Chapter 7. Permissions

In this chapter, we explain permissions and discuss their role in the implementation of CAS. We describe the mechanisms that the runtime uses to enforce code-level security, and explain how you can use permissions to manipulate these mechanisms. We examine the functionality common to all permissions, and demonstrate the use of key permission classes provided in the .NET class library. Finally, we show you how to extend CAS by implementing your own custom permissions.

Permissions Explained

The goal of CAS is to give security administrators (and users) fine-grained control over the actions and resources to which code has access. For example, a security-conscious administrator may want to stop applications run from the Internet from starting new processes or allow only code written by Microsoft to be able to write to the Windows registry.

Instead of defining a fixed set of operations and resources to which access can be controlled, CAS provides a flexible and extensible framework that uses objects called permissions to define and enforce security. Permission objects serve the following purposes:

  • When the runtime loads an assembly, it assigns the assembly a set of permission objects that represent the authority the runtime has granted to the assembly. Most permission objects represent access to actions or resources that are subject to security control, such as the ability to create application domains or the ability to write to the Windows event log. Other permissions ...

Get Programming .NET Security now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.