add a button to the form named Button1.3) Add a Class to this Application Named MyClass.4) Add a method to this class named Add which adds to numbers and returns the result.5) In the Button Click event of Button1 call the Add method of the MyClass as shown below.
MyClass myClass = new MyClass(); MessageBox.Show(myClass.Add(1,2).ToString());
6) Run the application. click on the Button and you will get the result as "3".Now we will add requested permission to this assembly.
7) Go to AssemblyInfo.cs and add the below lines
[assembly: FileIOPermission(SecurityAction.RequestMinimum,Write="c:\\")][assembly: UIPermission(SecurityAction.RequestRefuse, Window = UIPermissionWindow.AllWindows)]
By setting these permissions we say that to execute this application minimum write permission on C: is required. Along with that we have also requested an another UI permission which refuses to show any windows on the screen hence no forms or message boxes will be displayed.
8) Run the application. The form will not be loaded instead you will see the below error message:
Additional information: Request for the permission of type System.Security.Permissions.UIPermission, mscorlib, Version=1.0.3300.0,
Culture=neutral, PublicKeyToken=b77a5c561934e089 failed.
9) We can vew the permissions set on an assembly with permview.exe.10) Go to VS.Net command prompt and go to the folder which contains your application exe.11) Type the following command :permview WindowsApplication2.exe
minimal permission set:
optional permission set: Not specified
refused permission set:
13) Since we have set RequestRefuse permission for UIPermission we were unable to see the form so let us change that to RequestOptional as follows :
[assembly: UIPermission(SecurityAction.RequestOptional, Window = UIPermissionWindow.AllWindows)]
These permissions on the assesmbly that we saw were erquested permissions on the assembly. Permview is also used to view declarative security on classes or methods.
15) Let us add Declarative security to our MyClass as follows:
[PrincipalPermission (SecurityAction.Demand, Role="Administrator")] // add this above the class declaration
16) According to the above permission only those users who belong to the "Administrator" role will be able to instantiate this class or call any method on this class.
17) Let us view the declarative security of this class.18) Go to the VS.NET command prompt and type the following command : permview /decl WindowsApplication2.exe.
Note : - "/decl" shows the declarative permissions set on the classs and methods of the assembly.
19) You will see the class declarative permissions (as shown below) along with the requested assembly permissions.
Class WindowsApplication2.Class1 NonCasDemand permission set:
20) You will be able to execute the method call if the current user is an Administrator on the machine.
In this way we can use Permview.exe to view the declarative and requested permissions set on any assembly.
There are 3 types of requested permissions which can be granted on assembly :
Minimum permissions: (RequestMinimum) Permissions your code must have in order to run. Optional permissions: (RequestOptional) Permissions your code can use, but can run effectively without. Refused permissions: (RequestRefuse) Permissions that you want to ensure will never be granted to your code, even if security policy allows them to be granted.
-- Please post your queries and comments for my articles in the usergroup for the benefit of all. I hope this step from my end is helpful to all of us.
No comments:
Post a Comment