Code:
/ WCF / WCF / 3.5.30729.1 / untmp / Orcas / SP / ndp / cdf / src / WCF / ServiceModel / System / ServiceModel / PartialTrustHelpers.cs / 1 / PartialTrustHelpers.cs
//------------------------------------------------------------ // Copyright (c) Microsoft Corporation. All rights reserved. //----------------------------------------------------------- namespace System.ServiceModel { using System.Security; using System.Web; using System.Threading; using System.Diagnostics; using System.Reflection; using System.Security.Permissions; static class PartialTrustHelpers { ////// Critical - caches the PermissionSet associated with the asp.net trust level /// this will not change over the life of the AppDomain /// [SecurityCritical] static SecurityContext aspNetSecurityContext; ////// Critical - if erroneously set to true, could bypass the PermitOnly /// [SecurityCritical] static bool isInitialized; ////// RequiresReview - determines if the given PermissionSet is full trust /// we will base subsequent security decisions on this /// [SecurityRequiresReview] static bool IsFullTrust(PermissionSet perms) { return perms == null || perms.IsUnrestricted(); } internal static bool NeedPartialTrustInvoke { ////// Critical - makes a security sensitive decision, updates aspNetSecurityContext and isInitialized /// Safe - ok to know whether the ASP app is partial trust /// [SecurityCritical, SecurityTreatAsSafe] get { if (!isInitialized) { NamedPermissionSet aspNetPermissionSet = HttpRuntime.GetNamedPermissionSet(); if (!IsFullTrust(aspNetPermissionSet)) { try { aspNetPermissionSet.PermitOnly(); aspNetSecurityContext = CaptureSecurityContextNoIdentityFlow(); } finally { CodeAccessPermission.RevertPermitOnly(); } } isInitialized = true; } return aspNetSecurityContext != null; } } ////// Critical - captures security context with identity flow suppressed, this requires satisfying a LinkDemand for infrastructure /// [SecurityCritical] internal static SecurityContext CaptureSecurityContextNoIdentityFlow() { // capture the security context but never flow windows identity if (SecurityContext.IsWindowsIdentityFlowSuppressed()) { return SecurityContext.Capture(); } else { using (SecurityContext.SuppressFlowWindowsIdentity()) { return SecurityContext.Capture(); } } } ////// Critical - touches aspNetSecurityContext /// Safe - ok to invoke the user's delegate under the PT context /// [SecurityCritical, SecurityTreatAsSafe] internal static void PartialTrustInvoke(ContextCallback callback, object state) { if (NeedPartialTrustInvoke) { SecurityContext.Run(aspNetSecurityContext.CreateCopy(), callback, state); } else { callback(state); } } ////// Critical - used in a security-sensitive decision /// [SecurityCritical] internal static bool IsTypeAptca(Type type) { Assembly assembly = type.Assembly; return IsAssemblyAptca(assembly) || !IsAssemblySigned(assembly); } ////// Critical - used in a security-sensitive decision /// [SecurityCritical] static Type aptca; ////// Critical - used in a security-sensitive decision /// [SecurityCritical] static bool IsAssemblyAptca(Assembly assembly) { if (aptca == null) { aptca = typeof(AllowPartiallyTrustedCallersAttribute); } return assembly.GetCustomAttributes(aptca, false).Length > 0; } ////// Critical - used in a security-sensitive decision /// [SecurityCritical] [FileIOPermission(SecurityAction.Assert, Unrestricted=true)] static bool IsAssemblySigned(Assembly assembly) { byte[] publicKeyToken = assembly.GetName().GetPublicKeyToken(); return publicKeyToken != null & publicKeyToken.Length > 0; } } } // File provided for Reference Use Only by Microsoft Corporation (c) 2007. // Copyright (c) Microsoft Corporation. All rights reserved.
Link Menu

This book is available now!
Buy at Amazon US or
Buy at Amazon UK
- ProjectionPruner.cs
- QilFactory.cs
- AtomicFile.cs
- OdbcConnectionPoolProviderInfo.cs
- PaintEvent.cs
- _OverlappedAsyncResult.cs
- Msec.cs
- XmlTextReader.cs
- RSAPKCS1KeyExchangeFormatter.cs
- BitmapEffectInputData.cs
- MarkupCompiler.cs
- ListBoxItemWrapperAutomationPeer.cs
- ToolboxItemAttribute.cs
- ResourcesGenerator.cs
- DataServiceResponse.cs
- Matrix3D.cs
- CacheRequest.cs
- RightsManagementProvider.cs
- TextAction.cs
- ControlBuilder.cs
- EventSourceCreationData.cs
- SystemWebCachingSectionGroup.cs
- Stylus.cs
- ReturnValue.cs
- SecurityTokenTypes.cs
- RootBuilder.cs
- HttpFileCollectionWrapper.cs
- SessionPageStateSection.cs
- SqlCrossApplyToCrossJoin.cs
- DataGridDetailsPresenter.cs
- TextEditorThreadLocalStore.cs
- AttributeSetAction.cs
- ServerIdentity.cs
- DataGridViewComboBoxCell.cs
- DataErrorValidationRule.cs
- DispatcherHooks.cs
- XmlSerializerVersionAttribute.cs
- GenericEnumConverter.cs
- RangeValueProviderWrapper.cs
- DataControlImageButton.cs
- ComboBox.cs
- SuppressMessageAttribute.cs
- EventArgs.cs
- Converter.cs
- HybridWebProxyFinder.cs
- XmlIgnoreAttribute.cs
- CodeSnippetExpression.cs
- Triangle.cs
- FaultFormatter.cs
- WebPartEditorOkVerb.cs
- X509CertificateCollection.cs
- GenericTextProperties.cs
- TextServicesCompartmentEventSink.cs
- CacheForPrimitiveTypes.cs
- TableDesigner.cs
- OpenFileDialog.cs
- ExeConfigurationFileMap.cs
- DataGridTextBoxColumn.cs
- EventlogProvider.cs
- ObsoleteAttribute.cs
- DataGridViewCellParsingEventArgs.cs
- KnownTypes.cs
- ReachVisualSerializerAsync.cs
- StreamGeometry.cs
- DecimalAnimation.cs
- PlatformNotSupportedException.cs
- MessageBox.cs
- InstanceDescriptor.cs
- EntityContainerEmitter.cs
- AssemblyNameProxy.cs
- ServiceRouteHandler.cs
- LabelLiteral.cs
- XmlSerializerFactory.cs
- WindowsRegion.cs
- AndMessageFilterTable.cs
- CachingHintValidation.cs
- Scheduler.cs
- EntityDataSourceReferenceGroup.cs
- BaseHashHelper.cs
- NamedElement.cs
- TextTreeTextNode.cs
- DropTarget.cs
- DataGridViewTextBoxEditingControl.cs
- TaskExtensions.cs
- TokenBasedSetEnumerator.cs
- ServerIdentity.cs
- HttpChannelBindingToken.cs
- WhitespaceRuleLookup.cs
- TableCell.cs
- ReadOnlyAttribute.cs
- AnnotationElement.cs
- ScaleTransform3D.cs
- SystemIcmpV4Statistics.cs
- BookmarkScopeManager.cs
- keycontainerpermission.cs
- WbmpConverter.cs
- Evidence.cs
- RoutedUICommand.cs
- StringOutput.cs
- SQLCharsStorage.cs