开发者

Assembly Declarative Security - Request Optional

问答 作者:

I am trying to limit CAS privileges to one specific domain. I am doing this at the assembly level using the attribute syntax. This assembly is run on the loca开发者_如何学运维l machine and therefore the OS is granting the assembly full trust but I would expect the following to bomb.

Why does it not throw an exception when I connect to google? Here is an example:

  [assembly: WebPermission(SecurityAction.RequestOptional, ConnectPattern = @"http://msdn\.microsoft\.com/.*")]
class Program
{
    private static WebClient client = new WebClient();

    static void Main(string[] args)
    {
        try
        {
            PermissionSet permSet = new PermissionSet(PermissionState.None);
            permSet.AddPermission(new FileIOPermission(FileIOPermissionAccess.Write, Environment.CurrentDirectory));
            permSet.Demand();

            //client.DownloadFile(@"http://msdn.microsoft.com/en-us/library/ms247123(VS.80).aspx", @"ms247123(VS.80).aspx");
            client.DownloadFile(@"http://www.google.com", @"goole.htm");
        }

        catch
        {
            Console.WriteLine("Insuffcient Privaleges");
        }


    }
}

Notice the assembly CAS declaration. I am trying to restrict the WebPermissions to only domains that match this pattern http://msdn.microsoft.com/.*

What am I doing wrong?

Thanks!

What Framework version are you using? Framework 4.0 no longer enforces declarative security at the assembly level.

http://msdn.microsoft.com/en-us/library/ee191568.aspx

继续阅读:.netsecurity

更多精彩内容

0

上一篇:

下一篇:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

最新问答

问答排行榜

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,

如存在版权或非法内容,欢迎举报,我们将尽快予以删除。

Copyright © 2018-2020 开发者. All rights reserved.

Powered by 开发者

ICP备案号: 京ICP备10032868号-9