What is a partially trusted assembly/application/code/etc in .NET?
Asked Answered
S

3

21

Could someone please explain? I couldn't find anything on the internet, everything talks about how to go about it in some way, but nothing says exactly what it is.

Also, what is a fully trusted assembly and how do they differ from one another?

I have a MS certification exam and this is the only topic that I just don't understand.

EDIT: Thanks guys. Now I have a better understanding of security in .NET. I was able to pass my certification exam.

Searles answered 17/12, 2008 at 21:14 Comment(0)
T
11

A full-trust assembly has an unrestricted set of code access security permissions, which allows the code to access all resource types and perform privileged operations, subject only to operating system security. For example, if user Bob cannot access file Y, then neither can a full-trust assembly running in Bob's user space.

A partial-trust assembly means that the code runs at less than full trust. The .NET Framework has several predefined trust levels that you can use directly or customise to meet your specific security requirements. For example, you can prevent an assembly from accessing SQL databases by denying SQLClientPermission.

The trust level of an assembly can also be diminished by its origin. For example, code coming from a network share (in older versions of .NET) is trusted less than code coming from the local computer, and as a result is limited in its ability to perform privileged operations.

Tangram answered 17/12, 2008 at 21:31 Comment(1)
The trust levels link is dead.Superfuse
L
17

.NET implements a security model called code access security. Unmanaged code runs with the privileges and rights of the user starting the application, even if the code happens to originate from evil sources.

Managed code needs to provide evidence of its origin; there are various ways to do that (e.g. code is signed with a certain key, code was downloaded from a certain URL, code lives in a certain directory on disk, etc). Based on that evidence, assemblies are put into groups, for which policies are applied. A policy can grant certain permissions to a code group, primarily with regard to accessing system resources (performing DNS lookup, opening network connections, accessing "isolated storage", accessing the local file system (all of it, or just selected directories), accessing the registry, accessing network shares, etc). There is a tool in the control panel that allows you to define such policies.

When an assembly tries to perform some restricted operation, a privilege check is made. If access is granted, the operation proceeds. If the check fails, an exception is thrown. The check typically involves a stack traversal (i.e. all callers must be trusted for that operation), but there are exceptions.

As a special case, one may assign "Full Trust" to an assembly, granting all permissions. While I haven't heard the term "partial trust" before, I'd assume it refers to assemblies who have some rights, but not Full Trust.

Please understand that this is just an overview - there is much more to be said about code access security.

Lynettalynette answered 17/12, 2008 at 21:28 Comment(1)
Note that even a FullTrust assembly is still constrained by the OS security. For example, if user Bob cannot access file Y, then neither will a full-trust assembly running in Bob's user space.Tangram
T
11

A full-trust assembly has an unrestricted set of code access security permissions, which allows the code to access all resource types and perform privileged operations, subject only to operating system security. For example, if user Bob cannot access file Y, then neither can a full-trust assembly running in Bob's user space.

A partial-trust assembly means that the code runs at less than full trust. The .NET Framework has several predefined trust levels that you can use directly or customise to meet your specific security requirements. For example, you can prevent an assembly from accessing SQL databases by denying SQLClientPermission.

The trust level of an assembly can also be diminished by its origin. For example, code coming from a network share (in older versions of .NET) is trusted less than code coming from the local computer, and as a result is limited in its ability to perform privileged operations.

Tangram answered 17/12, 2008 at 21:31 Comment(1)
The trust levels link is dead.Superfuse
D
1

Maybe some context will help.

Think about something like browsing stackoverflow. There is the code off the browser itself that can do anything on your computer (delete files for example ) and there is the javascript code of the site. The javascript code can't do anything to your computer except the nifty fade effects and some other display magic.

.net has the ability to provide such distinction between local application and remote ones. You can write application that will run on the local computer and will be able to do anything to the local computer. And this application can have a feature that download extension dll from the internet. Those extension will be able to do calculation and manipulate the display. But the code inside them want be able to delete files. Because it is not trusted.

The details are wrong but this is the idea ( as far as i understand it).

Daric answered 17/12, 2008 at 21:41 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.