CODEWITHSUNDEEP
c#.netsecurity
Nick
Nick

Reputation: 19664

Assembly Declarative Security - Request Optional

I am trying to limit CAS privileges to one specific domain. I am doing this at the assembly level using the attribute syntax. This assembly is run on the local machine and therefore the OS is granting the assembly full trust but I would expect the following to bomb.

Why does it not throw an exception when I connect to google? Here is an example:

  [assembly: WebPermission(SecurityAction.RequestOptional, ConnectPattern = @"http://msdn\.microsoft\.com/.*")]
class Program
{
    private static WebClient client = new WebClient();

    static void Main(string[] args)
    {
        try
        {
            PermissionSet permSet = new PermissionSet(PermissionState.None);
            permSet.AddPermission(new FileIOPermission(FileIOPermissionAccess.Write, Environment.CurrentDirectory));
            permSet.Demand();

            //client.DownloadFile(@"http://msdn.microsoft.com/en-us/library/ms247123(VS.80).aspx", @"ms247123(VS.80).aspx");
            client.DownloadFile(@"http://www.google.com", @"goole.htm");
        }

        catch
        {
            Console.WriteLine("Insuffcient Privaleges");
        }


    }
}

Notice the assembly CAS declaration. I am trying to restrict the WebPermissions to only domains that match this pattern http://msdn.microsoft.com/.*

What am I doing wrong?

Thanks!

Upvotes: 0

Views: 166

Answers (1)

Chris Taylor
Chris Taylor

Reputation: 53699

What Framework version are you using? Framework 4.0 no longer enforces declarative security at the assembly level.

http://msdn.microsoft.com/en-us/library/ee191568.aspx

Upvotes: 1

Related Questions