Prev: C# callback from native code
Next: PermissionSet FullTrust and Everyting in CAS
From: Tony Johansson on 15 Apr 2010 02:17
Hi!

I'm reading a book from Microsoft Press (exam 70-536) and it says something
that you might have an answer to.
It says " CAS can be used either declaratively, in which case the compiler
perform security check prior to running code, or imperatively, in which case
the code itself perform security checks and controls what happens if the
checks fails."

I mean it must be the runtime that perform the security check before
actually having started the application ?

//Tony


From: Alberto Poblacion on 15 Apr 2010 02:38
"Tony Johansson" <johansson.andersson(a)telia.com> wrote in message
news:eMsBWNG3KHA.3844(a)TK2MSFTNGP05.phx.gbl...
> It says " CAS can be used either declaratively, in which case the compiler
> perform security check prior to running code, [...]"
>
> I mean it must be the runtime that perform the security check before
> actually having started the application ?

Yes, you are right. The security check is performed by the runtime, not
by the compiler. The compiler merely embeds the attributes into the
executable file; it's the runtime the one that performs the checks when the
program is launched.

From: Peter Duniho on 15 Apr 2010 02:46
Tony Johansson wrote:
> Hi!
>
> I'm reading a book from Microsoft Press (exam 70-536) and it says something
> that you might have an answer to.
> It says " CAS can be used either declaratively, in which case the compiler
> perform security check prior to running code, or imperatively, in which case
> the code itself perform security checks and controls what happens if the
> checks fails."
>
> I mean it must be the runtime that perform the security check before
> actually having started the application ?

I can think of at least three security checks that could be implemented:

� link demands, which are checked during JIT compilation
� method security requirements, which are checked when the method is
called
� inline security demands, explicitly stated in the code

To make matters more complicated, there's a new design in .NET 4.0 that
I don't yet fully understand. Ostensibly it's supposed to make things
simpler, but everything I read about it involves the use of the word
"transparent" (and variants) in a way that doesn't make sense to me
(obviously not up on the latest security jargon!).

Anyway, I believe what the text you're reading is talking about is
describing is the difference between applying an attribute to an
assembly, class, or member (i.e. "declaratively"), and an explicit call
to some security demand (i.e. "imperatively"). Either can be used, and
either can accomplish specific security goals. Only certain kinds of
checks are/need to be done "before actually having started the application".

Pete
 | 
Pages: 1
Prev: C# callback from native code
Next: PermissionSet FullTrust and Everyting in CAS