Home | Contact Us | FAQ | Search & Site Map | Link to Us
Sign In | Join | Other 45 Sites in Network
HomeAnnouncementsFree MagazinesWhite PapersSubmit Content
Discussion GroupsASP.NETWindows FormsLanguages.NET FrameworkVisual Studio.NET
Articles.NET FrameworkASP.NETToolsWindows Forms
.NET DirectoryOpen Source ProjectsUser GroupsWeb Resources
Related Topics
Visual Basic 6SQL ServerMS AccessOther DB ProductsMS Server ProductsMore Topics ...
.NET Forum / .NET Framework / Security / December 2006

Tip: Looking for answers? Try searching our database.

Role-based-Security... just switch it off

Thread view: 
Enable EMail Alerts  Start New Thread
Thread rating: 
Daniel - 18 Dec 2006 09:38 GMT
Hi all,
I am trying to implement role based security in my C# program (define
generic user, define roles and a generic principal during startup of
the program).
With "[PrincipalPermission(SecurityAction.Demand, Name=@"xxx",
Role=@"yyy")]" I am trying to protect some areas of the code.
A good example is the role "Teller1000$" and "Teller1Mio$". The first
guy is allowed to do transactions up to 1000$, the second guy up to
1Mio.
It is crutial that these demands are enforced.
But if I open a command line and type "caspol -security off" everybody
is allowed to do everything!!!!!!

What is an elegant way to make sure, that my security policies cannot
be switched off?
Are there other ways to go around role based security which i have
close?

thanks a lot
Daniel
Reply to this Message
Dominick Baier - 18 Dec 2006 14:46 GMT
Hi,

well - you can only do a caspol -s off if you are an administrator. Users
with administrative privileges can do everything to your system or your application.

Besides that you can check if SecurityManager.SecurityEnabled is true.

-----
Dominick Baier (http://www.leastprivilege.com)

> Hi all,
> I am trying to implement role based security in my C# program (define
[quoted text clipped - 14 lines]
> thanks a lot
> Daniel
Reply to this Message
Nicole Calinoiu - 18 Dec 2006 15:59 GMT
<snip>
> What is an elegant way to make sure, that my security policies cannot
> be switched off?

Do not depend on client-side functionality to impose principal-based
security.  Client-side permission verifications can be helpful with respect
to functionality (e.g.: disabling/hiding buttons for actions that a user is
not allowed to perform) and performance (avoid creating network traffic for
actions that the user is not allowed to perform).  However, the ultimate
decision whether to permit an action should only be made on the machine
affected by that action or on a machine is part of a trusted subsystem from
the perspective of the target machine.  (And client machines should
generally not form part of a trusted subsystem for any server.)

> Are there other ways to go around role based security which i have
> close?

Yes.  For example, your assembly could be modified to remove the permission
verifications.  However, you can't completely prevent such things, so your
only secure approach is not to rely purely upon client-side permission
verifications.
Reply to this Message

Free Magazines

Get these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...

Oracle MagazineNetwork ComputingComputer WorldBio-IT WorldeWeekInformation WeekInfosecurity
 
Sign In
Join
My Latest Posts
My Monitored Threads
My Blog
My Photo Gallery
My Profile
My Homepage
Start New Thread
Enable EMail Alerts
Rate this Thread



©2008 Advenet LLC   Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.