70-536: Chapter 11

Application Security

 Permissions:

1. CAS Code Access Security.
2. System to authorize MANAGED assys to access system resources
3. Resources:
4. File IO
5. Isolated File Storage
6. Message Q
7. Performance Counters
8. Reflection
9. Security
10. Service Controller
11. Socket Access
12. SQL client
13. User interface
14. Registry
15. Printers
16. DNS
17. X509 Store
18. Web Access
19. Active Directory
20. Environment Variables
21. Event Log
22. File Dialog

Permission Set

eg Internet Default Permission Set

1. File Dialog
2. Isolated Storage File
3. Security
4. User Interface
5. Printing

eg Local Intranet Default Permisison Set

1. File Dialog
2. Isolated Storage File
3. Security
4. User Interface
5. Printing
6. Reflection
7. DNS
8. Environment Variables

7 Default permission Sets

1. FullTrust SKIPS CAS CHECKS
2. SkipVerification
3. Execution
4. Nothing  NOT VERY USEFULL (even denies execution!)?
5. Local Intranet
6. Internet
7. Everything Same as Full Trust but does not skip CAS checks

Code Groups are authorization devices that associate assemblies with permission sets.  Assemblies get group membership when they meet the evidence specified in the code group membership condition.
For example code running from the internet should be a member of the Internet_Zone code group and the default membership condition is that the host presents Zone evidence and that the piece of Zone Evidence identifies the assembly as being in the Internet Zone.


Using .Net Framework 2.0 Configuration