Writing Secure Code in CSharp

writing Secure Code using CSharp submitted by User Level Date of submissionC.vinodh kumarintermediate04/06/2001
Mobile code, which come from various sources like e-mail, documents and downloaded Code over the Internet are the main CAU Se for the damage, destroy or copy private data. Protect computer systems from malicious mobile code and to provide a way to allow mobile code to run safely, th E. NET Framework provides a security mechanism called code Access security.
The code access security is a mechanism this controls the access code has to protected and operations. NET Framework, code access security performs functions like defining Permission, enables administrators to configure Secur ity policy, allows code to request permissions it requires into order to run, grants permissions to each assembly that I s loaded, based on the permissions requested by the code and enables code to demand this its callers have specific Permiss ions.
Code access security are a mechanism that grants/denies access to within a. For example, code written by a who may be allowed to write to the disk while code from another one could be forbidden fro M accessing the disk. This control can was enforced even if the code written by both of them are used within a single application.
System.Security Namespace provides the underlying structure of the. NET Framework security system, including interfaces, a Ttributes, exceptions, and base classes for permissions and CodeAccessPermission class defines the underlying structure of All code access permissions.
Let-a sample application, which attempts to access a disk file and a environment variable.
Code shown below'll create permission to set Read access to TEMP environment and full access to some files. Before changing every file would be have a default permission set.

Create a permission set that allows read access to the TEMP
environment variable and read, write, and append access to Somefile from
Default permission
PermissionSet PS = new PermissionSet (permissionstate.none);
Ps. Addpermission (
New EnvironmentPermission (Environmentpermissionaccess.read, "TEMP"));
Adding various type of file level permission
Ps. Addpermission (
New FileIOPermission (FileIOPermissionAccess.Read |
Fileiopermissionaccess.write | Fileiopermissionaccess.append,
"Somefile"));
Make the permissions indicate all so we ' re allowed to do.
Ps. Assert ();

PermissionSet class (in System.Security) represents a collection with it contains many different of kinds, and Supports the methods that use and modify those permissions. We can add, remove, assert, Deny and copy permission.
Deny access to the resources we specify
Ps. Deny ();
Make the permissions indicate the "only things" we ' re allowed to do.
Ps. PermitOnly ();
Remove the fileiopermissions from the permission set
Ps. Removepermission (typeof (FileIOPermission))
Remove the environmentpermission from the permission set
Ps. Removepermission (typeof (EnvironmentPermission));
Deny method prevents callers from accessing the protected resource even if they have been granted permission to access it. Pemitonly ensures that only the "specified by" permission object can be accessed, even if the code has been granted permission to access. FileIOPermissionAccess Specifies the actions that can is performed on the file or folder. EnvironmentPermission Class as the ability to query and modify system and user environment variables.
Conclusion:We have seen how to write a secure code using the publicly available. Net SDK. Although what I have shown you are simple in functionality to can even create your own code access permission and much mor E advance security futures in code.

Source Code: codesecureusingcsharp1.zip 2k