Programming .NET Security : Extending the .NET Framework (part 2) - Using the AuthorMembershipCondition Membership Condition

- Free product key for windows 10
- Free Product Key for Microsoft office 365
- Malwarebytes Premium 3.7.1 Serial Keys (LifeTime) 2019

3. Building the AuthorMembershipCondition Assembly

For convenience, you could build all of the Author-related security classes into a single assembly. This would simplify security administration if you needed to distribute CAS extensions to third parties, but because the Author class is evidence, you would need to add the assembly to the fully trusted assembly list of every policy level. This would grant the assembly full trust at runtime, which many people would find unacceptable.

For the purpose of an example, build AuthorMembershipCondition into its own assembly using the following command. 

# C#

csc /t:library /reference:Author.dll AuthorMembershipCondition.cs

# Visual Basic .NET

vbc /t:library /reference:Author.dll AuthorMembershipCondition.vb

4. Using the AuthorMembershipCondition Membership Condition

The Microsoft .NET Framework Configuration tool (Mscorcfg.msc) provides a graphical interface through which you can configure security policy. Mscorcfg.msc implements specific support for the standard membership condition classes and provides user-friendly interfaces through which you can configure their membership condition parameters. However, the support for using custom membership conditions is rudimentary, requiring you to import an XML fragment describing the membership condition to use. This XML is the result of calling ToXml( ).ToString( ) on a custom membership condition object.

In this example, we will use the Code Access Security Policy tool (Caspol.exe) to configure a code group in the user policy level that uses AuthorMembershipCondition to evaluate membership. We will describe the Caspol.exe commands necessary to perform this configuration.

4.1. Installing security assemblies

Assemblies that provide CAS extensions (such as the AuthorMembershipCondition.dll assembly) must be fully trusted by the policy level in which they are used. To make AuthorMembershipCondition.dll fully trusted by the user policy level, execute the following commands from the directory where the AuthorMembershipCondition is located:

gacutil -i AuthorMembershipCondition.dll
caspol -user -addfulltrust AuthorMembershipCondition.dll

The first command installs AuthorMembershipCondition into the global assembly cache (which you must do before you can make it a fully trusted assembly). The second command makes AuthorMembershipCondition a fully trusted assembly in the user policy level.

4.2. Generating AuthorMembershipCondition XML

You must create an XML representation of the membership condition you want to assign to the code group. Although the required XML is simple enough that you could create it manually, it is much easier and safer to instantiate an AuthorMembershipCondition object and write the contents of the SecurityElement returned by the ToXml to disk.

If you distribute custom membership condition classes to users or customers, we advise you to create a simple utility to perform the creation of the required XML fragments. The CreateAuthorMembership class takes an author name as a command-line argument, instantiates an AuthorMembershipCondition object, and writes an XML representation of it to disk:

# C#

using System;
using System.IO;
using ORA.DotNetSecurity.Policy;

public class CreateAuthorMembership {

    public static void Main(string[] args) {
        // Create a new AuthorMembershipCondition based
        // on the name of the author provided
        AuthorMembershipCondition amc = 
            new AuthorMembershipCondition(args[0]);
        // Generate the name of the XML output file
        String file = args[0] + ".xml";
        // Render the AuthorMembershipCondition to 
        // XML and write it to a file       
        StreamWriter strm = new StreamWriter(file);
        strm.Write(amc.ToXml(  ).ToString(  ));
        strm.Close(  );
            // Display result
            Console.WriteLine("Created author membership condition : " + 

# Visual Basic .NET

Imports System
Imports System.IO
Imports ORA.DotNetSecurity.Policy
Public Class CreateAuthorMembership
    Public Shared  Sub Main(ByVal args(  ) As String)
        ' Create a new AuthorMembershipCondition based
        ' on the name of the author provided
        Dim amc As AuthorMembershipCondition = _
            New AuthorMembershipCondition(args(0))
        ' Generate the name of the XML output file
        Dim file As String =  args(0) + ".xml" 
        ' Render the AuthorMembershipCondition to 
        ' XML and write it to a file       
        Dim strm As StreamWriter =  New StreamWriter(file) 
        strm.Write(amc.ToXml(  ).ToString(  ))
        strm.Close(  )
            ' Display result
            Console.WriteLine("Created author membership condition : " & _ 
    End Sub
End Class


Build the CreateAuthorMembership utility using the following command, remembering the dependency on the AuthorMembershipCondition.dll library:

# C#

csc /reference:AuthorMembershipCondition.dll CreateAuthorMembership.cs

# Visual Basic .NET

vbc /reference:AuthorMembershipCondition.dll CreateAuthorMembership.vb

Run the command CreateAuthorMembership Peter to create the XML representation of an AuthorMembershipCondition that matches Author evidence for the author "Peter." Here is the content of the Peter.xml file. The PublicKeyToken value will change based on the keys you used to give create a strong name:

<IMembershipCondition class="ORA.DotNetSecurity.Policy.
AuthorMembershipCondition, AuthorMembershipCondition, 
Version=, Culture=neutral, PublicKeyToken=cc5e18bc387194b3"

4.3. Configuring security policy

With the Author.dll assembly configured as a fully trusted assembly in the user policy level, you are ready to create a code group whose membership condition is based on Author evidence. Type the following command:

caspol -user -addgroup All_Code -custom Peter.xml FullTrust 
-name "Peter's code" -description "Code group grants all 
code written by Peter full trust"

Here is a summary of the arguments used in this command:


Specifies that the command is to affect the user policy level

-addgroup All_Code

Specifies that you want to add a new child code group to the existing group with the label "All_Code"

-custom Peter.xml FullTrust

Specifies that you are adding a custom membership condition contained in the file Peter.xml and that the permission set granted by the code group is the named permission set "FullTrust"

-name "Peter's code"

Specifies the name of the new code group

-description "Code group grants all code written by Peter full trust"

Specifies a description for the new code group

Depending on how Caspol.exe is configured, it may prompt you to confirm the change your are about to make with the following message:

The operation you are performing will alter security policy.
Are you sure you want to perform this operation? (yes/no)

Entering "yes" updates the user security policy and commits the changes to disk; you will see the following message:

Added union code group with "-custom" membership condition to the User level.


5. Testing Custom Membership Conditions

The easiest way to test the extensions to the policy resolution process is to use the Caspol.exe tool. We embedded Author evidence in an assembly named HelloWorld.exe. We can use Caspol.exe and the HelloWorld.exe assembly to show that the "Peter's code" code group does detect Author evidence and evaluate it correctly. Type the following command from the directory where HelloWorld.exe is located:

caspol -user -resolvegroup HelloWorld.exe

Caspol.exe produces the following output, showing that HelloWorld.exe is a member of the code group "Peter's code":

Microsoft (R) .NET Framework CasPol 1.0.3705.288
Copyright (C) Microsoft Corporation 1998-2001. All rights reserved.

Level = User

Code Groups:

1.  All code: FullTrust
   1.1.  Author - Peter: FullTrust

Top 10
Free Mobile And Desktop Apps For Accessing Restricted Websites
TOYOTA CAMRY 2; 2.5 : Camry now more comely
KIA SORENTO 2.2CRDi : Fuel-sipping slugger
How To Setup, Password Protect & Encrypt Wireless Internet Connection
Emulate And Run iPad Apps On Windows, Mac OS X & Linux With iPadian
Backup & Restore Game Progress From Any Game With SaveGameProgress
Generate A Facebook Timeline Cover Using A Free App
New App for Women ‘Remix’ Offers Fashion Advice & Style Tips
SG50 Ferrari F12berlinetta : Prancing Horse for Lion City's 50th
- Messages forwarded by Outlook rule go nowhere
- Create and Deploy Windows 7 Image
- How do I check to see if my exchange 2003 is an open relay? (not using a open relay tester tool online, but on the console)
- Creating and using an unencrypted cookie in ASP.NET
- Directories
- Poor Performance on Sharepoint 2010 Server
- SBS 2008 ~ The e-mail alias already exists...
- Public to Private IP - DNS Changes
- Send Email from Winform application
- How to create a .mdb file from ms sql server database.......
programming4us programming4us