FileIOPermission Assert
-
I am in need of a way to guarantee that no matter what user is using an internal system that an error log can be written while they are using the web app. I tried creating the permission with an all access attribute but of course it failed because I took away all permissions on the folder except for ASPNET. I dont know the best way to do this but I dont feel comfortable giving "Everyone" access. Since this is internal we are using roles and showing the use name in various places so I cant just remove the tag so I dont know what role a use will be a part of when they are on the system because it is an open/general internal system that will also be available to the public on certain pages. Any ideas? Thanks, Cleako
-
I am in need of a way to guarantee that no matter what user is using an internal system that an error log can be written while they are using the web app. I tried creating the permission with an all access attribute but of course it failed because I took away all permissions on the folder except for ASPNET. I dont know the best way to do this but I dont feel comfortable giving "Everyone" access. Since this is internal we are using roles and showing the use name in various places so I cant just remove the tag so I dont know what role a use will be a part of when they are on the system because it is an open/general internal system that will also be available to the public on certain pages. Any ideas? Thanks, Cleako
Hi, I understand that you want to write an Error Log to a File and in order to do that You want to give user a Permission to achieve that. Then What you are looking for is a Code Access Security, which gives permission to Code also that is running instead of only basing security decision on Identity of User. By writing permission as shown below, You are giving permission to only those folder that has your log file. private void WritetoLog(string filename) { //assign Permission to this function to delete Only those files under specified filepath. string filestorepath = ConfigurationManager.AppSettings["FileStorePath"].ToString(); FileIOPermission f = new FileIOPermission(PermissionState.None); f.AddPathList(FileIOPermissionAccess.AllAccess, filestorepath); f.PermitOnly(); //Perform Write to Log here. } Write in case of further help. Thank you.
-
Hi, I understand that you want to write an Error Log to a File and in order to do that You want to give user a Permission to achieve that. Then What you are looking for is a Code Access Security, which gives permission to Code also that is running instead of only basing security decision on Identity of User. By writing permission as shown below, You are giving permission to only those folder that has your log file. private void WritetoLog(string filename) { //assign Permission to this function to delete Only those files under specified filepath. string filestorepath = ConfigurationManager.AppSettings["FileStorePath"].ToString(); FileIOPermission f = new FileIOPermission(PermissionState.None); f.AddPathList(FileIOPermissionAccess.AllAccess, filestorepath); f.PermitOnly(); //Perform Write to Log here. } Write in case of further help. Thank you.
So what ACLs on the directory would I need to setup to ensure that the assert works correctly? I dont want to give any permissions out that I dont need to.
-
So what ACLs on the directory would I need to setup to ensure that the assert works correctly? I dont want to give any permissions out that I dont need to.
Hi, I am sorry. I have not set up ACLs on Directory before. Can you tell me how do you do that? Do you use NTFS directory security to use ACLs? What I do: I know how to use .net Framework configuration to control the access to the system resources. So,I would create another Code Group at the Enterprise Level and Configure it's Membership Condition to make it for the directory where your code is. Then I would just give the Execution permission and some File IO permission. I would suggest not to use assert. A Stack walk is initiated every time when your code initiated "Demand", Which would check the permissions to all the Callers in the call stack. This is to prevent the Elevation of priviledge. When you use Assert in your code it will Vouch for all the code that call your method. That means the stack walk will be terminated with positive result to the method who requested the Demand for Permission. Hence, any method who calls the method that has Assert statement in it will not be checked by CLR for appropriate permission. I am not an Expert. I am just a recent Graduate looking for a job. But, do write in case of further help. Thank you.