Programming .NET Security : Using the Code-Access Security Policy Tool (part 2) - Evaluating Security Policy

- Free product key for windows 10
- Free Product Key for Microsoft office 365
- Malwarebytes Premium 3.7.1 Serial Keys (LifeTime) 2019

3. Evaluating Security Policy

Caspol.exe also allows you to test an assembly to determine which code groups it is a member of and, consequentially, the runtime would grant to it when loaded. To determine which groups an assembly is a member of, use the -resolvegroup flag and specify the assembly name as follows:

caspol -resolvegroup HelloWorld.exe

Depending on the evidence of the assembly and the configuration of security policy, the output will look similar to this:

Microsoft (R) .NET Framework CasPol 1.0.3705.288
Copyright (C) Microsoft Corporation 1998-2001. All rights reserved.

Level = Enterprise

Code Groups:

1.  All code: FullTrust
   1.1.  Url - file://C:/development/*: FullTrust (Exclusive)
   1.2.  All code: FullTrust
      1.2.1.  All code: Internet

Level = Machine

Code Groups:

1.  All code: Nothing
   1.1.  Zone - MyComputer: FullTrust

Level = User

Code Groups:

1.  All code: Nothing
   1.1.  Zone - MyComputer: FullTrust


To view the permission granted to an assembly, use the -resolveperm flag, as shown here:

caspol -resolveperm HelloWorld.exe

The -resolveperm command will display the XML description of the permission set granted to the assembly, similar to that shown here. Notice that the permission set also lists the identity permissions granted to the assembly based on the evidence it presented, as well as the permissions granted by the security policy:

Microsoft (R) .NET Framework CasPol 1.0.3705.288
Copyright (C) Microsoft Corporation 1998-2001. All rights reserved.

Resolving permissions for level = Enterprise
Resolving permissions for level = Machine
Resolving permissions for level = User

Grant =
<PermissionSet class="System.Security.PermissionSet"
   <IPermission class="System.Security.Permissions.UrlIdentityPermission, mscorl
ib, Version=1.0.3300.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
   <IPermission class="System.Security.Permissions.ZoneIdentityPermission, mscor
lib, Version=1.0.3300.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"



Both the -resolvegroup and -resolveperm commands allow you to specify a target policy level, in which case the assembly is only evaluated against that policy level. If you do not specify a policy level, the default target -all is used.

4. Forcing Security Changes

Caspol.exe is a managed application that relies on obtaining a high level of trust from the runtime in order to perform management of the security system. When you execute any of the commands we discussed in the previous sections, Caspol.exe will test to see if the changes will result in Caspol.exe being unable to run correctly in the future; Caspol.exe will refuse to make such changes and display the following message:

Microsoft (R) .NET Framework CasPol 1.0.3705.288
Copyright (C) Microsoft Corporation 1998-2001. All rights reserved.

This operation will make some or all caspol functionality cease to work.  If you
 are sure you want to do this operation, use the '-force' option before the opti
on you just executed.  For example:
    caspol -force -machine -remgroup 1.6

Policy save aborted.


If you want to force the change despite this warning, you must use the -force flag. The following command makes the All_Code code group of the machine policy exclusive. In the default security policy, this will stop all code from running:

caspol -force -machine -chggroup All_Code -exclusive on

5. Resetting Security Policy

A feature of Caspol.exe you will find useful during development is the ability to reset the security policy to its default value. When developing software that manipulates security policy directly, it is not difficult to break security policy to a point where your code will not run. To reset policy levels, use the -reset flag and specify the levels you want to reset:

caspol -user -reset
caspol -all -reset

You can also undo the last change you made with Caspol.exe using the -recover flag, as shown here:

caspol -machine -recover
caspol -all -recover
Top 10
Free Mobile And Desktop Apps For Accessing Restricted Websites
TOYOTA CAMRY 2; 2.5 : Camry now more comely
KIA SORENTO 2.2CRDi : Fuel-sipping slugger
How To Setup, Password Protect & Encrypt Wireless Internet Connection
Emulate And Run iPad Apps On Windows, Mac OS X & Linux With iPadian
Backup & Restore Game Progress From Any Game With SaveGameProgress
Generate A Facebook Timeline Cover Using A Free App
New App for Women ‘Remix’ Offers Fashion Advice & Style Tips
SG50 Ferrari F12berlinetta : Prancing Horse for Lion City's 50th
- Messages forwarded by Outlook rule go nowhere
- Create and Deploy Windows 7 Image
- How do I check to see if my exchange 2003 is an open relay? (not using a open relay tester tool online, but on the console)
- Creating and using an unencrypted cookie in ASP.NET
- Directories
- Poor Performance on Sharepoint 2010 Server
- SBS 2008 ~ The e-mail alias already exists...
- Public to Private IP - DNS Changes
- Send Email from Winform application
- How to create a .mdb file from ms sql server database.......
programming4us programming4us