Code Access Security

CAS is the security system for the .NET Framework. Although a complete explanation of CAS is outside the scope of this book, we cover a few basic concepts. CAS is different from Windows security, which is a role-based system. Role-based security grants permissions based on the user's role—for example, being a member of the administrators group or the power users group. In contrast, CAS grants permissions based on what the code is allowed to do, regardless of the role of the user running the code.

CAS uses code groups to manage permissions. There are two things you should understand about code groups: evidence and permissions. Evidence determines whether the code belongs in the group. For example, you can specify that all code in a particular folder belongs in a group. This is known as URL evidence, which is the evidence most commonly used by VSTO. Strong name evidence is another type. Strong name signing gives the component a unique ID that can be used to identify that exact component. You can specify that all code that is signed with a strong name key belongs in a code group. Other kinds of evidence include certificates and custom evidence. Later you will see how to extend the security system using custom evidence.

Now that you know which code belongs in the code group, the next step is to assign permissions to the code group. This is the easy part, because all VSTO solutions require full trust. VSTO solutions require full trust because they interact with Office using COM interop and because the Office object model was designed for full trust only. Consider, for example, something simple: using the Save method to save a document called c:\windows\system\system32.dll, something that could corrupt the operating system. This is why an API needs to be designed to operate with restricted permissions and why Office is not designed to use partial trust.

There are two ways to define a code group. One is to use the command-line tool Code Access Security Policy (CASPOL.exe). This tool is located in \WINDOWS\Microsoft.NET\Framework\v2.0.50727\Caspol.exe. The other way is to use a Microsoft Management Console (MMC) tool called .NET Framework 2.0 Configuration (shown in Figure 11.1). You can locate this tool by opening Administrative Tools in the Control Panel, selecting Performance and Maintenance, and then clicking Microsoft .NET Framework 2.0 Configuration.

.NET Framework 2.0 Configuration

File Action View Help ni §

H Console Root

É.NET Framework 2.0 Configuration spaas

Assembly Cache QjJ Configured Assemblies i^] Remoting Services El-Op Runtime Security Policy E-^J Enterprise 0-® Machine

E-C User

{jT^ Applications

.NET Framework 2.0 Configuration (version 2.0.50727.42)

.NET Framework 2.0 Configuration allows you to configure assemblies, remoting services, and code access security policy specific to version 2.0 of the .NET Framework.

Note: This version of the .NET Framework Configuration tool will not adjust settings for previous or later versions of the .NET Framework. Use the corresponding configuration tool to adjust settings for those versions.


Manage the Assembly Cache

Thp accpmhlw rarhp çtrirpç aççpmhlie i HpçinnpH tri d

Figure 11.1. .NET Framework 2.0 Configuration

As mentioned earlier, VSTO automatically creates a code group for any project. Let's look at exactly how this code group is set up. If you open the .NET Framework 2.0 Configuration console and expand the My Computer node and the Runtime Security Policy node, you will see that there are three levels: Enterprise, Machine, and User. VSTO creates the code group under the user level, meaning that this code group applies only to the user who created it.

As you can see in Figure 11.2, if you expand the User node, there is a Code Groups node, and under that an All_code node. Under the All_code node is the VSTOProjects node. Under the VSTOProjects node, VSTO creates a code group for each project that you create, using a GUID so that each code group name is unique.

If you drill down a little further, you get to the code group that actually grants the permissions. This code group is named after the VSTO assembly name; in this example, ExcelWorkbook1.dll is the name of the code group. When you select this code group in the .NET Framework 2.0 Configuration console, you can see the description to the right. It contains the code group's evidence and the permissions.

To see the details, right-click the code group (as shown in Figure 11.2) and select Properties from the context menu. The code group Properties page has three tabs: General, Membership Condition, and Permission Set.

0 0

Post a comment