MSDN Magazine - April 2008 - (Page 54) Figure 7 Implementing CodeAccessSecurityHelper (Partial) public static class CodeAccessSecurityHelper { public static void DemandClientPermissions (this ClientBase proxy, string operationName) where T : class { DemandClientConnectionPermissions(proxy.Endpoint); DemandTransactionPermissions(proxy.Endpoint,operationName); DemandTracingPermissions(); DemandClientSecurityPermissions(proxy); DemandEnvironmentPermissions(proxy); DemandClientStorePermissions(proxy.Endpoint); } internal static void DemandClientConnectionPermissions( ServiceEndpoint endpoint) { PermissionSet connectionSet = new PermissionSet(PermissionState.None); if(endpoint.Binding is NetTcpBinding) { connectionSet.AddPermission(new SocketPermission( NetworkAccess.Connect,TransportType.Tcp, endpoint.Address.Uri.Host,endpoint.Address.Uri.Port)); connectionSet.AddPermission(new DnsPermission( PermissionState.Unrestricted)); } /* Checking other bindings */ if(transactionFlow) { if(Transaction.Current != null) { //If operationName is null then at least one operation //needs to allow flow to trigger demand foreach(OperationDescription operation in endpoint.Contract.Operations) { string name = operationName ?? operation.Name; if(name != operation.Name) { continue; } foreach(IOperationBehavior behavior in operation.Behaviors) { if(behavior is TransactionFlowAttribute) { TransactionFlowAttribute attribute = behavior as TransactionFlowAttribute; if(attribute.Transactions != TransactionFlowOption.NotAllowed) { flowOptionAllowed = true; break; } } } if(flowOptionAllowed) { break; } } if(flowOptionAllowed) { IPermission distributedTransactionPermission = new DistributedTransactionPermission( PermissionState.Unrestricted); distributedTransactionPermission.Demand(); } } } } /* Rest of the bindings */ } connectionSet.Demand(); internal static void DemandTransactionPermissions( ServiceEndpoint endpoint) { DemandTransactionPermissions(endpoint,null); } internal static void DemandTransactionPermissions( ServiceEndpoint endpoint, string operationName) { bool transactionFlow = false; bool flowOptionAllowed = false; if(endpoint.Binding is NetTcpBinding) { NetTcpBinding tcpBinding = endpoint.Binding as NetTcpBinding; transactionFlow = tcpBinding.TransactionFlow; } } //Rest of the implementation .NET Framework that were designed for use in a partial-trust environment in a similar context, and I relied on the same demands as those. Finally, in the other cases, to compensate for suppressing the full trust demands, I used experience, familiarity with CAS, and common sense to map WCF activities to demands for dedicated permission types. When the WS-Dual Unmanaged code access is binding is used, Invoke demands Web permission to a highly privileged security connect to the target endpermission, granted only to point, as with any other the most trustworthy code. HTTP binding. However, to allow for hosting the callback object it also demands minimal ASP.NET hosting permission and Web permission to accept the calls to the callback address. When the MSMQ binding is used, Invoke demands MSMQ permission to send messages to the target queue. With any attempt to propagate the client’s transaction to a service, 54 msdnmagazine Foundations Invoke demands unrestricted distributed transaction permission. In this case, a transaction-aware binding is used, the transaction flow is enabled in the binding, the transaction flow at the operation level is allowed, and the client has an ambient transaction. Any attempt by the proxy to access the certificate store triggers demands for permission to enumerate the certificate stores, to open a store, and to enumerate the certificates in a store. This will happen when the client uses certificate credentials, or when message security is used and the client needs to validate the negotiated service certificate, or when the client does not negotiate a certificate and instead just loads a certificate to use for securing the message. When the client uses WCF diagnostics, Invoke demands environment permission to read the computer name and file I/O permission for the log and trace files used. Implementing Client-Side Structured Demands As mentioned already, the demands are carried out by CodeAccessSecurityHelper, whose partial implementation is shown in
Table of Contents Feed for the Digital Edition of MSDN Magazine - April 2008 MSDN Magazine - April 2008 Contents Toolbox CLR Inside Out Basic Instincts Cutting Edge Foundations Test Run Service Station Windows with C++ Going Places { End Bracket } MSDN Magazine - April 2008 MSDN Magazine - April 2008 - (Page Intro) MSDN Magazine - April 2008 - Contents (Page Cover1) MSDN Magazine - April 2008 - Contents (Page Cover2) MSDN Magazine - April 2008 - Contents (Page 1) MSDN Magazine - April 2008 - Contents (Page 2) MSDN Magazine - April 2008 - Contents (Page 3) MSDN Magazine - April 2008 - Contents (Page 4) MSDN Magazine - April 2008 - Contents (Page 5) MSDN Magazine - April 2008 - Contents (Page 6) MSDN Magazine - April 2008 - Contents (Page 7) MSDN Magazine - April 2008 - Contents (Page 8) MSDN Magazine - April 2008 - Contents (Page 9) MSDN Magazine - April 2008 - Contents (Page 10) MSDN Magazine - April 2008 - Toolbox (Page 11) MSDN Magazine - April 2008 - Toolbox (Page 12) MSDN Magazine - April 2008 - Toolbox (Page 13) MSDN Magazine - April 2008 - Toolbox (Page 14) MSDN Magazine - April 2008 - Toolbox (Page 15) MSDN Magazine - April 2008 - Toolbox (Page 16) MSDN Magazine - April 2008 - CLR Inside Out (Page 17) MSDN Magazine - April 2008 - CLR Inside Out (Page 18) MSDN Magazine - April 2008 - CLR Inside Out (Page 19) MSDN Magazine - April 2008 - CLR Inside Out (Page 20) MSDN Magazine - April 2008 - CLR Inside Out (Page 21) MSDN Magazine - April 2008 - CLR Inside Out (Page 22) MSDN Magazine - April 2008 - CLR Inside Out (Page 23) MSDN Magazine - April 2008 - CLR Inside Out (Page 24) MSDN Magazine - April 2008 - Basic Instincts (Page 25) MSDN Magazine - April 2008 - Basic Instincts (Page 26) MSDN Magazine - April 2008 - Basic Instincts (Page 27) MSDN Magazine - April 2008 - Basic Instincts (Page 28) MSDN Magazine - April 2008 - Basic Instincts (Page 29) MSDN Magazine - April 2008 - Basic Instincts (Page 30) MSDN Magazine - April 2008 - Basic Instincts (Page 31) MSDN Magazine - April 2008 - Basic Instincts (Page 32) MSDN Magazine - April 2008 - Basic Instincts (Page 33) MSDN Magazine - April 2008 - Basic Instincts (Page 34) MSDN Magazine - April 2008 - Cutting Edge (Page 35) MSDN Magazine - April 2008 - Cutting Edge (Page 36) MSDN Magazine - April 2008 - Cutting Edge (Page 37) MSDN Magazine - April 2008 - Cutting Edge (Page 38) MSDN Magazine - April 2008 - Cutting Edge (Page 39) MSDN Magazine - April 2008 - Cutting Edge (Page 40) MSDN Magazine - April 2008 - Cutting Edge (Page 41) MSDN Magazine - April 2008 - Cutting Edge (Page 42) MSDN Magazine - April 2008 - Cutting Edge (Page 43) MSDN Magazine - April 2008 - Cutting Edge (Page 44) MSDN Magazine - April 2008 - Cutting Edge (Page 45) MSDN Magazine - April 2008 - Cutting Edge (Page 46) MSDN Magazine - April 2008 - Foundations (Page 47) MSDN Magazine - April 2008 - Foundations (Page 48) MSDN Magazine - April 2008 - Foundations (Page 49) MSDN Magazine - April 2008 - Foundations (Page 50) MSDN Magazine - April 2008 - Foundations (Page 51) MSDN Magazine - April 2008 - Foundations (Page 52) MSDN Magazine - April 2008 - Foundations (Page 53) MSDN Magazine - April 2008 - Foundations (Page 54) MSDN Magazine - April 2008 - Foundations (Page 55) MSDN Magazine - April 2008 - Foundations (Page 56) MSDN Magazine - April 2008 - Foundations (Page 57) MSDN Magazine - April 2008 - Foundations (Page 58) MSDN Magazine - April 2008 - Foundations (Page 59) MSDN Magazine - April 2008 - Foundations (Page 60) MSDN Magazine - April 2008 - Foundations (Page 61) MSDN Magazine - April 2008 - Foundations (Page 62) MSDN Magazine - April 2008 - Foundations (Page 63) MSDN Magazine - April 2008 - Foundations (Page 64) MSDN Magazine - April 2008 - Foundations (Page 65) MSDN Magazine - April 2008 - Foundations (Page 66) MSDN Magazine - April 2008 - Foundations (Page 67) MSDN Magazine - April 2008 - Foundations (Page 68) MSDN Magazine - April 2008 - Foundations (Page 69) MSDN Magazine - April 2008 - Foundations (Page 70) MSDN Magazine - April 2008 - Foundations (Page 71) MSDN Magazine - April 2008 - Foundations (Page 72) MSDN Magazine - April 2008 - Foundations (Page 73) MSDN Magazine - April 2008 - Foundations (Page 74) MSDN Magazine - April 2008 - Foundations (Page 75) MSDN Magazine - April 2008 - Foundations (Page 76) MSDN Magazine - April 2008 - Foundations (Page 77) MSDN Magazine - April 2008 - Foundations (Page 78) MSDN Magazine - April 2008 - Foundations (Page 79) MSDN Magazine - April 2008 - Foundations (Page 80) MSDN Magazine - April 2008 - Foundations (Page 81) MSDN Magazine - April 2008 - Foundations (Page 82) MSDN Magazine - April 2008 - Foundations (Page 83) MSDN Magazine - April 2008 - Foundations (Page 84) MSDN Magazine - April 2008 - Foundations (Page 85) MSDN Magazine - April 2008 - Foundations (Page 86) MSDN Magazine - April 2008 - Foundations (Page 87) MSDN Magazine - April 2008 - Foundations (Page 88) MSDN Magazine - April 2008 - Foundations (Page 89) MSDN Magazine - April 2008 - Foundations (Page 90) MSDN Magazine - April 2008 - Foundations (Page 91) MSDN Magazine - April 2008 - Foundations (Page 92) MSDN Magazine - April 2008 - Foundations (Page 93) MSDN Magazine - April 2008 - Foundations (Page 94) MSDN Magazine - April 2008 - Foundations (Page 95) MSDN Magazine - April 2008 - Foundations (Page 96) MSDN Magazine - April 2008 - Foundations (Page 97) MSDN Magazine - April 2008 - Foundations (Page 98) MSDN Magazine - April 2008 - Test Run (Page 99) MSDN Magazine - April 2008 - Test Run (Page 100) MSDN Magazine - April 2008 - Test Run (Page 101) MSDN Magazine - April 2008 - Test Run (Page 102) MSDN Magazine - April 2008 - Test Run (Page 103) MSDN Magazine - April 2008 - Test Run (Page 104) MSDN Magazine - April 2008 - Test Run (Page 105) MSDN Magazine - April 2008 - Test Run (Page 106) MSDN Magazine - April 2008 - Service Station (Page 107) MSDN Magazine - April 2008 - Service Station (Page 108) MSDN Magazine - April 2008 - Service Station (Page 109) MSDN Magazine - April 2008 - Service Station (Page 110) MSDN Magazine - April 2008 - Service Station (Page 111) MSDN Magazine - April 2008 - Service Station (Page 112) MSDN Magazine - April 2008 - Service Station (Page 113) MSDN Magazine - April 2008 - Service Station (Page 114) MSDN Magazine - April 2008 - Windows with C++ (Page 115) MSDN Magazine - April 2008 - Windows with C++ (Page 116) MSDN Magazine - April 2008 - Windows with C++ (Page 117) MSDN Magazine - April 2008 - Windows with C++ (Page 118) MSDN Magazine - April 2008 - Windows with C++ (Page 119) MSDN Magazine - April 2008 - Windows with C++ (Page 120) MSDN Magazine - April 2008 - Windows with C++ (Page 121) MSDN Magazine - April 2008 - Windows with C++ (Page 122) MSDN Magazine - April 2008 - Going Places (Page 123) MSDN Magazine - April 2008 - Going Places (Page 124) MSDN Magazine - April 2008 - Going Places (Page 125) MSDN Magazine - April 2008 - Going Places (Page 126) MSDN Magazine - April 2008 - Going Places (Page 127) MSDN Magazine - April 2008 - { End Bracket } (Page 128) MSDN Magazine - April 2008 - { End Bracket } (Page Cover3) MSDN Magazine - April 2008 - { End Bracket } (Page Cover4)
For optimal viewing of this digital publication, please enable JavaScript and then refresh the page. If you would like to try to load the digital publication without using Flash Player detection, please click here.