Improving the security of the .NET Framework applications by using the .NET Framework 2.0 security features

Posted on

These questions are based on 70-622CSHP – TS: Microsoft .NET Framework 2.0 – Application Development Foundation (C#.NET) Microsoft Self-Test Software Practice Test.

 

Objective: Improving the security of the .NET Framework applications by using the .NET Framework 2.0 security features
SubObjective: Implement code access security to improve the security of a .NET Framework application (Refer System.Security namespace)

 

Item No. 70-536CSHP.5.1.2
Multiple Answer, Multiple Choice

 

You are an application developer for a company. You are creating an assembly that will be used to manage file content on user computers. You want ensure that if users of your assembly do not have access to the local file system, then they should not be able to access classes in your assembly.

 

Which code fragments should you add to your classes? (Choose two. Each correct answer represents a complete solution.)

 

 

  1. [FileIOPermission(SecurityAction.RequestMinimum)]
  2. [FileIOPermission(SecurityAction.RequestOptional)]
  3. [FileIOPermission(SecurityAction.Demand)]
  4. FileIOPermission perm =
    new FileIOPermission(PermissionState.Unrestricted);
    perm.Demand();
  5. FileIOPermission perm =
    new FileIOPermission(PermissionState.Unrestricted);
    perm.Assert();
  6. FileIOPermission perm =
    new FileIOPermission(PermissionState.Unrestricted);
    perm.Request();

 

Answers:

 

 

  1. [FileIOPermission(SecurityAction.Demand)]
  2. FileIOPermission perm =
    new FileIOPermission(PermissionState.Unrestricted);
    perm.Demand();

 

Tutorial:
You should use the following two code fragments to ensure access to classes only if the users have access to the local file system.

 

For declarative security:

 

[FileIOPermission(SecurityAction.Demand)]

 

For imperative security:

 

FileIOPermission perm =
new FileIOPermission(PermissionState.Unrestricted);
perm.Demand();

 

The .NET Framework security system allows permission requests, overrides and demands using declarative security and imperative security. Declarative security makes use of attributes to place security data into the metadata of the assembly. The permission attributes take a SecurityAction enumeration value and other optional arguments. The SecurityAction enumeration includes the values Assert, Demand, Deny, RequestMinimum, RequestOptional and RequestRefuse. The SecurityAction.Demand value indicates all callers must have the permission to access the resource, whereas the SecurityAction.Assert value indicates that only one caller needs the permission. The SecurityAction.Deny value denies access, no matter whether that permission was granted to a caller. The values SecurityAction.RequestMinimum, SecurityAction.RequestOption and RequestRefuse can be applied only to an assembly during grant time, before that assembly’s effective permissions are determined. RequestMinimum means the assembly will not load if the permission is not granted, whereas RequestRefuse means the assembly will not accept the permission even if granted. RequestOptional means the assembly does not require the permission. Imperative security makes use of runtime security invocations on a CodeAccessPermission object. In imperative security, you cannot perform requests, only demands and overrides. Thus, the Assert, Demand, and Deny methods invoke the same logic as the SecurityAction.Assert, SecurityAction.Demand and SecurityAction.Deny values do in declarative security.

 

You should not use the code fragments that specify the SecurityAction.RequestMinimum and SecurityAction.RequestOptional values because attributes with these values can only be applied to the entire assembly, not individual classes within an assembly. You should use the SecurityAction.Demand value.

 

You should not use the code fragment that invokes the Assert method because all callers must have permission to access the file system. The Assert method indicates that only one caller needs the permission. You should use the Demand method.

 

You should not use the code fragment that invokes the Request method because no such method exists in the CodeAccessPermission or FileIOPermission class. In imperative security, you cannot perform requests, only demands and overrides. You should invoke the Demand method.

 

Reference:
MSDN2 Library > Development Tools and Languages > Visual Studio > .NET Framework Programming in Visual Studio > Security in Native and .NET Framework Code > Security in the .NET Framework > Code Access Security > Code Access Security Basics > Security Syntax > Declarative Security

 

MSDN2 Library > Development Tools and Languages > Visual Studio > .NET Framework Programming in Visual Studio > Security in Native and .NET Framework Code > Security in the .NET Framework > Code Access Security > Code Access Security Basics > Security Syntax > Imperative Security

 

MSDN2 Library > .NET Development > .NET Framework SDK > Class Library Reference > System.Security.Permissions > SecurityAction Enumeration

 

MSDN2 Library > .NET Development > .NET Framework SDK > Class Library Reference > System.Security > CodeAccessPermission Class > CodeAccessPermission Members

Like what you see? Share it.Share on Google+Share on LinkedInShare on FacebookShare on RedditTweet about this on TwitterEmail this to someone
cmadmin

ABOUT THE AUTHOR

Posted in Archive|

Comment: