Geeks With Blogs
Blog Moved to Blog Moved to
In previous posts, I've talked about SqlClient permissions, Visual Studio 2005 improvements, strong names among other things.  Today, we're going look at some of the ways to secure a web application.
So, let's bring ZoneIdentityPermission and ZoneIdentityPermissionAttribute into the picture.  This class allows the developer, through code, to specify the zone in which this code can be called.  This mechanism for determining the location of the calling code is through Internet Explorer Zones. 
In the SecurityZone enumeration, you have the following values:
Internet The default zone for those sites that do not belong to any other zone.
Intranet Higher level of security due to being inside the company's firewall.
MyComputer Zone for content on the user's local machine.
NoZone None specified
Trusted This zone contains a higher level of trust for those sites on the general internet. These sites must be mapped by the user.
Untrusted This zone contains the most restrictive settings for sites on the internet. These sites must be mapped by the user.
Now that we have covered the basics as to which zones we can use, let's go into how we can use them.  Let's say for the moment that we have a utilities class that can only be accessible from the intranet only and we will check at link time.  Here is how we would go about doing that:
[ZoneIdentityPermission(SecurityAction.Demand, Zone=SecurityZone.Intranet)]
public class SharedUtilities { ... }
Lastly, we have a requirement to make sure the calling assembly has at least the permission to call our assembly in the Trusted Zone.  Here is how we would accomplish this:
[assembly: ZoneIdentityPermission(SecurityAction.RequestMinimum, Zone=SecurityZone.Trusted)]
As we continue down the path to secure apps, I will probably take the next couple of posts to step back at a higher level to look at the SecurityAction among other things.
Posted on Monday, May 15, 2006 10:47 AM .NET , C# | Back to top

Comments on this post: .NET Code Access Security - ZoneIdentityPermission

No comments posted yet.
Your comment:
 (will show your gravatar)

Copyright © Matthew Podwysocki | Powered by: