Hacking the Code: ASP.NET Web Application Security

Code Access Security

The .NET Framework is based on the concept of distributed applications, in which an application does not necessarily have a single owner. To circumvent the problem of which parts of the application (being assemblies) to trust, code access security is introduced. This is a very powerful way to protect the system from code that may be malicious or just unstable. Remember that it is always active, even if you do not use it in your own code. CAS helps you with the following tasks:

  • Limiting access permissions of assemblies by applying security policies

  • Protecting the code from obtaining more permissions than the security policy initially permits

  • Managing and configuring permission sets within security policies to reflect the specific security needs

  • Granting assemblies specific permissions that they request

  • Enabling assemblies in demanding specific permissions from the caller

  • Using the caller s identity and credentials to access protected resources and code

.NET Code Access Security Model

The .NET Code Access Security (CAS) model is based on a number of features:

  • Stack walking

  • Code identity

  • Code groups

  • Declarative and imperative security

  • Requesting permissions

  • Demanding permissions

  • Overriding security checks

  • Custom permissions

The following discussion will give you a better understanding of how CAS works in general and how it can work for you as you design and implement .NET applications.

Stack Walking

Perhaps stack walking is the most important mechanism within CAS to ensure that assemblies cannot gain access to protected resources and code during the course of the execution. As we...

UNLIMITED FREE
ACCESS
TO THE WORLD'S BEST IDEAS

SUBMIT
Already a GlobalSpec user? Log in.

This is embarrasing...

An error occurred while processing the form. Please try again in a few minutes.

Customize Your GlobalSpec Experience

Category: Security Software
Finish!
Privacy Policy

This is embarrasing...

An error occurred while processing the form. Please try again in a few minutes.