Lets Consider that you got an opportunity to work for Government agency where al deals going with national security. In that case you are given an Identification pass that alow you to enter only certain rooms and building to your relevant security clearance.
Similarly, the .Net framework provides restricted access to resources or operations based on permissions. The .Net framework provide different types of permissions that you can use according to different access requirement.
The .Net Framework provides code access permission classes, each of which encapsulates the ability to access a particular resource
In .Net Framework, permissions are object that give the authority to perform actions on resources such as opening files, writing to the registry and executing code, permissions are usually stoired and conveyed in a collections of class called PermisionSet., which can hold various types of permissions objects.
There are two ways to demand security permissions in C#:
a) Imperatively: Using calls to permission classes in the .NET Framework
b) Declaratively: Using security permission attributes
Types of Permissions
There are three types of permissions.
1) Code access permissions
2) Identity permissions.
3) Role-based security permissions.
Lets take each types by its way of working
1) Code access permissions :
It is responsible to represent access to a protected resource or the ability to perform a protected operation. They control the types of operations code which can perform some examples of these operations are access to sockets, events logs, registry, and file I/O.
These Operations are determined by security policies which set in code groups.
suppose if any assembly belongs to a group that has three permissions, only then after the assembly can perform the corresponding operations.
2) Identity permissions :
It is responsible to indicate that code has credentials that support a particular kind of identity. They are based directly on the evidence offered by the assembly and not on the security policies of a computer.
for example, if an assembly is signed with a digital signature, it is granted PublisheridentityPermission, or if it exists in the global assembly cache, it is granted GacIdentityPermission.
3) Role-based security permissions :
It is responsible to provide a mechanism for discovering whether a user (or the agent acting on the user's behalf) has a particular identity or is a member of a specified role.
This permission is not like mentioned above permission, the role-based security permission are based on the users identity and not the code identity. The runtime always uses objects called permissions to implement its mechanism for enforcing or restrictions on managed code.
How many ways of using Permissions :
The CLR(Common Language RunTime) allows code to perform only those operations that the code has permission to perform.
Mainly there are three ways in which permissions are used
Lets know about each ways one by one by its working process.
1) Requests :
when you try to run the assembly, the runtime uses the security policy rules to see whether these permissions requests can be granted.
The advantage of making such requests is that the runtime knows upfront about special permissions you many need. and if you have not mentioned it in your code then there are chances to getting failing of code during implementation.
2) Demands :
This process is not same as earlier process "Request" , it can appear anywhere in the code and can also often placed at different level like class level or the method level of program.
using Demands in library ensure that the code calling a library has sufficient permissions or not for an assembly to do its job. The whole process is done by stack walking. The runtime walks up the call stack to ensure that the permissions are sufficient at all levels.
Note : Demands can be implemented by using declarative or imperative syntax.
3) Grants :
This one is special phase because if you didn't specify request for permissions, the security policy on a computer automatically manage or grants permissions to the code to provide all of its appropriate conditions. Examples : if you are administrator and you are going to run local applications, it is typically granted full trust permissions, which shows that you have all access for all resources on the corresponding computer.
This article is just focusing about the basic Introduction about Permissions. In the next article you will learn practical of defining and implementing different permissions based on conditions. so Stay in touch.