Advanced .NET Programming

Overview

The .NET Framework offers a rich security infrastructure based on both the identity of the code (code access security, or CAS) and the identity of the account under which it is running (role-based security). In this chapter, we will examine how code access security works, with a particular focus on looking under the hood. Because security is not generally a well-understood subject amongst many developers, I don't assume any prior knowledge of CAS, and will start by explaining the basic concepts. However, in keeping with the advanced nature of this book, I will tour through the basic concepts and syntax fairly quickly, so that we can get on to presenting some examples of applications that take advantage of CAS in fairly sophisticated ways, including defining our own custom permissions.

Given that the CLR offers both role-based and code access security, you might wonder why the security chapter of this book is exclusively concerned with code access security. Unfortunately, it's simply not possible in one chapter to do justice to the entire .NET security infrastructure, especially if we wish to do so at an advanced level. And although role-based security is important, it does to a large extent serve the same role as Windows OS security - it provides protection based on the identity of the process running an application. It is in code access security that the bulk of the new security concepts introduced by .NET can be found, which is why we will focus our attention there. However, role-based security is exposed to code in a very similar manner to CAS, using classes that are specified in XML files, which means that if you have a sound grasp of CAS, you should find it relatively simple to use role-based security as well.

We'll be covering the following topics:

• CAS Concepts. I briefly review the concepts behind CAS, as well as its relationship with native Windows security.

• CAS Policy. We will examine in some detail the default security policy that is applied when you install .NET. This will lead us to a deeper understanding of the concepts that underpin CAS and how they are implemented. We'll also cover the tools that you can use to view and edit security policy, particularly mscorcfg.msc.

• Coding with CAS. I'll review the main techniques for taking advantage of the CAS infrastructure in your code, including both imperative and declarative security.

• CAS Under the Hood. Here we examine what actually happens when some code requests a security permission, and how the security infrastructure identifies and instantiates the appropriate classes to implement the relevant security policy.

• Samples. We will present two large real-world examples that illustrate defining custom security attributes, and using imperative security to demand and assert permissions in order to allow partially trusted code access to resources in a controlled manner.