ASP.NET 2.0 Security Practices - Code Access Security

From Guidance Share

Jump to: navigation, search

How to use code access security in ASP.NET

Administrators can use code access security trust levels with ASP.NET to isolate applications and to restrict which resource types they can access and which privileged operations they can perform. The ability to isolate applications is particularly important in hosted environments, where multiple applications share the same server.


To use code access security in ASP.NET, you need to evaluate requirements, choose a trust level, and configure the application to use the appropriate trust level.


To use code access security in ASP.NET:

  1. Evaluate the required permissions. You can do this by either doing a manual code review or by using the PermCalc tool to help calculate the required permissions.
  2. Choose a standard trust level (High, Medium, Low, or Minimal) that meets application requirements. Ensure that you do not grant more permissions than needed. If you do not find a perfect match with standard trust levels, create a custom trust policy to meet application requirements.
  3. If your application needs medium trust, configure the application to use the trust level as shown here.
    <system.web>
      ...
      <trust level="Medium" originUrl="" />
      ...
    </system.web>
    ... 
    


For more information, see How To: Use Code Access Security in ASP.NET 2.0.


How to use custom trust levels with code access security in ASP.NET

To use a custom trust level, create a custom trust file based on the existing trust file that most closely matches your application requirements.


To create a custom level and configure an application to use it:

  1. Identify the trust level that satisfies most of your application's permission requirements.
  2. Copy the trust policy file for that level to create a custom trust policy file, for example web_CustomTrust.config.
  3. Add the additional permissions required. For example, to add the registry permission to a custom trust policy file:
    Add a <SecurityClass> element.
       <SecurityClass Name="RegistryPermission"     
         Description="System.Security.Permissions.RegistryPermission, mscorlib, Version=2.0.0.0, 
            Culture=neutral, PublicKeyToken=b77a5c561934e089"/>
    

    Add an <IPermission> element to the "ASP.Net" named permission set.

        <PermissionSet
          class="NamedPermissionSet"
          version="1"
          Name="ASP.Net">
          ...
             <IPermission
                 class="RegistryPermission"
                 version="1"
                 Unrestricted="true" />
             ...
        </PermissionSet>
    
  4. Configure your application's root Web.config file to make your application use the custom trust policy file.
    ...
    <location allowOverride="false">
     <system.web>
       <securityPolicy>
         <trustLevel name="Custom"  
                     policyFile="web_CustomTrust.config" />
       </securityPolicy>
       <trust level="Custom" originUrl="" />
     </system.web>
    </location>
    


How to run in Medium trust

Medium trust ASP.NET 2.0 applications can now access SQL Server databases. Running at Medium trust is particularly useful for environments where multiple applications run on the same server and you need to ensure that applications are isolated from one another and from shared system resources.


By running in Medium trust, applications have no access to unmanaged code, and file access is restricted to the application's own virtual directory hierarchy. Applications also have no access the registry, the event log, or OLE DB data sources. Your code is unable to use reflection, and it can only communicate with specific servers identified by the originUrl attribute on the <trust> element.


To configure applications to run with Medium trust, set the level attribute of the <trust> element in the machine-level Web.config as shown here.

<location allowOverride="false">
 <system.web>
...
   <trust level="Medium" originUrl="" />
...
 </system.web>
</location>

By setting allowOverride="false" on the <location> element, you prevent an individual application's Web.config file from overriding the machine-wide policy. Use the originUrl attribute to determine which HTTP servers applications can communicate with.


If you need additional permissions beyond those granted by Medium trust policy, create a custom policy file and add the necessary permissions as described in How to use custom trust levels with code access security in ASP.NET. For more information, see How To: Use Medium Trust in ASP.NET 2.0.

Personal tools