One more security question
-
Still trying to wrap my head around this security stuff, I still can't seem to find a simple way to find out if I have the needed permission when running my program before I call the code that would cause the error. What I would like to do is just see if I have access at the begining of my program and if not pop up a message box and exit. I am trying using the Demand but that seems to be the wrong usage, I also tried using the IsUnrestricted() but that doesn't even seem to be true when running locally.
FileIOPermission canAccess = new FileIOPermission(FileIOPermissionAccess.Write, "C:\\"); try { canAccess.Demand() // Keep running through program. } catch { MessageBox.Show "Don't have permissions"; }Is there another way to go about this? -
Still trying to wrap my head around this security stuff, I still can't seem to find a simple way to find out if I have the needed permission when running my program before I call the code that would cause the error. What I would like to do is just see if I have access at the begining of my program and if not pop up a message box and exit. I am trying using the Demand but that seems to be the wrong usage, I also tried using the IsUnrestricted() but that doesn't even seem to be true when running locally.
FileIOPermission canAccess = new FileIOPermission(FileIOPermissionAccess.Write, "C:\\"); try { canAccess.Demand() // Keep running through program. } catch { MessageBox.Show "Don't have permissions"; }Is there another way to go about this?You don't need to check, really. An exception will be thrown if you don't have the permission. Also, you can't demand a permission if you don't have it (it's more of a check, really). Such checks are handy when you want to know ahead of time if you can do something or not. If you need that permission, it must be granted by a code group with an associated permission set (either custom or one of the pre-configured sets, like FullTrust), and the evidence gathered for your assembly must match the membership condition used for that code group (otherwise the code group policy isn't applied and your assembly (/assemblies) aren't granted the permission set you'd expect. You've got the right idea, though.
Microsoft MVP, Visual C# My Articles
-
You don't need to check, really. An exception will be thrown if you don't have the permission. Also, you can't demand a permission if you don't have it (it's more of a check, really). Such checks are handy when you want to know ahead of time if you can do something or not. If you need that permission, it must be granted by a code group with an associated permission set (either custom or one of the pre-configured sets, like FullTrust), and the evidence gathered for your assembly must match the membership condition used for that code group (otherwise the code group policy isn't applied and your assembly (/assemblies) aren't granted the permission set you'd expect. You've got the right idea, though.
Microsoft MVP, Visual C# My Articles
Thats what is getting me confused, The .Demand doesn't throw an exception but when I actually try to modify the file then it throws a security exception. This is some of the test code I have in my program now (that's to test stuff)
FileIOPermission canAccess = new FileIOPermission(FileIOPermissionAccess.Write, "C:\\"); try { canAccess.Demand(); File.Delete(cmdArgs[0]); // This contains a file on C } catch { // Let user know here }I would expect the .Demand() call to throw the exception but it doesn't, I get the security error when calling File.Delete, which doesn't make sense... (I also tried replacing Write with AllAccess) The reason I want to run a "pre-check" like this is the delete/renaming stuff doesn't occur until 15 seconds or so in the program so I don't want to make the user wait 15 seconds just to find out that they can't do anything because the code isn't running with the proper permissions. P.S. The SecurityException message that is thrown is: "Request for the permission of type System.Security.Permissions.FileIOPermission, mscorlib, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 failed." -
Thats what is getting me confused, The .Demand doesn't throw an exception but when I actually try to modify the file then it throws a security exception. This is some of the test code I have in my program now (that's to test stuff)
FileIOPermission canAccess = new FileIOPermission(FileIOPermissionAccess.Write, "C:\\"); try { canAccess.Demand(); File.Delete(cmdArgs[0]); // This contains a file on C } catch { // Let user know here }I would expect the .Demand() call to throw the exception but it doesn't, I get the security error when calling File.Delete, which doesn't make sense... (I also tried replacing Write with AllAccess) The reason I want to run a "pre-check" like this is the delete/renaming stuff doesn't occur until 15 seconds or so in the program so I don't want to make the user wait 15 seconds just to find out that they can't do anything because the code isn't running with the proper permissions. P.S. The SecurityException message that is thrown is: "Request for the permission of type System.Security.Permissions.FileIOPermission, mscorlib, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 failed."That's a good scenario for a "pre-check"! :) The problem is that, as the documentation states,
Demandchecks callers higher in the stack. While all callers higher in the stack may have the permission, you may not. So, lets say you add this code in an event handler you've assigned to an event defined in the BCL assemblies (like handlingButton.Clickor something). Invoking the delegate (your handler) happens from the BCL. Those assemblies would have FullTrust permissions, but you might not. Now, when you simply callFile.Delete, you become the caller and don't have that permission, so theSecurityExceptionis thrown. A simple work-around is to attempt to create a dummy file (and delete it, if successful). If you can't write the file, you won't be able to delete a file (well, at least from the CLR's perspective).Microsoft MVP, Visual C# My Articles