-----------------------------------------------------------
New Message on BDOTNET
-----------------------------------------------------------
From: Nasha
Message 1 in Discussion
Hi All, Permissions View Tool is shipped with .Net FrameWork. This tool is used to
view the Declarative and Requested permissions set on an assembly. So let us create
an assembly set some requested and declarative permissions on it and view them with
Permview. Let us start by creating an assembly and setting some Requested
permissions on it. 1) Open a new WindowsApplication.
2) Add a button to the form named Button1.
3) Add a Class to this Application Named MyClass.
4) Add a method to this class named Add which adds to numbers and returns the result.
5) In the Button Click event of Button1 call the Add method of the MyClass as shown
below. MyClass myClass = new MyClass();
MessageBox.Show(myClass.Add(1,2).ToString()); 6) Run the application. click on the
Button and you will get the result as "3".Now we will add requested permission to this
assembly. 7) Go to AssemblyInfo.cs and add the below lines [assembly:
FileIOPermission(SecurityAction.RequestMinimum,Write="c:\\")]
[assembly: UIPermission(SecurityAction.RequestRefuse, Window =
UIPermissionWindow.AllWindows)] By setting these permissions we say that to execute
this application minimum write permission on C: is required. Along with that we have
also requested an another UI permission which refuses to show any windows on the
screen hence no forms or message boxes will be displayed.
8) Run the application. The form will not be loaded instead you will see the below
error message: Additional information: Request for the permission of type
System.Security.Permissions.UIPermission, mscorlib, Version=1.0.3300.0,
Culture=neutral, PublicKeyToken=b77a5c561934e089 failed. 9) We can vew the
permissions set on an assembly with permview.exe.
10) Go to VS.Net command prompt and go to the folder which contains your application
exe.
11) Type the following command :permview WindowsApplication2.exe <or your application
name>
12) You will see all the permissions set on the assembly as below: minimal
permission set:
<PermissionSet class="System.Security.PermissionSet"
version="1">
<IPermission class="System.Security.Permissions.FileIOPermission, mscorlib,
Version=1.0.3300.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" version="1"
Write="c:\"/>
</PermissionSet> optional permission set:
Not specified refused permission set:
<PermissionSet class="System.Security.PermissionSet"
version="1">
<IPermission class="System.Security.Permissions.UIPermission, mscorlib, Versi
on=1.0.3300.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
version="1"
Window="AllWindows"/>
</PermissionSet> 13) Since we have set RequestRefuse permission for UIPermission we
were unable to see the form so let us change that to RequestOptional as follows :
[assembly: UIPermission(SecurityAction.RequestOptional, Window =
UIPermissionWindow.AllWindows)] These permissions on the assesmbly that we saw
were erquested permissions on the assembly. Permview is also used to view declarative
security on classes or methods.
15) Let us add Declarative security to our MyClass as follows: [PrincipalPermission
(SecurityAction.Demand, Role="Administrator")] // add this above the class declaration
16) According to the above permission only those users who belong to the
"Administrator" role will be able to instantiate this class or call any method on this
class. 17) Let us view the declarative security of this class.
18) Go to the VS.NET command prompt and type the following command : permview /decl
WindowsApplication2.exe. Note : - "/decl" shows the declarative permissions set on
the classs and methods of the assembly.
19) You will see the class declarative permissions (as shown below) along with the
requested assembly permissions. Class WindowsApplication2.Class1 NonCasDemand
permission set:
<PermissionSet class="System.Security.PermissionSet"
version="1">
<Permission class="System.Security.Permissions.PrincipalPermission, mscorlib,
Version=1.0.3300.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
version="1">
<Identity Authenticated="true"
ID="mycomputer\Administrator"/>
</Permission>
</PermissionSet> 20) You will be able to execute the method call if the current user
is an Administrator on the machine. In this way we can use Permview.exe to view the
declarative and requested permissions set on any assembly. There are 3 types of
requested permissions which can be granted on assembly : Minimum permissions:
(RequestMinimum) Permissions your code must have in order to run.
Optional permissions: (RequestOptional) Permissions your code can use, but can run
effectively without.
Refused permissions: (RequestRefuse) Permissions that you want to ensure will
never be granted to your code, even if security policy allows them to be granted.
-- Please post your queries and comments for my articles in the usergroup for the
benefit of all. I hope this step from my end is helpful to all of us.
Regards,
Namratha (Nasha)
-----------------------------------------------------------
To stop getting this e-mail, or change how often it arrives, go to your E-mail
Settings.
http://groups.msn.com/BDOTNET/_emailsettings.msnw
Need help? If you've forgotten your password, please go to Passport Member Services.
http://groups.msn.com/_passportredir.msnw?ppmprop=help
For other questions or feedback, go to our Contact Us page.
http://groups.msn.com/contact
If you do not want to receive future e-mail from this MSN group, or if you received
this message by mistake, please click the "Remove" link below. On the pre-addressed
e-mail message that opens, simply click "Send". Your e-mail address will be deleted
from this group's mailing list.
mailto:[EMAIL PROTECTED]
