Code Access Security (CAS) – "Guilty until proven Innocent" (Partially Trusted Code)
Author:
Maxim V. Karpov
In my previous article on Code Access Security I barely scratched the surface, so in this installment I want to continue my endeavor with CAS and point out 3 different approaches regarding its use; (1) Configure Policy, (2) Sandbox pattern and (3) Install into a Global Cache Assembly, to successfully execute an assembly in the partially trusted execution environment. To start out, I will demonstrate how to make a local directory in order to execute code in a partial trust through the use of policy file. Then I will provide the guidelines for Sandboxing Pattern that will allow semi-trusted code to make calls inside of the fully trusted assemblies. In closing, I will talk about Microsoft technologies and how CAS effects them. In addition, I will demonstrate the above concepts through a series of code samples extracted through my own personal Courseware, which in turn you will be able to download and run for yourself. At the end of this reading, you should be able to understand (a) how to configure CAS security polices in order to allow semi-trusted code to perform needed operations and (b) how to write a wrapper assembly that vouchers (Assert/PermitOnly) for semi-trusted code to perform fully trusted operations.
More Tutorials
|