Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
290 views
in Technique[技术] by (71.8m points)

assemblies - What is a partially trusted assembly/application/code/etc in .NET?

Could someone please explain? I couldn't find anything on the internet, everything talks about how to go about it in some way, but nothing says exactly what it is.

Also, what is a fully trusted assembly and how do they differ from one another?

I have a MS certification exam and this is the only topic that I just don't understand.

EDIT: Thanks guys. Now I have a better understanding of security in .NET. I was able to pass my certification exam.

See Question&Answers more detail:os

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Answer

0 votes
by (71.8m points)

.NET implements a security model called code access security. Unmanaged code runs with the privileges and rights of the user starting the application, even if the code happens to originate from evil sources.

Managed code needs to provide evidence of its origin; there are various ways to do that (e.g. code is signed with a certain key, code was downloaded from a certain URL, code lives in a certain directory on disk, etc). Based on that evidence, assemblies are put into groups, for which policies are applied. A policy can grant certain permissions to a code group, primarily with regard to accessing system resources (performing DNS lookup, opening network connections, accessing "isolated storage", accessing the local file system (all of it, or just selected directories), accessing the registry, accessing network shares, etc). There is a tool in the control panel that allows you to define such policies.

When an assembly tries to perform some restricted operation, a privilege check is made. If access is granted, the operation proceeds. If the check fails, an exception is thrown. The check typically involves a stack traversal (i.e. all callers must be trusted for that operation), but there are exceptions.

As a special case, one may assign "Full Trust" to an assembly, granting all permissions. While I haven't heard the term "partial trust" before, I'd assume it refers to assemblies who have some rights, but not Full Trust.

Please understand that this is just an overview - there is much more to be said about code access security.


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...