Since NET version 1.x, CAS always confuses the heck out of me in many ways. So I decide this time that I'm going to be on top and leave no stones unturned. I have been reading for the last few days various articles revealing some of the new CAS security features in .NET version 2.0. I had to admit that I was struggling for quite a long time with this topic until I finally see a clearer picture inside the crystal ball. With all that said, let's dive right into the topic.
[assembly: SecurityTransparent] attribute is one of the new security feature
introduced in .NET framework 2.0. So here are some of the principal characteristics of this security attribute
1. It can only be applied to assembly and no critical code is allowed
2. It can't perform an assert. In other word, it can't elevate privilege
3. It passes all security requirement of the code it calls back to the callers.
If the method called requires full trust and the caller has low trust, it will fail in a security exception
Let's look at a sample code and see how to use the [assembly: SecurityTransparent] attribute
SecurityTransparent.cs
using System;
using System.Security;
using System.Security.Permissions;
[assembly: SecurityTransparent]
namespace SecurityCheck
{
public sealed class Transparent
{
public void DoSomething()
{
try
{
// Uncomment the line below to raise the security exception
//new FileIOPermission(PermissionState.Unrestricted).Assert();
Console.WriteLine("Do something here");
}
catch(SecurityException se)
{
throw se;
}
}
}
}
Client1.cs
using System;
using System.Security;
using SecurityCheck;
namespace Test
{
public class Client
{
public static void Main()
{
// [SecurityTransparent] testing code
Transparent tr = new Transparent();
try
{
tr.DoSomething();
}
catch(SecurityException se)
{
Console.WriteLine(se.PermissionState);
}
}
}
}
From a developer perspective, this SecurityTranparent feature allows us to write library in a much more consistent and maintainable way, and concentrating in protecting sensitive data and rersources in our code. It places the security requirement at the caller and will not allow your code to elevate privilege.
Now let's move to the next cool security feature [SecurityCritical] and [SecurityTreatAsSafe] giving us more control over how to secure our code in a much finer grain level. Here are the important points of these 2 cool attributes:
1. If you apply it at the assembly level, then all methods and properties are transparent unless you specifically decorate it with the attribute [SecurityCritical]
2. The [SecurityAttribute] can be applied to a specific property and method
3. The [SecurityTreatAsSafe] attribute can be applied to private and internal
security critical members to allow security transparent code within the
assembly to access its members.
Below is a working example showing how to use these 2 new security attributes:
Client2.cs
using System;
using System.Security;
using SecurityCheck;
namespace Test
{
public class Client
{
public static void Main()
{
// [SecurityCritical] testing code
Document Doc = new Document();
try
{
Console.WriteLine(Doc.Save());
Doc.Name = "My name goes here";
Console.WriteLine(Doc.Name);
}
catch(SecurityException se)
{
Console.WriteLine(se.PermissionState);
}
// [SecurityTreatAsSafe] testing code
try
{
Doc.CallPrivateMethod();
}
catch(MethodAccessException se)
{
Console.WriteLine("Security Message = {0} Security Source = {1} Security Target = {2}",
se.Message, se.Source, se.TargetSite);
}
}
}
}
SecurityCritical.cs
using System;
using System.Security;
using System.Security.Permissions;
[assembly: SecurityCritical]
namespace SecurityCheck
{
public sealed class Document
{
private string _name;
public string Name
{
get { return _name; }
[SecurityCritical]
set
{
try
{
// Comment the [SecurityCritical] attribute above the Set method,
// Assert will raise a security exception
new FileIOPermission(PermissionState.Unrestricted).Assert();
_name = value;
}
catch(SecurityException se)
{
throw se;
}
}
}
[SecurityCritical]
public string Save()
{
try
{
// Comment the [SecurityCritical] attribute above the method Save,
// Assert will raise a security exception
new FileIOPermission(PermissionState.Unrestricted).Assert();
return "Success";
}
catch(SecurityException se)
{
throw se;
}
}
// Security transparent method
public void CallPrivateMethod()
{
try
{
// Calling private security critical method
InternalCritical();
}
catch(MethodAccessException se)
{
throw se;
}
}
// Comment the [SecurityTreatAsSafe] attribute below,
// a method access exception will be raised
[SecurityCritical]
[SecurityTreatAsSafe]
private void InternalCritical()
{
Console.WriteLine("InternalCritical");
}
}
}
You can compile the above code using the command-line compiler as indicated below or create and build it in VS 2005, which ever way you feel comfortable.
csc /t:library SecurityCritical.cs
csc /t:library SecurityTransparent.cs
csc /r:SecurityTransparent.dll Client1.cs
csc /r:SecurityCritical.dll Client2.cs
I have tested the above code and it works. If you have any problem compiling or running the above code, please let me know. Any questions or comments would be greatly appreciated because I'm learning these new features too as I go along.
Hope it helps