Code Access Security

[A.M]

Hi,
I am developing an ASP.NET application which works as a very restricted
identity on IIS6.0
The application will just have communication with DB server (no file system
or registery access)

Is there any benefit to consider code access security inside assemblies?

Thanks,
Ali

[[MSFT]]

Hi AIi,

Thank you for using the community. From the description, you have a single
ASP.NET appliaction and it only access a database server. In this case, the
Code Access Security may do little help on security. Code Access Security
is important when the application access local resource or cooperating with
another appplication. In your situation, you only need to ensure the
restricted identity has proper permission to execute the ASP.NET
appliaction and access the database server. And, from the database side, it
should restrict the access, only allow the restricted identity open an
connection.

For more information on Code Access Security and ASP.NET, you may refer to:

[url]http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cpguide/htm[/url]
l/cpconASPNETCodeAccessSecurity.asp

Hope this help,

Luke
Microsoft Online Support

Get Secure! [url]www.microsoft.com/security[/url]
(This posting is provided "AS IS", with no warranties, and confers no
rights.)

[.NET Follower]

if u wnat onle specify assembly call ur assembly
then u can use codeAS
with strong naming conventions...


--
Thanks and Regards,

Amit Agarwal
Software Programmer(.NET)
"[MSFT]" <lukezhan@online.microsoft.com> wrote in message
news:o2hn1DT8DHA.3736@cpmsftngxa07.phx.gbl...

> Hi AIi,
>
> Thank you for using the community. From the description, you have a single
> ASP.NET appliaction and it only access a database server. In this case,

the

> Code Access Security may do little help on security. Code Access Security
> is important when the application access local resource or cooperating

with

> another appplication. In your situation, you only need to ensure the
> restricted identity has proper permission to execute the ASP.NET
> appliaction and access the database server. And, from the database side,

it

> should restrict the access, only allow the restricted identity open an
> connection.
>
> For more information on Code Access Security and ASP.NET, you may refer

to:

>
>

[url]http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cpguide/htm[/url]

> l/cpconASPNETCodeAccessSecurity.asp
>
> Hope this help,
>
> Luke
> Microsoft Online Support
>
> Get Secure! [url]www.microsoft.com/security[/url]
> (This posting is provided "AS IS", with no warranties, and confers no
> rights.)
>

---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system ([url]http://www.grisoft.com[/url]).
Version: 6.0.583 / Virus Database: 369 - Release Date: 2/10/2004

[Joe Kaplan \(MVP - ADSI\)]

In my opinion, it is always good in theory to consider CAS when writing a
DLL as that will make it a better .NET citizen. However, if you are sure
the assembly will only run in a FullTrust environment, then in reality, you
can safely ignore CAS as all permission demands will be granted.

However, ASP.NET does allow administrators to run sites partially trusted,
so you need to make sure that your app will not run partially trusted if you
wish to ignore CAS.

HTH,

Joe K.

"A.M" <IHateSpam@sapm123.com> wrote in message
news:uV7Oe9O8DHA.696@tk2msftngp13.phx.gbl...

> Hi,
> I am developing an ASP.NET application which works as a very restricted
> identity on IIS6.0
> The application will just have communication with DB server (no file

system

> or registery access)
>
> Is there any benefit to consider code access security inside assemblies?
>
> Thanks,
> Ali
>
>
>