Code:
/ WCF / WCF / 3.5.30729.1 / untmp / Orcas / SP / ndp / cdf / src / WCF / ServiceModel / System / ServiceModel / PartialTrustHelpers.cs / 1 / PartialTrustHelpers.cs
//------------------------------------------------------------ // Copyright (c) Microsoft Corporation. All rights reserved. //----------------------------------------------------------- namespace System.ServiceModel { using System.Security; using System.Web; using System.Threading; using System.Diagnostics; using System.Reflection; using System.Security.Permissions; static class PartialTrustHelpers { ////// Critical - caches the PermissionSet associated with the asp.net trust level /// this will not change over the life of the AppDomain /// [SecurityCritical] static SecurityContext aspNetSecurityContext; ////// Critical - if erroneously set to true, could bypass the PermitOnly /// [SecurityCritical] static bool isInitialized; ////// RequiresReview - determines if the given PermissionSet is full trust /// we will base subsequent security decisions on this /// [SecurityRequiresReview] static bool IsFullTrust(PermissionSet perms) { return perms == null || perms.IsUnrestricted(); } internal static bool NeedPartialTrustInvoke { ////// Critical - makes a security sensitive decision, updates aspNetSecurityContext and isInitialized /// Safe - ok to know whether the ASP app is partial trust /// [SecurityCritical, SecurityTreatAsSafe] get { if (!isInitialized) { NamedPermissionSet aspNetPermissionSet = HttpRuntime.GetNamedPermissionSet(); if (!IsFullTrust(aspNetPermissionSet)) { try { aspNetPermissionSet.PermitOnly(); aspNetSecurityContext = CaptureSecurityContextNoIdentityFlow(); } finally { CodeAccessPermission.RevertPermitOnly(); } } isInitialized = true; } return aspNetSecurityContext != null; } } ////// Critical - captures security context with identity flow suppressed, this requires satisfying a LinkDemand for infrastructure /// [SecurityCritical] internal static SecurityContext CaptureSecurityContextNoIdentityFlow() { // capture the security context but never flow windows identity if (SecurityContext.IsWindowsIdentityFlowSuppressed()) { return SecurityContext.Capture(); } else { using (SecurityContext.SuppressFlowWindowsIdentity()) { return SecurityContext.Capture(); } } } ////// Critical - touches aspNetSecurityContext /// Safe - ok to invoke the user's delegate under the PT context /// [SecurityCritical, SecurityTreatAsSafe] internal static void PartialTrustInvoke(ContextCallback callback, object state) { if (NeedPartialTrustInvoke) { SecurityContext.Run(aspNetSecurityContext.CreateCopy(), callback, state); } else { callback(state); } } ////// Critical - used in a security-sensitive decision /// [SecurityCritical] internal static bool IsTypeAptca(Type type) { Assembly assembly = type.Assembly; return IsAssemblyAptca(assembly) || !IsAssemblySigned(assembly); } ////// Critical - used in a security-sensitive decision /// [SecurityCritical] static Type aptca; ////// Critical - used in a security-sensitive decision /// [SecurityCritical] static bool IsAssemblyAptca(Assembly assembly) { if (aptca == null) { aptca = typeof(AllowPartiallyTrustedCallersAttribute); } return assembly.GetCustomAttributes(aptca, false).Length > 0; } ////// Critical - used in a security-sensitive decision /// [SecurityCritical] [FileIOPermission(SecurityAction.Assert, Unrestricted=true)] static bool IsAssemblySigned(Assembly assembly) { byte[] publicKeyToken = assembly.GetName().GetPublicKeyToken(); return publicKeyToken != null & publicKeyToken.Length > 0; } } } // File provided for Reference Use Only by Microsoft Corporation (c) 2007. // Copyright (c) Microsoft Corporation. All rights reserved.
Link Menu
This book is available now!
Buy at Amazon US or
Buy at Amazon UK
- RowUpdatingEventArgs.cs
- DocComment.cs
- NullableLongAverageAggregationOperator.cs
- LOSFormatter.cs
- Executor.cs
- NotifyInputEventArgs.cs
- HtmlLinkAdapter.cs
- XmlEncoding.cs
- DiscoveryProxy.cs
- PathFigure.cs
- TextElement.cs
- ModelVisual3D.cs
- XmlExceptionHelper.cs
- QuaternionAnimation.cs
- DefaultWorkflowTransactionService.cs
- MethodBody.cs
- APCustomTypeDescriptor.cs
- x509store.cs
- XPathAxisIterator.cs
- HWStack.cs
- SizeIndependentAnimationStorage.cs
- SafeFileHandle.cs
- WebDescriptionAttribute.cs
- ServiceModelConfigurationSectionGroup.cs
- Crypto.cs
- XsdValidatingReader.cs
- DrawListViewSubItemEventArgs.cs
- Barrier.cs
- FormatConvertedBitmap.cs
- ServicesSection.cs
- HtmlUtf8RawTextWriter.cs
- InvalidFilterCriteriaException.cs
- AssemblyAttributesGoHere.cs
- SrgsRulesCollection.cs
- NativeMethods.cs
- SoapExtensionTypeElementCollection.cs
- TextElementCollectionHelper.cs
- StateMachineTimers.cs
- ContainerAction.cs
- HttpInputStream.cs
- AppDomainShutdownMonitor.cs
- XmlSerializableServices.cs
- HandleCollector.cs
- COM2ComponentEditor.cs
- HMACRIPEMD160.cs
- NotifyInputEventArgs.cs
- NumericUpDownAcceleration.cs
- __FastResourceComparer.cs
- PersonalizableTypeEntry.cs
- SatelliteContractVersionAttribute.cs
- EntitySetBaseCollection.cs
- Size3DValueSerializer.cs
- WCFBuildProvider.cs
- FolderBrowserDialogDesigner.cs
- TypeReference.cs
- HtmlInputReset.cs
- CalendarTable.cs
- CompensationHandlingFilter.cs
- TransformPatternIdentifiers.cs
- ColumnClickEvent.cs
- MetabaseSettings.cs
- PackWebResponse.cs
- SHA384Cng.cs
- TextEditorDragDrop.cs
- TdsRecordBufferSetter.cs
- FormViewRow.cs
- SelectorItemAutomationPeer.cs
- MetadataArtifactLoaderCompositeResource.cs
- TextDecorationCollectionConverter.cs
- File.cs
- Mouse.cs
- DocumentPageViewAutomationPeer.cs
- PrintController.cs
- ObjectDataSourceSelectingEventArgs.cs
- NoneExcludedImageIndexConverter.cs
- ToolStripPanelRenderEventArgs.cs
- ListViewDesigner.cs
- DataSourceSelectArguments.cs
- Clause.cs
- MarkupProperty.cs
- QueueException.cs
- EdmToObjectNamespaceMap.cs
- HttpListener.cs
- TreeViewBindingsEditorForm.cs
- HtmlEmptyTagControlBuilder.cs
- OpenTypeCommon.cs
- ProcessInfo.cs
- CursorInteropHelper.cs
- HtmlMeta.cs
- HTTPRemotingHandler.cs
- WithParamAction.cs
- ProfileSettingsCollection.cs
- CodeTypeReferenceCollection.cs
- LinkLabel.cs
- PageHandlerFactory.cs
- ReliabilityContractAttribute.cs
- RequestCacheManager.cs
- CorrelationResolver.cs
- ISCIIEncoding.cs
- SqlDataSourceConfigureSelectPanel.cs