Restricted Class Access:CAS

(Namratha’s post on cochindotnet) 

 Managed code offers several ways to restrict method access:
  • Limit the scope of accessibility to the class, assembly, or derived classes, if they can be trusted. This is the simplest way to limit method access. Note that, in general, derived classes can be less trustworthy than the class they derive from, though in some cases they share the parent class’s identity. In particular, do not infer trust from the keyword protected, which is not necessarily used in the security context.
  • Limit the method access to callers of a specified identity — essentially, any particular evidence (strong name, publisher, zone, and so on) you choose.
  • Limit the method access to callers having whatever permissions you select.
Lets see how can we accomplish this.

1) Create a strong named assembly e.g. Calc.dll. with one class called MyClass having the Add() method which add two numbers.
2) .Net Framework has tool called SecUtil.exe.
3) Go to the Visual Studio command prompt
4) Type SecUtil.exe /? . This will display the help and all the available options.
5) Then type secutil.exe -s -hex -c Calc.dll (or the name of ur dll).
6) This will display the public key as hexadecimal value as shown below.

C:DotNetDLLProjbinDebug>secutil -hex -c -s  Calc.dll
Microsoft (R) .NET Framework SecUtil 1.1.4322.573
Copyright (C) Microsoft Corporation 1998-2002. All rights reserved.

Public Key =
Name =
Version =

Now You can use this Public key with any class or method in your assembly that you don’t want anyone else to access, you can use the StrongNameIdentityPermissionAttribute for this. Any calling code that isn’t signed with your .snk file won’t have access to it.

Here I have used it at the class level. You can also achieve the same at method or assembly level.

So,Lets secure our class.

// put this code above the class as shown

   PublicKey = “0x0024000004800000940000000602000000240000525341310004000001000100D96FE3B963FC64″ +
  “B8A9B6CA05B859A67B8B30603A0D696E1F95D8C9B23C5B2EEF139B96A5CC55C2E38D05B7FD675434″ +
public class MyClass
   public MyClass()

   public int Add(int i , int j)

7) Now create any Win app which will be a client app for this assembly.
8) Do not srong name this assembly.
9) Reference the above assembly in the cleint App.
10) Call the Add method or any other method of the Myclass.
11) The code will compile.
12) Try and execute the function call . You will a similar error message.

Additional information: Request for the permission of type System.Security.Permissions.StrongNameIdentityPermission, mscorlib, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 failed.