.NET Tutorials, Forums, Interview Questions And Answers
Welcome :Guest
Sign In
Win Surprise Gifts!!!

Top 5 Contributors of the Month
Gaurav Pal
Post New Web Links

Security in .NET: The Security Infrastructure of the CLR Provides Evidence, Policy, Permissions, and

Posted By:      Posted Date: August 21, 2010    Points: 0   Category :ASP.Net

The common language runtime of the .NET Framework has its own secure execution model that isn't bound by the limitations of the operating system it's running on. In addition, unlike the old principal-based security, the CLR enforces security policy based on where code is coming from rather than who the user is. This model, called code access security, makes sense in today's environment because so much code is installed over the Internet and even a trusted user doesn't know when that code is safe.In this article, Don Box explains how code access security works in the CLR. He discusses the kinds of evidence required by policy, how permissions are granted, and how policy is enforced by the runtime.

Don Box

MSDN Magazine September 2002

View Complete Post

More Related Resource Links

WSE Security: Protect Your Web Services Through The Extensible Policy Framework In WSE 3.0


This article describes the WSE policy framework, which allows you to describe constraints and requirements a Web service must enforce. Discussions include security scenarios in WSE 3.0 and extending the framework with custom constraints and requirements.

Tomasz Janczuk

MSDN Magazine February 2006

Copy sharepoint 2007 folder (with sub folders) with all the security permissions

I am looking to copy a common sharepoint folder(sub folders) in 2007 with all the security permissions intact, to a different location in the same site, Does anyone know how to do this?

Copy sharepoint 2007 folder (with sub folders) with all the security permissions

I am looking to copy a common sharepoint folder(sub folders) in 2007 with all the security permissions intact, to a different location in the same site, Does anyone know how to do this?

System.Security.Permissions.SecurityPermission, mscorlib, Version=, Culture=neutral, PublicKe



I am currently working on SQL server reporting. I have created custom assemblies. I am loading the custom assebly in the rdl file.

I am getting following exception


An error occurred while executing OnInit: Request for the permission of type 'System.Security.Permissions.SecurityPermission, mscorlib, Version=, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed. (rsErrorInOnInit)



Please let me know if anyone knows the reason.

Thanks in Advance.

BCS Method Security / External Content Type Permissions / Custom List Security Provider / Security T


I have an external list setup with the usual CRUD methods.  The external SQL table is also being populated by another source.  I want to enable/disable deleting depending on whether the record was created from SharePoint.  I would also like the normal list permissions to work.  So if a user has permissions to delete on the list, they can only delete items created for SharePoint. 

Where should this logic be incorporated?  On the BCS Delete method, somewhere in the External Content Type or on the list instance?  Most examples I find relate to security trimming for search.  I'm only concerned about the delete method.

I'm sure there are multiple ways to accomplish this.  Which is the best?


Developer Security Permissions

Ok, so, the developers are trying to force me into giving them DBA rights on the database, but I am telling them no. Essentially, they have DDL admin, Data Reader and Data Writer and Execute on their procedures and functions. They are saying they need db_securityadmin rights in order to grant datareader and datawriter and execute permissions on objects when they create them. If I am not mistaken reading and writing form tables should be automatic, but execute permissions would only need to be set. Is there something else I am not thinking about?
John M. Couch

Unhandled Exception (JIT - security permissions)


Hi I have a serious headache. My WCF service is supposed to start 20 .exe files with 1 second delay between each. If any of the .exe files closes, it will re-start them. However sometimes I get the following error all of the sudden and I have no idea what to do about it, or why I get it. Any help will be appreciated dearly :)

"The Just-In-Time debugger was launched without necessary security permissions. To debug this process, the Just-In-Time debugger must be run as an Administrator."

SharePoint app crashes due to System.Security.Policy.PolicyException.


We have a two W.F.E servers. The server is hosting our intranet we app. The app is crashing at 2 in the night. It does not happen frequently, but does happen twice a week. Below is the description of the error message.

Server Error in '/' Application. -------------------------------------------------------------------------------- Execution permission cannot be acquired. Description: An unhandled exception occurred during the execution of the current web request.

Please review the stack trace for more information about the error and where it originated in the code. Exception Details: System.Security.Policy.PolicyException: Execution permission cannot be acquired.

Source Error: An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.

Stack Trace: [PolicyException: Execution permission cannot be acquired.] System.Security.SecurityManager.ResolvePolicy(Evidence evidence, PermissionSet reqdPset, PermissionSet optPset, PermissionSet denyPset, PermissionSet& denied, Boolean checkExecutionPermission) +10239176 System.Security.SecurityManager.ResolvePolicy(Evidence evidence, PermissionSet reqdPset, PermissionSet optPset, PermissionSet denyPset, PermissionSet& d

how to prevent security/permissions affected by backup/restore

I create a copy of a production database (for reporting purposes) by using the backup and restore commands.  The copy is on a seperate server. (replication wont work in my case)
The reporting server allows more read-only access then the production server.

I do a full backup and restore, and of course all permissions/security settings come with all the data.

How can I do a backup and restore of only data without altering permissions on the reporting server? 
As more of my users want to run reports, I give them access on the reporting server but not the production server, and of course it gets wiped out every night when the backup-restore runs.

Using SQL Server 8.0 and 9.0.

document library security permissions on column value

I have created a document library with several number of documents there are 8 divisions so I have given a column called division with choice of selecting one of the divison as a column value now I want to set permissions to users of a divsion to read and write (edit checkout and author) only his respective divisoin and also read only access to all other documentsof other divisions.

Security permissions - fileupload control



Is it only possible to the asp.net worker process to write files to a server folder?

The reason I ask is I need to create folders, store the files using the fileupload control to a file server. My IT colleague is saying that IIS is not installed on this server and hence cant use asp.net process. Is this the only account you can use to create folders/write files to a server? This is a separate server I am trying to write to, and not writing it to the same web server which the application sits under.

Is it possible to use another domain account to write files to a file server?

Many thanks.

Issue with Code Access Security Policy - deploying a third party dll to bin


Okay, i think most of you guys out there use wspbuilder to build the wsp solutions and to deploy it. So here is my problem.

I'm working on a SharePoint solution which makes use of a third party dll (Telerik for Asp.Net Ajax - Telerik.Web.UI.dll) for rich experience. Since Telerik dll is a common assembly i have to deploy it to the bin folder of the webapplication instead of GAC. So here comes the problem.

WSPBuilder automatically deploys the dll to gac if the dll presents in the GAC folder. To deploy the telerik dll in bin i created the folder 80\bin and copied the dll there. I tried to build the wsp again and then went through the manifest.xml created. Great. The deployment target for the dll changed to WebApplication and wspbuilder was smart to create the cas policy itself.

			<PermissionSet class="NamedPermissionSet

mscorlib>security>policy>policylevel, etc

Hello and thank you for your time I am having trouble communicating between sql and visual studio 2005 the normal stuff  attaching databases etc.. My machine set is as follows win xp sp3, .net 1.1 thru 3.5 and all needed sp's and of course SQL 2005 as well as visual studio 2005 standard. I have not had to deal with machine trust levels since a few years now and when I wiped out my hard drive and did a re-install of mentioned components. I visited Microsoft patterns & practices and looked over the medium trust level document when I opened the web.mediumtrust.config file it was not at all familiar. I want to run my machine level at the mediumtrust level but from what I see the web.mediumtrust.config file is at full trust level how can I change my trust level for my workstation.


Request for the permission of type 'System.Security.Permissions.FileIOPermission, mscorlib, Version


I am using Itext sharp to create a pdf. I am adding an image and I keep getting this error

Request for the permission of type 'System.Security.Permissions.FileIOPermission, mscorlib, Version=, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed.

it is this bit of code that is causing this


string imagepath = "C:\\BMSApplicationFiles\\PDFImages\\bullfrogWeb.gif";

//add the Image to the DOC
  Image bullfrogImage = Image.GetInstance(imagepath);
  bullfrogImage.SetAbsolutePosition(10, doc.PageSize.Height - 36);

If i comment this out, the PDF builds and no errors are thrown (there is just no image)

I don't understand cause I am am trying to do is read a file.

The directory does have full permission granted to IISUser

Any ideas why I am still geting this permissions error?

What are the required Security permissions to call SAM accountmanagement over the wire, using System



I need to perform remote management on the local SAM database.  I am getting a security permission error, but can't figure out what the required permissions need to be.  My test harness works great as a locally authenticated user however the permission issue gets thrown when I am trying to connect to a remote host that isn't part of the domain.

The exception is getting thrown on the call to ValidateCredentials, which is found in the constructor for the LocalAccount class below, specifically you will see it  public LocalAccount(string Server, string User, string Password)

My test environment includes windows 7 machines that are working in a offline mode trying to connect to machines running XP, 2003 and Windows 7 that are not part of the domain.

Any and all help would be appreciated.


using System;
using System.Collections.Generic;
using System.DirectoryServices;
using System.DirectoryServices.AccountManagement;

namespace WindowsManagement
  class Program

Domain groups in Cluster Security policy during install of SQL Server 2008

I am trying to install SQL Server 2008 on Windows server 2003 and have a question about the stage of 'Cluster Security Policy'.

We need to select 2 groups here, one for SQL server database domain group and the other for SQL server agent domain admin group.

My question is, is it different from service accounts that we used to specify in previous versions? I remember the wizard asking for service account that the sql services need to run under. Is this domain group part a replacement for those individual service accounts? If yes, do I need to have the service account added to a separate group and select that group in this part of 'Cluster security policy'?


Code Access Security Policy Tool (Caspol.exe) - detailed description



          I am studying for MCTS - 70-536 , I want more details about caspol utility, its command line options. I have gone through the Link http://msdn.microsoft.com/en-us/library/cb6t8dtz%28VS.80%29.aspx and the MCTS - 70-536 Self Paced Training Kit , 2nd Edition, but I could not find its detailed command line options. Please refer any book or link which can give extensive details about caspol utility.

Thank You


ASP.NetWindows Application  .NET Framework  C#  VB.Net  ADO.Net  
Sql Server  SharePoint  Silverlight  Others  All   

Hall of Fame    Twitter   Terms of Service    Privacy Policy    Contact Us    Archives   Tell A Friend