Jump to navigation

Poupou's Corner of the Web

Looking for perfect security? Try a wireless brick.
Otherwise you may find some unperfect stuff here...

Weblog

Much more CAS samples

Ok, I promise it's the last one on samples, but it's worth it as I finally got around most MSDN library samples about CAS.

A got a few surprises (i.e. really not anticipated), like PermissionSet.IsEmpty() returning true even if PermissionSet.Count > 1 - but only when the included permissions are themself "somewhat" empty (as there is no IPermission.IsEmpty() method).

I also had a few "non" surprises (i.e. I could/should have anticipated them). Many were due to the fact that IPermission.Intersect can return null or an empty set (new PermissionSet (PermissionState.None)) as an empty result (which resulted in a number of NullReferenceException). Support for more wildcards in permissions, like in StrongName "names" (that's one I should have seen coming).

And finally some, always subtle, differences between Fx 1.1 and 2.0 beta 1. Anyway I suspect I'll get more (and probably less subtle) differences in the next 2.0 betas - like unrestricted identity permissions.

This time I won't bore you with all the gory step-by-step details - as a summary should be good enough ;-). So here are the current results using CVS...

In System.Security namespace:

  • PermissionSet - Fully working
  • NamedPermissionSet - not fully working [1]
  • SecurityElement - Fully working
  • SecurityManager - not fully working [1]

[1] Permissions classes outside mscorlib.dll aren't completed. This is a case where throwing NotImplementedException isn't the best solution.

In System.Security.Permissions namespace:

  • EnvironmentPermission - Fully working
  • FileDialogPermission - Fully working
  • FileIOPermission - Fully working [2]
  • IsolatedStorageFilePermission - not fully working [3]
  • PublisherPermission - Fully working
  • ReflectionPermission - Fully working
  • RegistryPermission - Fully working
  • SecurityPermission - Fully working
  • SiteIdentityPermission - Fully working
  • StrongNameIdentityPermission-1 - not fully working [4]
  • StrongNameIdentityPermission-2 - Fully working
  • UIPermission - Fully working
  • UrlIdentityPermission - Fully working
  • ZoneIdentityPermission - Fully working

[2] Some filenames had to be changed in order to run under Linux.
[3] Everything works except Deny and PermitOnly (not implemented yet). Other samples do not use them.
[4] Requires declarative permission support (not implemented yet).

In System.Security.Policy namespace:

  • Evidence - Fully working [5]
  • FileMatchCodeGroup - Fully working [2]
  • FirstMatchCodeGroup - Fully working [2]
  • PolicyLevel - not fully working [6]
  • PolicyStatement - Fully working

[5] Commented Fx 2.0 specific stuff.
[6] FullTrustAssemblies aren't implemented. It also need more love in resolution.


9/6/2004 18:23:57 | Comments

The views expressed on this website/weblog are mine alone and do not necessarily reflect the views of my employer.