The .net Framework 4 brings in new meaning to security .Its very handy .Here the Framework classify the code into 3 Types
SecurityCritical: This code can only be accessed by fully trusted callers
SecuritySafeCritical: this code can access by partially trusted Callers
SecurityTransparent: This code is not trusted or the code with lowest privilege
Each of these could be demonstrated with an example
Scenario 1: Security Transparent Code Accessing Security Critical Code
Scenario 2: Security Critical Code Accessing Security Critical Code
Scenario 3: How to allow some methods to be accessible by Security Transparent Code
Scenario 1: Security Transparent Code Accessing Security Critical Code
Caller Code in one Assembly
using System.Security;
using CalleeLibrary ;
[ assembly:SecurityTransparent ]
namespace Caller
{
class Program
{
static void Main (string[] args)
{
Callee callee = new Callee ("Tom");
callee.GetDetails() ;
}
}
}
Callee Code in Second Assembly
using System;
using System.Security;
[assembly: SecurityCritical]
namespace CalleeLibrary
{
public class Callee
{
private string Name;
public Callee(string name)
{
Name = name;
}
public void GetDetails()
{
Console.WriteLine("Name passed From Caller:" + Name);
}
}
}
The Reason here is that a SecurityTransparent Assembly cannot Access the Security CriticalCode
Scenario 2: Security Critical Code Accessing Security Critical Code
Mark the Calling Assembly with SecurityCritical to set it right
Callee Library code
using System.Security;
using CalleeLibrary ;
[ assembly:SecurityCritical ]
namespace Caller
{
class Program
{
static void Main (string[] args)
{
Callee callee = new Callee ("Tom");
callee.GetDetails() ;
}
}
}
As result of which you code starts running.
Scenerio3: How to Allow some methods to be accessible by Security Transparent Code
using System.Security;
using CalleeLibrary ;
[ assembly:SecurityTransparent ]
namespace Caller
{
class Program
{
static void Main (string[] args)
{
Callee callee = new Callee ("Tom");
callee.GetDetails() ;
}
}
}
Mark the Callee Assembly with AllowPartiallyTrustedCallers and mark the code which are to be accessed by SecurityTransparent code with SecuritySafeCritical Attribute
Following table represents the observations thatvwhere the observation which were made When Assembly A1 and A2 where applied the following attributes A1 refers to the caller Assembly and A2 refers to the Callee Assembly
A1 -rows/A2 -columns | SecurityCritical | SecurityTransparent | SecuritySafeCritical |
SecurityCritical | yes | yes | yes |
SecurityTransparent | no | yes | no |
SecuritySafeCritical | yes | yes | yes |
The table below gives an Idea about the scope of the security Attributes with respect to the language constructs
Attribute | Namespace/Assembly | Class | Method/Constructor | Property | Member |
SecurityCritical | yes | yes | yes | No | yes |
Security Transparent | yes | yes | no | No | no |
SecuritySafeCritical | no | yes | yes | no | Yes |
AllowPartiallyTrustedCallers | yes | no | no | no | no |
