ASP. NET code access security

One of the main advantages of using ASP. NET to host multiple web sites is: Support for public language runtime LibrariesCodeAccess Security helps protect server applicationsProgramSecurity. Based on evidence of the code source (for example, evidence of an assembly with a strong name or a URL of the source), the code is allocated to the security zone category. If security mechanisms cannot be configured for applications installed on the public server, Asp. the Code on the net page that belongs to one application will be able to read files from another application (such as web. config file ). Applications Running in full trust mode are restricted only by operating system accounts that execute these applications under this account.

By forcibly naming the Assembly and adding policies for the Assembly, you can easily process code access security for individual assembly. However, as a result of dynamic page compilation, many ASP. NET assemblies are dynamically generated. Therefore, these assemblies are not strongly named, so additional functions are required.

ASP. NET allows you to assign an application a configurable trust level corresponding to a set of predefined permissions. By default (unless you explicitly change the configuration), the application receives a level of trust commensurate with the evidence they provide. For example, a local application must useFullThe trust permission set is run. Applications located on the Universal Naming rule (UNC) Sharing must useLocalintranetRestrict the operation of permission sets. If you want to useFullTo run Web applications at the trusted level, you must use the ASP. NET trust level and a predefined trust level defined in the policy file to implement some trust policies.

You can use the following configuration to override the default behavior and associate the application with the given security policy.

<Location Path = "MyApp" AllowOverride = "false"> <trust level = "high" originurl = "http://www.contoso.com"/> </location>
 

<Trust> the configuration tag can be applied to any application root directory at the computer level or hierarchy.

To set a policy for the entire site, you can specify the root directory of the site as the path to complete this operation, as shown below.

 
<Location Path = "contososite" AllowOverride = "false"> <trust level = "high" originurl = "http://www.contoso.com"/> </location>
 

If you do not want applications to specify their own trust levels (this is the case when most shared servers are installed ),AllowOverrideBe careful when specifying the <location> command for the property.

The following table lists<Trust>The default attribute supported by the element.

Attribute	Description	Supported values by default
Level	Specify the security zone in which the application will run.	Full, high, medium, low, and minimal.
Originurl	Allows the Administrator to set the URL of the application source. This allows permissions that depend on the concept of the host to work normally.	The format is correct.

By default, the permissions granted to policies associated with different security levels are shown in the following table.

	Level
Permission	Complete	High	Medium	Low	Minimum
Aspnethostingpermission	Complete	High	Medium	Low	Minimum
Environment	UN	UN	Read: temp, TMP, OS, username, computername
Fileio	UN	UN	Read, write, append, and path discovery: application directory	Read and path discovery: application directory
Isolatedstorage	UN	UN	Assemblyisolationbyuser, unrestricted user quota	1 MB quota (may change for some sites), assemblyisolationbyuser
Reflection	UN	Reflectionemit
Registry	UN
Security	UN	Execution, assertion, control subject, control thread, remote processing configuration	Execution, assertion, control subject, control thread, remote processing configuration	Run	Run
Socket	UN	UN
Webpermission	UN	UN	Connect to the original host (IF configured)
DNS	UN	UN	UN
Printing	UN	Print by default	Print by default
Oledbpermission	UN
Sqlclientpermission	UN	UN	Allowblankpassword = false
EventLog	UN
Message Queue	UN
Service Controller	UN
Performance Counters	UN
Directory Service	UN

 

UN = unrestricted

Blank = no permission

If a permission level is available but not explicitly stated in the security policy, useFullApplications running at the trust level can use it (because they haveFullTrust permission set ). Applications running at a lower trust level will not be able to use resources protected by non-explicit permissions unless you explicitly change the policy to allow it to use.

As shown in this table,HighTrust the application to have read/write permissions on the files in its application directory, whileLowTrust an application to have read-only permissions on files located in its application directory. BecauseFileioThe permission depends on the physical path (for exampleC: \ myapppathSo ASP. NET uses the labeled statements in the policy file. These labeled statements are replaced by the related path information of the application at runtime.

Please note that,WebpermissionAllow applications to connect to the original host. This mechanism is implemented<Trust>Some provide optionalOriginurlProperties work in ASP. NET.OriginurlProperty is used to replace $ Originhost $Variable, as shown in the following code in web_hightrust.config.

 
<Ipermission class = "webpermission" version = "1"> <connectaccess> <URI uri = "$ originhost $"/> </connectaccess> </ipermission>
 

SocketpermissionObtain the host name or IP string separated by DOTS (which may contain wildcards ),WebpermissionObtain the regular expression including the Protocol (for exampleHttp: // backendmachine /.*). To change this, you can use the required permissions to change the policy file (or create a new policy file by copying the default settings ). For example, you can change the permission set from ASP. NETSocketpermissionTo grant TCP socket connections to backend1 and backend2 on port 8080, as shown below.

 
<Ipermission class = "socketpermission" version = "1"> <connectaccess> <endpoint host = "backend1" Transport = "TCP" Port = "8080"/> <endpoint host =" backend2 "Transport =" TCP "Port =" 8080 "/> </connectaccess> </ipermission>
 

 
Source: msdn