Code Access Security with .NET Framework and C#

Code Access Security or CAS allows managing application security in a very similar way we manage user security. We can use CAS to authorize application to write to registry for instance. In general, we can use pretty much the same security capabilities as our OS by allowing access to folders and files, printers, network and etc…

The way Code Access Security identifies application is by utilizing Evidence. Evidence stores such info as assembly location, hash of the assembly, assembly signature and code group assembly belongs to. Code Group is important to us since it provides such critical information as permission set. Evidence is usually gathered during runtime. Evidence can be of two types. One is host evidence that provides info about directory, URL, host and assembly evidence that programmer can use to store custom information.

Evidence types

 

EvidanceDescription
Application directory The directory with the assembly
Hash Hash of the assembly
Publisher Assembly's digital signature
Site The site for the assembly
Strong Name Strong name of the assembly
URL The URL for the assembly
Zone The zone in which the assembly is running

Code Access Security has access control entry called permission.

 

PermissionDescription
Directory Services Grants access to the AD
DNS Manages access to submit DNS req’s
Environment Variables Manages access to environment variables
Event Log Manages access to event logs
File Dialog Manages access for Open dialog box
File IO Manages access to files and folders
Isolated Storage File Manages access to isolated storage
Message Queue Manages access message queues
Performance Counter Manages whether an assembly can read or write performance counters
Printing Manages capability to print
Reflection Manages discovery members and type informations in other assemblies
Registry Manages access to registry keys
Security Manages access to various CAS features
Service Controller Manages services that can browse or control
Socket Access Manages initiate TCP/IP connections
SQL Client Manages access SQL Server
User Interface Manages creation of new windows
Web Access Manages access Web sites
X509 Store Manages access to the X509 certificate store

Code Access Security has Access Control List which has permission set.

 

Permission SetDescription
FullTrust Exempts from CAS permission checks
SkipVerification Enables to bypass permission checks
Execution Enables to run and grants no other permissions
Nothing Grants no permissions to an assembly
LocalIntranet Grants a generous set of permissions
Internet Grants a restricted set of permissions
Everything Grants assemblies all permissions

Code Groups as it was mentioned before is another component of Code Access Security and it manages and assigns Assemblies with permission sets. We use .NET Configuration tool mscorcfg.msc to perform this operation.

 

Code GroupEvidencePermission Set
My_Computer_Zone My Computer FullTrust
LocalIntranet_Zone Local Intranet LocalIntranet
Internet_Zone Internet Internet
Restricted_Zone Untrusted sites Nothing
Trusted_Zone Trusted sites Internet

There is also concept of Security Policy which is nothing more then a grouping of Code Groups. Security Policy is playing a major role at setting CAS at multiple levels. There are several levels that we need to be aware of: Enterprise which configured at AD level, Machine configured at machine level, User, and App. domain.

Code Access Security is different from Windows OS Security and it has to go through Windows Security first before hitting Hard Disk

We can manage Code Access Security using .NET Configuration Tool or Code Access Security Policy Tool which command line tool. For instance if we decide to use CAS Policy Tool we will run this line of code caspol.exe:

Caspol -addfulltrust assemblyname.exe

CAS is useful only for partially trusted assemblies and not in fully trusted assemblies.