Minimum Permission Required for Assembly

A jumpstart on security your applications by determining and applying only the minimum required permissions. [more]

I ran into this thread on Resetting your web application or web site without recycling app pool or IIS. just recently. The basic idea of the first option for achieving its goal is to call "HttpRuntime.UnloadAppDomain();". Interestingly there's a note before that relevant code block:

// Method #1
// It requires high security permissions, so it may not
// work in your environment 

The other one is to set the LastWriteTimeUTC of the web.config (touching the web.config will trigger an appdomain unload/restart). Which in itself also requires some permission to modify web.config. 

Hmmm. So how will I know if it will work on my environment?

Looking around, I found this next How Do I…Request the permissions my code needs? BUT it actually only discusses how to "request" permissions that is needed by my (our) assembly. How do I know what I need to request in the first place?

Next stop, look for permissions the specific method ("UnloadAppDomain") requires? And where else but MSDN (or you can always google too). Now, as expected, you don't want just anyone restarting your site(s) over and over again so as pointed out there, this the method is decorated with this attribute : [SecurityPermissionAttribute(SecurityAction.Demand, ControlAppDomain = true)].

So the first way to determine minimum permissions is to review your code, determine what resources are accessed and operations are performed. Look for permissions required for those method and you're good.

However, if you have lots of calls and you need a startup point for determining your minimum permissions that's where PERMCALC.EXE (also goes by the name Minimum Grant Set Determination tool and Permission Calculator Tool (from MSDN) comes in. I ran into from How to: Use Code Access Security (CAS) in ASP.NET 2.0 in Channel9 (online). As in the link's title it also happens to be a good discussion for CAS in ASP.NET 2.0. CAS in general IMHO is trivial so ASP.NET had some ways of simplifying it for web applications. This link is a must-read so please feel free to leave this page for now and go read it before moving further.

Going back to AppDomain.Unload(), SecurityPermission with "ControlAppDomain" flag is actually something not available with minimal, low, medium nor high trust policy. So it's "almost" implied that you should run in FullTrust. But take note "almost", because I believe you can actually have a custom policy (say High trust with just the added SecurityPermission.Flags including AppDomainControl) rather than run your app in FullTrust when you don't really have to.

I must also mention that one weird thing I have noted is calling permcalc.exe -show <myassembly.exe or dll> and looking at the <sandbox> element returns different content than permcalc.exe -show -sandbox <myassembly.exe or dll>. For example running against a simple WindowsForms executable includes an IPermission that has Flags="UnmanagedCode" but having the -sandbox switch adds a new flag "Execution". I'll see what else I can find next time or maybe hopefully someone can clarify this. Along with the difference between <demand> and <sandbox>.

Another thing on the channel 9 link, it states that to configure trust level for your specific application you copy the web_CustomTrust.config to your application's vdir. But actually you can just leave it in the CONFIG folder of the framework and just set your trust level attribute in your application's web.config to the trustLevel name you assigned to the custom config file.

In the case of ASP.NET Web Site Projects (not to be confused with Web Application Projects) you would need to precompile your project to be able to use PERMCALC as you have read in one of the articlse above, it can only be run against assembly and not on ASPX pages directly.

Check out these links too:

  1. Channel9 Security How Tos
  2. Issues with PERMCALC
  3. Importing Permcalc Output into the .NET Framework Configuration Tool (Mscorcfg.msc) – it might be nice to have an app to perform this conversion automatically

I've always been intrigued with security but I'd have to say I have a
lot to learn about it so feel free to comment on this post if there's
anything I'm getting wrong or I'm missing, you simply want to drop by.

So there you have it, minimum permissions and making the world a safer place one thing at a time Laughing Now got to get back to work.