Re: FxCop App Security

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

---

• From: "Velvet" <velvet@xxxxxxxxxxxxxxxxx>
• Date: Wed, 18 Jan 2006 13:57:36 -0800

---

The problem is, this applies to normal .NET apps and not ASP.NET apps. I
need ASP specific information as this need to be executed on the web server.

I have run some searches on the subject but haven't found any useful
information on what security settings should be used when running the app on
the web server.

Velvet

"Steven Cheng[MSFT]" <stcheng@xxxxxxxxxxxxxxxxxxxx> wrote in message
news:s%23wz3QnEGHA.1240@xxxxxxxxxxxxxxxxxxxxxxxx
> Hi velvet,
>
> Welcome to MSDN newsgroup.
> As for the security related warning you get when using fxcop to validate
> your assembly, they're just some best practice for develping .net
> application. .NET use Code Access Security to restrict and validate our
> code's permission. For the two attributres you mentioend:
>
> [assembly: SecurityPermission(SecurityAction.RequestMinimum, Execution =
> true)]
> =====================
> This is used to indicate the minimum permissions your assembly require...
> This can help the end user or administrator to get how much permission
> they
> need to grant to your assembly.... through .NET CAS policy
>
>
> [assembly: PermissionSet(SecurityAction.RequestOptional, Name =
> "Nothing")]
> ========================
> The SecurityAction.RequestOptional flag allows you to request a set of
> permissions while refusing all other permissions the runtime otherwise
> might have been willing to give. By contrast, the RequestRefuse flag
> allows
> you to refuse permissions by explicitly specifying which ones your code
> should not be granted.
>
> And here are some other msdn reference discussing on .net CAS:
>
> #An Overview of Security in the .NET Framework
> http://msdn.microsoft.com/library/en-us/dnnetsec/html/netframesecover.asp?fr
> ame=true
>
> #Programming .NET Code Access Security
> http://msdn.microsoft.com/library/en-us/dnhcvs03/html/hcvs03a11.asp?frame=tr
> ue
>
> http://msdn.microsoft.com/msdnmag/issues/05/11/CodeAccessSecurity/default.as
> px?side=true#a
>
> Hope helps. Thanks,
>
> Steven Cheng
> Microsoft Online Support
>
> Get Secure! www.microsoft.com/security
> (This posting is provided "AS IS", with no warranties, and confers no
> rights.)
>
> --------------------
> | From: "Velvet" <velvet@xxxxxxxxxxxxxxxxx>
> | Subject: FxCop App Security
> | Date: Thu, 5 Jan 2006 10:31:57 -0800
> | Lines: 19
> | X-Priority: 3
> | X-MSMail-Priority: Normal
> | X-Newsreader: Microsoft Outlook Express 6.00.2900.2527
> | X-RFC2646: Format=Flowed; Original
> | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2527
> | Message-ID: <evfIYZiEGHA.716@xxxxxxxxxxxxxxxxxxxx>
> | Newsgroups: microsoft.public.dotnet.framework.aspnet
> | NNTP-Posting-Host: c-67-182-150-8.hsd1.wa.comcast.net 67.182.150.8
> | Path: TK2MSFTNGXA02.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP09.phx.gbl
> | Xref: TK2MSFTNGXA02.phx.gbl
> microsoft.public.dotnet.framework.aspnet:368825
> | X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet
> |
> | I ran FxCop on one of the components for my web site and the security
> rules
> | what me to add "[assembly: Security Permission()] tags like the ones
> listed
> | below:
> |
> | [assembly: SecurityPermission(SecurityAction.RequestMinimum, Execution =
> | true)]
> |
> | [assembly: PermissionSet(SecurityAction.RequestOptional, Name =
> "Nothing")]
> |
> |
> | This breaks my ASP.NET application. So my question is, what should
> these
> | tags be when used in a .NET application? I haven't found much
> information
> | on this so if I could get more info on it in relation to ASP.NET that
> would
> | be great.
> |
> | thanks,
> | Velvet
> |
> |
> |
>


.

---

• Follow-Ups:
  • Re: FxCop App Security
    • From: Steven Cheng[MSFT]

• References:
  • FxCop App Security
    • From: Velvet
  • RE: FxCop App Security
    • From: Steven Cheng[MSFT]

• Prev by Date: Re: getting the character code of a character in a string
• Next by Date: Re: How check filesize using FileUpload control?
• Previous by thread: RE: FxCop App Security
• Next by thread: Re: FxCop App Security
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: Permissions ... Then i would just use the sysinternal tools to understand more of whats ... many directorys (i have a Like issue having to run old apps based on NT ... who has to deside on a security model and a standard image. ... > write permissions in order for some of your apps to work, ... (Security-Basics) RE: Security User Access ... what permissions are given to the object. ... Microsoft Access Support ... Microsoft Security Bulletin MS03-026? ... | Content-Type: text/plain; ... (microsoft.public.access.security) Re: storedproc.edit: "select permission denied" when assigning to a field ... people who are concerned with security prefer NOT giving end users ... I think you're also suggesting that there be a single userid that everyone ... have other apps that do use them successfully. ... > you should be using a sql userid that has the correct permissions for the ... (borland.public.delphi.database.ado) RE: Permissions Problem ... Update, Append, Delete queries. ... Microsoft Access Support ... Microsoft Security Bulletin MS03-026? ... | Subject: RE: Permissions Problem ... (microsoft.public.access.security) RE: Permissions Problem ... For the queries take a look at the property "Run Permissions" and set it to ... Then set the necessary permissions on the tables. ... Microsoft Access Support ... Microsoft Security Bulletin MS03-026? ... (microsoft.public.access.security)

---

• Windows
• Science
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint

www.tech-archive.net  > Archive  > DotNet  > microsoft.public.dotnet.framework.aspnet  > 2006-01