Managing Code Access Permission Sets

This section looks at programmatic access to permissions. The example extends the ProVB2012_Security project discussed earlier. This example illustrates how when a method fails, an exception object containing the result is generated. Note that in the case of a real-world example, you would be setting up permissions for a calling application. In many instances, you don't want a calling application to be able to access the registry, or you want a calling application to be able to read memory variables but not change them. Keep in mind that you can only limit those permissions which are already available to a user based on their identity. You can't grant access to a portion of the operating system via code that the user doesn't have access to based on their identity.

The following example first sets up the permission that is wanted and then grants the code the appropriate access level. Thee code that accesses this security object illustrates the effect of these new permissions on the code. Note you will need to add the line Imports System.IO to the top of your MainWindow.xaml.vb file for the following code to compile.

     Private Sub TestFileIOPermission()
         Dim oFp = New FileIOPermission(
                    FileIOPermissionAccess.AllAccess,
                    "C:Temp")
         oFp.PermitOnly()
         'Try
         Dim strmWrite As New IO.StreamWriter(
             File.Open("C:TempPermission.txt",
             IO.FileMode.Open))
         strmWrite.WriteLine("Hi there!")
         strmWrite.Flush()
         strmWrite.Close()
         Dim objWriter As New IO.StreamWriter(
             File.Open("C:TempNoPermission.txt",
             IO.FileMode.Open))
         objWriter.WriteLine("Hi there!")
         objWriter.Flush()
         objWriter.Close()
         
         'Uncomment the lines below (comment those above) to reverse the test.
         
         'Dim oFp = New FileIOPermission(FileIOPermissionAccess.Read, "C:")
         'oFp.PermitOnly()
         'Dim temp = oFp.AllFiles.ToString()
         'Dim strmWrite = New IO.StreamWriter(
         '                File.Open("C:TempPermission.txt",
         '                IO.FileMode.Open))
         'strmWrite.WriteLine("Hi there!")
         'strmWrite.Flush()
         'strmWrite.Close()
         'Dim objWriter = New IO.StreamWriter(
         '                File.Open("C:TempNoPermission.txt",
         '                IO.FileMode.Open))
         'objWriter.WriteLine("Hi there!")
         'objWriter.Flush()
         'objWriter.Close()
         ''Catch objA As System.Exception
         ''MessageBox.Show(objA.Message)
         ''End Try
     End Sub

The first example attempts to access a file in the file system. This illustrates the use of the FileIOPermission class. Within the folder C:Temp, create two new files. The first file, C:TempPermission.txt, will use the default permissions assigned when you created the account. The second file, C:TempNoPermission.txt (these files are not part of the download), has its permissions modified.

To do this, access the file's properties by right-clicking on the file and choosing Properties. On the Properties dialogue select the Security tab and then use the Advanced button. Within the Advanced Security Settings dialogue use the Change Permission button to open the Advanced Security Settings dialogue. Next go to the bottom of this dialogue and unclick the check box “Include inheritable permissions from this object's parent.” You will need to verify that you want to add the security settings for this file to the file itself.

After returning to the original Properties dialogue by clicking the OK buttons you will want to remove the settings for Authorized Users. To do this you will need to use the Edit button to access the Permission dialogue where you can use the Remove button. After having done this you will have removed the default modify permission for authenticated users to this file. The result should be the permission level that is depicted in Figure 18.4. Note that there are only three Groups or usernames assigned permissions.

Figure 18.4 Properties of target file for security checks

18.4

Looking at the previous code snippet notice that the Sub TestFileIOPermission first grants FileIO write permissions to the current user and attempts to access both files. This will fail for the NoPermissions.txt file, because code access security can't grant additional access to a user at runtime. You can see this result in the error shown in Figure 18.5.

Figure 18.5 Security access exception in Visual Studio debugger

18.5

Now to test the reverse, comment out the top half of the preceding method and uncomment the bottom half. Now the method uses the PermitOnly assignment to limit the user to ReadOnly permissions for the FileIO permission set. In this case the code will fail when attempting to write to the Permission.txt file because of the stricter limits of this setting as opposed to what the operating system would allow. You can see this result in the error shown in Figure 18.6.

Figure 18.6 Security exception related to permission not access

18.6
..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset