 |
 | Home | Contact Us | FAQ | Search & Site Map | Link to Us |
 | Sign In | Join | Other 45 Sites in Network |
.NET Forum / .NET Framework / Security / January 2006Understanding FullTrust and CAS
Hi all! I've posted this problem in a number of places, but haven't been able to get to the bottom of it, so I'll try again here. I have been trying to work out ways to allow a partial trust web application limited access to perform sensitive operations (like retrieving a list of active processes) via a fully trusted proxy assembly. Basically I have a class with one method to get a list of active processes and return a list of the names. Nothing too complex so far, and it works fine if the webpage calling this separate assembly is running in full trust mode. Trouble is, I get security exceptions when I lower the web application's trust level to Medium. This makes sense, because the security demand in the Process class is supposed to walk up the stack and fail when it gets to something less than full trust. The question is, what does one have to do to allow this code to be called by a partially trusted web app? My plan was to sign the assembly with a strong name and elevate it to FullTrust level, but that hasn't worked. Thinking that I didn't quite understand caspol (is there any decent documentation on this anywhere on the web?) I've tried quite a few ways to get the full trust applied, but none seem to allow my application to work. Maybe I"m barking up the wrong tree? One thing that has worked is to add the intermediate assembly to the GAC. If I do this, the whole thing runs smooth as silk. Trouble there is, marking the assembly APTCA, giving it a bunch of functionality that could pose security risks, then dropping it in the GAC on a web server seems to miss the point of the whole exercise in the first place. If anyone has any insight/links/comments on this problem I will be very grateful. I am really tearing my hair out here... Also, the combined code for both of these apps is shorter than this post. I'd be happy to post or send it to any interested parties. <snip> > One thing that has worked is to add the intermediate assembly to the > GAC. That's because the ASP.NET CAS policy is also at work, on top of the normal "general" policy that can be managed via caspol. Your assembly runs with a CAS permission grant that represents the intersection of the ASP.NET and general grants. Even if you've granted it unrestricted permissions in the general policy, it's still subject to permission limitations via the ASP.NET policy. Under default ASP.NET policy at the medium trust level, aside from some locally installed Microsoft assemblies, only assemblies in the GAC are fully trusted. This means that you have two options for acquiring an unrestricted permission grant for your assembly: add it to the GAC or modify the ASP.NET policy to grant your assembly. > If I do this, the whole thing runs smooth as silk. Trouble there > is, marking the assembly APTCA, giving it a bunch of functionality that > could pose security risks, then dropping it in the GAC on a web server > seems to miss the point of the whole exercise in the first place. Then modifying the ASP.NET policy to grant your assembly unrestricted permissions even if it's not in the GAC would seem to be the more palatable option... ;) Also, before asserting permissions on behalf of a partially trusted caller (which your broker assembly is doing by satisfying a link demand even if you're not performing a deliberate assertion), it's generally a good idea to first make a demand for some alternate permission that can be used to screen out inappropriate callers. In a shared hosting scenario, this would usually be an identity permission or a custom permission that only your applications have been granted. Thanks very much for the response. Its funny (is that really the appropriate word?) that I didn't find any mention of extra ASP.NET policy in any of the CAS documentation. So I have been barking up the wrong tree. I will have a look at asp.net policy (looks like some hacking of the machine.config is in order) and post back if/when I get this working. Also, I have planned to make some kind of demand from the web app in the long run. Was thinking to create a custom permission but identity would probably be more appropriate. Anyway first things first. . . hi, i spent quite a lot of "quality time" with ASP.NET policy files (for a book i am currently writing) maybe this is some useful info: http://www.leastprivilege.com/MoreOnLockingDownPartialTrustASPNET.aspx --------------------------------------- Dominick Baier - DevelopMentor http://www.leastprivilege.com > Thanks very much for the response. Its funny (is that really the > appropriate word?) that I didn't find any mention of extra ASP.NET [quoted text clipped - 7 lines] > the long run. Was thinking to create a custom permission but identity > would probably be more appropriate. Anyway first things first. . . Happy to report this is easy enough once pointed to the right policy file. I ended up copying the web_mediumtrust.config file and customizing it with: <CodeGroup class="FirstMatchCodeGroup" version="1" PermissionSetName="FullTrust" Name="MyCustom_Strong_Name" Description="blah blah blah"> <IMembershipCondition class="StrongNameMembershipCondition" PublicKeyBlob="00240000048000009. . ." /> </CodeGroup> Changed the web.config to recognize the new policy file, then used that as my trust level. Seems to be working fine now. Thanks again!! Free MagazinesGet these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...
|
Reply to this Message
|
 Sign In
 Join
 My Latest Posts My Monitored Threads My Blog My Photo Gallery My Profile My Homepage Start New Thread Enable EMail Alerts Rate this Thread
|
©2008 Advenet LLC Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.