Recipe 14.11 Verifying that an Assembly Has Been Granted Specific Permissions

Problem

When your assembly requests optional permissions (such as asking for disk access to enable users to export data to disk as a product feature) using the SecurityAction.RequestOptional flag, it might or might not get those permissions. Regardless, your assembly will still load and execute. You need a way to verify whether your assembly actually obtained those permissions. This can help prevent many security exceptions from being thrown. For example, if you optionally requested read/write permissions on the registry, but did not receive them, you could disable the user interface controls that are used to read and store application settings in the registry.

Solution

Check to see if your assembly received the optional permissions using the SecurityManager.IsGranted method like this:

using System;
using System.Text.RegularExpressions;
using System.Web;
using System.Net;
using System.Security;

Regex regex = new Regex(@"http://www\.oreilly\.com/.*");
WebPermission webConnectPerm = new WebPermission(NetworkAccess.Connect,regex);
if(SecurityManager.IsGranted(webConnectPerm))
{
   // connect to the oreilly site
}

This code would set up a Regex for the O'Reilly web site and then use it to create a WebPermission for connecting to that site and all sites containing the www.oreilly.com string. We would then check the WebPermission against the SecurityManager to see whether we have the permission to do this.

Discussion

The IsGranted method is a lightweight way of determining whether permission is granted for an assembly without incurring the full stackwalk that a Demand would give you. This method can be helpful not only in determining the permissions available at runtime, but for helping performance by not incurring the stackwalk from a Demand as well. The downside to this approach is that the code would still be subject to a luring attack if Assert were misused, so you need to consider where the call to IsGranted is being made in the overall scheme of your security.

Some of the reasons you might design an assembly to have optional permissions is for deployment in different customer scenarios. In some scenarios (like desktop applications), it might be acceptable to have an assembly that can perform more robust actions (talk to a database, create network traffic via HTTP, etc.). In other scenarios, you would defer these actions if the customer did not wish to grant enough permissions for these extra services to function.

See Also

See the "WebPermission Class," "SecurityManager Class," and "IsGranted Method" topics in the MSDN documentation.