Gallery

.NET security

Posted on 26 Jul 2006 at 15:16

Thomas Lee looks at the security architecture of .net and delves into code access security

Log l = Log.Create( "C:\\log.txt" );

l.Clear();

Let's suppose there's also a third-party logging tool, implemented by the file log.dll, that looked something like this:

public class Log {

public static Log Create( string f ) {

FileStream fs = new FileStream ( f, ... );

}

Finally, the FileStream class, found in the CLR class library, might look something like this:

public class FileStream {

public FileStream( ... ) {

FileIOPermission fi = new ...;

fi.Demand();

...

In this example, the application invokes the log class, which in turn invokes the FileStream class in order to clear the log. To ensure security, the FileStream class calls into fi.demand to perform a stack walk to ensure all callers have the appropriate permission to perform this operation. The FileStream class itself doesn't know or care that the file being managed is actually a log file - it simply checks that the file operation being performed is allowed. This means that if the permission set for myapp.exe and log.dll allows writing to c:\log.txt, the demand method will succeed and the write operation would be carried out; otherwise, an exception would be raised.

For more information about .NET security, you can consult the MSDN library online at www.microsoft.com. The best source of details around .NET Framework security is the book .NET Framework Security by Brian LaMacchia et al (ISBN 0-672-32184-X).