policy files and .Net Configuration tool? -- dotnet security

Nicole Calinoiu
6/9/2005 10:45:19 AM

The policy established via the .NET configuration tools specifies the
permission grants for all .NET assemblies run on the machine, not just those
run via ASP.NET. ASP.NET adds another layer of policy that can be used to
further restrict these permission grants. This policy is configured via the
"policy files" to which you referred. Since this additional policy layer is
applied by ASP.NET, it only affects applications run under ASP.NET.

[quoted text, click to view]

Christian
6/10/2005 10:59:32 AM

Thanks for clearing that up...

That means that having policy files just make it able to have more
restrictions on assemblies running in IIS..

I have a scenario where I just want to use CAS to make shure that the
calling assemblies are signed from me.. This means that I might as well just
use the Configuration tool for this, right!

Thangs again Nicole!
Regards
Christian

[quoted text, click to view]

Nicole Calinoiu
6/12/2005 8:29:32 AM

[quoted text, click to view]

Not sure about that. Usually one uses StrongNameIdentityPermission (or
PublisherIdentityPermission, depending on what kind of signing you're using)
demands for this. AFAIK, there's no way to set policy to prevent assemblies
without a specified signature from calling into a given assembly.

BTW, if you are thinking about using identity permissions demands for
limiting callers, you should be aware that these are pretty trivially
bypassed by highly/fully trusted code. In v. 1.x of the framework, this
bypass requires deliberate action in most cases, but fully trusted code will
automatically pass all identity permission demands in v. 2.0.

[quoted text, click to view]

Got something to say? Click here to post a reply to this thread.

Don't see what you're looking for? Try a search.

View other messages about dotnet security

dotnet security : policy files and .Net Configuration tool?