Solved

CodeDom / Code Access Security - Restrict access to instantiate classes

Posted on 2006-07-16
7
263 Views
Last Modified: 2012-06-27
Hi All,

I'm not all that familar with the Code Access Security model within .NET, and I'm wondering if someone can help me out here (or at least tell me I'm going about it all wrong).

I'm just working my way through how the CodeDom works, and how it can be used to add scripting to an application.

I have a piece of code that is using CodeDom to automatically generate a basic assembly that has a reference to my business objects.  What I want is to be able to restrict the generated code from being able to instantite new instances of my business classes, while still being able to call the methods etc on them.

It is not an option to make the constructors Friend of Private because the classes are current used in multipe assemblies.  Is there a way to specify which assemblies are allowed to create instances of a class?

Here's a sample of the output code.  I want the first function to work , but the second one to fail.

imports MyAssembly.MyObjects

' I want this to work
Public Function EvalCode(obj as MyObject)
      obj.Property1= "BlaBlaBla"
      Return obj.Property1
End Function

' I want this to fail, because I do not want the
' constructor to be able to be called
Public Function EvalCode() As Object
      Dim obj As New MyObject
      obj.Property1= "BlaBlaBla"
      Return obj.Property1
End Function

 Is what I'm looking for possible, or am I going in the wrong direction?

Cheers

Nick
0
Comment
Question by:nickhoggard
  • 3
  • 3
7 Comments
 
LVL 4

Accepted Solution

by:
sr101880 earned 500 total points
ID: 17124803
To get you started,

I think you are on the right path.  From what I've read you will need to place demands on the parts of your code that you don't want to work.  Below I have listed some good resourses for CAS,  most are in C# but I think you will get the picture.

This is a quick overview of CAS:
http://www.codeproject.com/dotnet/UB_CAS_NET.asp

This is a more detailed overview with lots of examples:
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnnetsec/html/THCMCh08.asp

This is a good book that contains VB and C# examples:
http://www.oreilly.com/catalog/prognetsec/

0
 
LVL 5

Author Comment

by:nickhoggard
ID: 17127940
Thanks,  I'll have a read over them when I'm at work tomorrow.  C# is fine ... I'm only working in VB right now because thats what was specified by the project managers.

Cheers

Nick
0
 
LVL 96

Expert Comment

by:Bob Learned
ID: 17129376
Nick,
An application should request an explicit set of permissions, instead of the default Full Trust, in order to cut down on the possibility of being turned into a rogue application by hackers.

Bob
0
Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

 
LVL 4

Expert Comment

by:sr101880
ID: 17175396
Nickhoggard,

     Did you find what you were looking for?
0
 
LVL 5

Author Comment

by:nickhoggard
ID: 17177454
Hi,

Sorry - I had my priorities changed for me on the project and havn't had a chance to get back to this one.  I did have a quick play with it and believe I will end up going with the CodeDom approach using strong named assemblies and requiring the strong name on callers to specific operations.

Thanks

Nick
0
 
LVL 4

Expert Comment

by:sr101880
ID: 17183627
Nick,

It does look like CodeDom would keep a few more hairs on your head. :-)

I did a little reading on CodeDom because I haven't had much exposure on the subject.  I came across this article on attributes and thought it might be useful:

http://www.15seconds.com/issue/021113.htm

From what I understand you can create attributes and assign them to your assemblies to create security levels in your code.

If you don't mind answering a quick question for me, can you give me a real world example of what CodeDom would be used for?  Is the goal of CodeDom simply to speed up your code?

Cheers!
0
 
LVL 5

Author Comment

by:nickhoggard
ID: 17186732
Hi,

The main thing we are looking at it for is expression evaluation within our application.  Initially it was just looking to be basic expressions so I was using the JScript.Eval statement (for stuff like user defined unit conversion expresses, such as converting kgs to pounds).

Then we took that idea a step further and wanted to look at whether we could have user defined fields within our business objects.  The idea was that the user to build the field based on other data within the object.  For example the object might declare a date for an event.  Using the expressions we wanted the user to be able to add a user defined field that could return the number of days to that event.  Take that a step further, and perhaps the user can call an external stats package to perform calculations for the derived field.

The other thing I was looking at was whether we could use this to allow users to implement custom validation rules when adding new business objects to a collection, or for saving them etc.  We have a scenario where it is common for one client to say 'we only allow this if ...' and another would do it quite differently.  What I'm hoping is that using CodeDom we might be able to implement some of these rules without the need to deloy different compiled assemblies to each client.

The main concern I had was that by allowing access to the business objects for use in the expressions they could also gain access to more restricted resources (such as calling the data tier).  The other potential problem is that .NET wont unload assemblies, but I think I can get around this by caching a reference to the assembly, rather than recompiling it for every call.

At this stage I havn't been given the ok to go ahead with development on this yet, so there may still be more issues to contend with but it all seems to work ok in a prototyping state.

Thanks for your help with this one.

Cheers

Nick
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Replacing HTML tags in Textarea/Textbox 5 48
Check if number is currency 15 31
Visual Studio 2013 Shortcut (VB) 4 34
Vb.net dynamic formulas in runtime 11 63
This article explains how to create and use a custom WaterMark textbox class.  The custom WaterMark textbox class allows you to set the WaterMark Background Color and WaterMark text at design time.   IMAGE OF WATERMARKS STEPS Create VB …
A while ago, I was working on a Windows Forms application and I needed a special label control with reflection (glass) effect to show some titles in a stylish way. I've always enjoyed working with graphics, but it's never too clever to re-invent …
This is used to tweak the memory usage for your computer, it is used for servers more so than workstations but just be careful editing registry settings as it may cause irreversible results. I hold no responsibility for anything you do to the regist…
Many functions in Excel can make decisions. The most simple of these is the IF function: it returns a value depending on whether a condition you describe is true or false. Once you get the hang of using the IF function, you will find it easier to us…

867 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now