about SqlClientPermission

  • Thread starter Thread starter Tony
  • Start date Start date
T

Tony

Here I have a short code snippet that works but I don't really understand
hot it works.
I use the SqlClientPermission to say that I only accept the specified
datasource and Initial Catalog.
What I don't understand is how can the usage of SqlClientPermission affect
that get SecurityException when I
try to do con.Open();

In the first line I create the SqlClientPermission.
In the second line I add the which Data Source and Initial catalog that is
valid to connect to.
In the third line I switch on to enforce the security check:

It seems to me that when I use this SqlClientPermission in the way that I do
all connection is being checked
by this SqlClientPermission so if a connectionstring is different from this
"Data Source=localhost; Initial Catalog=Northwind;Integrated Security=True"
an exception is being thrown.

I mean it's like a pipe and in the middle of the pipe we have this
SqlClientPermission checking all access to the database. Is that correct
understood by me ?

protected void Page_Load(object sender, EventArgs e)
{
SqlClientPermission perm = new
SqlClientPermission(PermissionState.None);
perm.Add(@"Data Source=localhost; Initial
Catalog=Northwind;Integrated Security=True;",
null,KeyRestrictionBehavior.AllowOnly);
perm.PermitOnly();

SqlConnection con = new SqlConnection(@"Data Source=localhost;
Initial Catalog=Pubs;Integrated Security=True;");
con.Open();
}

//Tony

SecurityException
 
Here I have a short code snippet that works but I don't really understand
hot it works.
I use the SqlClientPermission to say that I only accept the specified
datasource and Initial Catalog.
What I don't understand is how can the usage of SqlClientPermission affect
that get SecurityException when I
try to do con.Open();

In the first line I create the SqlClientPermission.
In the second line I add the which Data Source and Initial catalog that is
valid to connect to.
In the third line I switch on to enforce the security check:

It seems to me that when I use this SqlClientPermission in the way that Ido
all connection is being checked
by this SqlClientPermission so if a connectionstring is different from this
"Data Source=localhost; Initial Catalog=Northwind;Integrated Security=True"
an exception is being thrown.

I mean it's like a pipe and in the middle of the pipe we have this
SqlClientPermission checking all access to the database. Is that correct
understood by me ?

protected void Page_Load(object sender, EventArgs e)
{
        SqlClientPermission perm = new
SqlClientPermission(PermissionState.None);
        perm.Add(@"Data Source=localhost; Initial
Catalog=Northwind;Integrated Security=True;",
        null,KeyRestrictionBehavior.AllowOnly);
        perm.PermitOnly();

        SqlConnection con = new SqlConnection(@"Data Source=localhost;
Initial Catalog=Pubs;Integrated Security=True;");
        con.Open();

}

//Tony

SecurityException
Click to expand...

Seems you are missing the calling the perm.Assert() function. Check
this links

http://msdn.microsoft.com/en-us/library/aa655056.aspx
http://forums.asp.net/t/1177549.aspx/1
 
Back
Top