Custom CodeAccessSecurityAttribute

Martin Lapierre · Oct 29, 2003

I try to make a custom CodeAccessSecurityAttribute, but hit the wall at
every corner.

I created a simple custom security attribute, which is working (see below).
But...
1) I have to put the assembly in "C:\Program Files\Microsoft Visual Studio
..NET 2003\Common7\IDE": shoudn't it be the application's directory instead?
2) I'm unable to debug it.

Any clues as how to change the required directory and how to debug the
assembly?

(The goal is, in the end, to access a database in the attribute.)

Thanks!

Martin

==== Code ====

[AttributeUsage(AttributeTargets.Method)]
public class CustomPermissionAttribute : CodeAccessSecurityAttribute
{
public CustomPermissionAttribute(SecurityAction action)
: base(action)
{}
public override IPermission CreatePermission()
{ return new PrincipalPermission("john", "role"); }
}

Ivan Medvedev [MS] · Nov 3, 2003

Martin -
the right thing to do is to put the assembly containing attribute
implementation in the GAC and add it to the fully trusted assemblies list
(caspol -af).
Hope this helps.
--Ivan
http://blogs.gotdotnet.com/ivanmed
This message is provided "AS IS" with no warranties, and confers no rights.

Martin Lapierre · Nov 4, 2003

Thanks, but do you know how I can debug such an assembly ?

Ivan Medvedev said:
Martin -
the right thing to do is to put the assembly containing attribute
implementation in the GAC and add it to the fully trusted assemblies list
(caspol -af).
Hope this helps.
--Ivan
http://blogs.gotdotnet.com/ivanmed
This message is provided "AS IS" with no warranties, and confers no rights.

Martin Lapierre said:

I try to make a custom CodeAccessSecurityAttribute, but hit the wall at
every corner.

I created a simple custom security attribute, which is working (see below).
But...
1) I have to put the assembly in "C:\Program Files\Microsoft Visual Studio
.NET 2003\Common7\IDE": shoudn't it be the application's directory instead?
2) I'm unable to debug it.

Any clues as how to change the required directory and how to debug the
assembly?

(The goal is, in the end, to access a database in the attribute.)

Thanks!

Martin

==== Code ====

[AttributeUsage(AttributeTargets.Method)]
public class CustomPermissionAttribute : CodeAccessSecurityAttribute
{
public CustomPermissionAttribute(SecurityAction action)
: base(action)
{}
public override IPermission CreatePermission()
{ return new PrincipalPermission("john", "role"); }
}

Click to expand...

Ivan Medvedev [MS] · Nov 4, 2003

Martin -
what debugging problems are you having? Do you have the rigth debug symbols
at the right place? Are you using VS or cordbg?
--Ivan
http://blogs.gotdotnet.com/ivanmed
This message is provided "AS IS" with no warranties, and confers no rights.

Martin Lapierre said:
Thanks, but do you know how I can debug such an assembly ?

Ivan Medvedev said:

Martin -
the right thing to do is to put the assembly containing attribute
implementation in the GAC and add it to the fully trusted assemblies list
(caspol -af).
Hope this helps.
--Ivan
http://blogs.gotdotnet.com/ivanmed
This message is provided "AS IS" with no warranties, and confers no rights.

Martin Lapierre said:

I try to make a custom CodeAccessSecurityAttribute, but hit the wall at
every corner.

I created a simple custom security attribute, which is working (see below).
But...
1) I have to put the assembly in "C:\Program Files\Microsoft Visual Studio
.NET 2003\Common7\IDE": shoudn't it be the application's directory instead?
2) I'm unable to debug it.

Any clues as how to change the required directory and how to debug the
assembly?

(The goal is, in the end, to access a database in the attribute.)

Thanks!

Martin

==== Code ====

[AttributeUsage(AttributeTargets.Method)]
public class CustomPermissionAttribute : CodeAccessSecurityAttribute
{
public CustomPermissionAttribute(SecurityAction action)
: base(action)
{}
public override IPermission CreatePermission()
{ return new PrincipalPermission("john", "role"); }
}

Click to expand...

Click to expand...

Martin Lapierre · Nov 5, 2003

I use VS and the attribute is in the GAC (I can see that its code is
executed). But I can't step-in the code of the attribute assembly. It's kind
of called by the framework somewhere. I need to be able to debug the
attribute assembly to add more sophisticated code. Do you know how to debug
that assembly?

Thanks again for any help!

PS: Right now, I'm testing with a pretty basic attribute:

[AttributeUsage(AttributeTargets.Method)]
public class CustomPermissionAttribute : CodeAccessSecurityAttribute
{
public CustomPermissionAttribute(SecurityAction action)
: base(action)
{
}

public override IPermission CreatePermission()
{
return new PrincipalPermission("User");
}
}

Ivan Medvedev said:
Martin -
what debugging problems are you having? Do you have the rigth debug symbols
at the right place? Are you using VS or cordbg?
--Ivan
http://blogs.gotdotnet.com/ivanmed
This message is provided "AS IS" with no warranties, and confers no rights.

Martin Lapierre said:

Thanks, but do you know how I can debug such an assembly ?

Ivan Medvedev said:

Martin -
the right thing to do is to put the assembly containing attribute
implementation in the GAC and add it to the fully trusted assemblies list
(caspol -af).
Hope this helps.
--Ivan
http://blogs.gotdotnet.com/ivanmed
This message is provided "AS IS" with no warranties, and confers no rights.

I try to make a custom CodeAccessSecurityAttribute, but hit the wall at
every corner.

I created a simple custom security attribute, which is working (see
below).
But...
1) I have to put the assembly in "C:\Program Files\Microsoft Visual Studio
.NET 2003\Common7\IDE": shoudn't it be the application's directory
instead?
2) I'm unable to debug it.

Any clues as how to change the required directory and how to debug the
assembly?

(The goal is, in the end, to access a database in the attribute.)

Thanks!

Martin

==== Code ====

[AttributeUsage(AttributeTargets.Method)]
public class CustomPermissionAttribute : CodeAccessSecurityAttribute
{
public CustomPermissionAttribute(SecurityAction action)
: base(action)
{}
public override IPermission CreatePermission()
{ return new PrincipalPermission("john", "role"); }
}

Click to expand...

Click to expand...

Ivan Medvedev [MS] · Nov 5, 2003

Martin -
you won't be able to step-in because there is no explicit call into the
attribute code. Try setting a breakpoint and then starting the process being
debugger. In the 'Modules' window make sure the debug symbols are loaded for
the module containing the attribute implementation.
--Ivan
http://blogs.gotdotnet.com/ivanmed
This posting is provided "AS IS" with no warranties, and confers no rights

Martin Lapierre said:
I use VS and the attribute is in the GAC (I can see that its code is
executed). But I can't step-in the code of the attribute assembly. It's kind
of called by the framework somewhere. I need to be able to debug the
attribute assembly to add more sophisticated code. Do you know how to debug
that assembly?

Thanks again for any help!

PS: Right now, I'm testing with a pretty basic attribute:

[AttributeUsage(AttributeTargets.Method)]
public class CustomPermissionAttribute : CodeAccessSecurityAttribute
{
public CustomPermissionAttribute(SecurityAction action)
: base(action)
{
}

public override IPermission CreatePermission()
{
return new PrincipalPermission("User");
}
}

Ivan Medvedev said:

Martin -
what debugging problems are you having? Do you have the rigth debug symbols
at the right place? Are you using VS or cordbg?
--Ivan
http://blogs.gotdotnet.com/ivanmed
This message is provided "AS IS" with no warranties, and confers no rights.

Martin Lapierre said:

Thanks, but do you know how I can debug such an assembly ?

Martin -
the right thing to do is to put the assembly containing attribute
implementation in the GAC and add it to the fully trusted assemblies list
(caspol -af).
Hope this helps.
--Ivan
http://blogs.gotdotnet.com/ivanmed
This message is provided "AS IS" with no warranties, and confers no
rights.

I try to make a custom CodeAccessSecurityAttribute, but hit the

Click to expand...

wall
at

every corner.

I created a simple custom security attribute, which is working (see
below).
But...
1) I have to put the assembly in "C:\Program Files\Microsoft Visual
Studio
.NET 2003\Common7\IDE": shoudn't it be the application's directory
instead?
2) I'm unable to debug it.

Any clues as how to change the required directory and how to debug the
assembly?

(The goal is, in the end, to access a database in the attribute.)

Thanks!

Martin

==== Code ====

[AttributeUsage(AttributeTargets.Method)]
public class CustomPermissionAttribute : CodeAccessSecurityAttribute
{
public CustomPermissionAttribute(SecurityAction action)
: base(action)
{}
public override IPermission CreatePermission()
{ return new PrincipalPermission("john", "role"); }
}

Click to expand...

Click to expand...

Martin Lapierre · Nov 6, 2003

Ivan, we're getting closer, but it's not working: I've made sure to load the
module; I've even added a static method to the attribute that I call before
using the attribute (I can step into that method). BUT I can't step in the
instance method (breakpoints can be set but don't work). The feeling I have
is that for security, the assembly containing the attribute is loaded by the
framework in some other process (???).

I also tried asserting the method to find my way in, but noting came up.

Ivan Medvedev said:
Martin -
you won't be able to step-in because there is no explicit call into the
attribute code. Try setting a breakpoint and then starting the process being
debugger. In the 'Modules' window make sure the debug symbols are loaded for
the module containing the attribute implementation.
--Ivan
http://blogs.gotdotnet.com/ivanmed
This posting is provided "AS IS" with no warranties, and confers no rights

Martin Lapierre said:

I use VS and the attribute is in the GAC (I can see that its code is
executed). But I can't step-in the code of the attribute assembly. It's kind
of called by the framework somewhere. I need to be able to debug the
attribute assembly to add more sophisticated code. Do you know how to debug
that assembly?

Thanks again for any help!

PS: Right now, I'm testing with a pretty basic attribute:

[AttributeUsage(AttributeTargets.Method)]
public class CustomPermissionAttribute : CodeAccessSecurityAttribute
{
public CustomPermissionAttribute(SecurityAction action)
: base(action)
{
}

public override IPermission CreatePermission()
{
return new PrincipalPermission("User");
}
}

Ivan Medvedev said:

Martin -
what debugging problems are you having? Do you have the rigth debug symbols
at the right place? Are you using VS or cordbg?
--Ivan
http://blogs.gotdotnet.com/ivanmed
This message is provided "AS IS" with no warranties, and confers no rights.

Thanks, but do you know how I can debug such an assembly ?

Martin -
the right thing to do is to put the assembly containing attribute
implementation in the GAC and add it to the fully trusted assemblies
list
(caspol -af).
Hope this helps.
--Ivan
http://blogs.gotdotnet.com/ivanmed
This message is provided "AS IS" with no warranties, and confers no
rights.

I try to make a custom CodeAccessSecurityAttribute, but hit the wall
at
every corner.

I created a simple custom security attribute, which is working (see
below).
But...
1) I have to put the assembly in "C:\Program Files\Microsoft Visual
Studio
.NET 2003\Common7\IDE": shoudn't it be the application's directory
instead?
2) I'm unable to debug it.

Any clues as how to change the required directory and how to

Click to expand...

debug
the

assembly?

(The goal is, in the end, to access a database in the attribute.)

Thanks!

Martin

==== Code ====

[AttributeUsage(AttributeTargets.Method)]
public class CustomPermissionAttribute : CodeAccessSecurityAttribute
{
public CustomPermissionAttribute(SecurityAction action)
: base(action)
{}
public override IPermission CreatePermission()
{ return new PrincipalPermission("john", "role"); }
}

Click to expand...

Click to expand...

Martin Lapierre · Nov 6, 2003

Well, that will probably be my last comment on this. I've added a file trace
in the attribute. The funny thing is that the trace is written to the file
when the assembly that uses the attribute is COMPILED. My conclusion is that
the *code access security* attribute is tested between the assemblies at
compile time and not at runtime, and that all the appropriate security info
is set in the using assembly's metadata. I guess that if I want to debug the
attribute dll, I have to use the compiler as the executing process. Far too
much trouble for what I need. Weird issue.

Martin

Martin Lapierre said:
Ivan, we're getting closer, but it's not working: I've made sure to load the
module; I've even added a static method to the attribute that I call before
using the attribute (I can step into that method). BUT I can't step in the
instance method (breakpoints can be set but don't work). The feeling I have
is that for security, the assembly containing the attribute is loaded by the
framework in some other process (???).

I also tried asserting the method to find my way in, but noting came up.

Ivan Medvedev said:

Martin -
you won't be able to step-in because there is no explicit call into the
attribute code. Try setting a breakpoint and then starting the process being
debugger. In the 'Modules' window make sure the debug symbols are loaded for
the module containing the attribute implementation.
--Ivan
http://blogs.gotdotnet.com/ivanmed
This posting is provided "AS IS" with no warranties, and confers no rights

Martin Lapierre said:

I use VS and the attribute is in the GAC (I can see that its code is
executed). But I can't step-in the code of the attribute assembly.

Click to expand...

It's
kind

of called by the framework somewhere. I need to be able to debug the
attribute assembly to add more sophisticated code. Do you know how to debug
that assembly?

Thanks again for any help!

PS: Right now, I'm testing with a pretty basic attribute:

[AttributeUsage(AttributeTargets.Method)]
public class CustomPermissionAttribute : CodeAccessSecurityAttribute
{
public CustomPermissionAttribute(SecurityAction action)
: base(action)
{
}

public override IPermission CreatePermission()
{
return new PrincipalPermission("User");
}
}

Martin -
what debugging problems are you having? Do you have the rigth debug
symbols
at the right place? Are you using VS or cordbg?
--Ivan
http://blogs.gotdotnet.com/ivanmed
This message is provided "AS IS" with no warranties, and confers no
rights.

Thanks, but do you know how I can debug such an assembly ?

Martin -
the right thing to do is to put the assembly containing attribute
implementation in the GAC and add it to the fully trusted assemblies
list
(caspol -af).
Hope this helps.
--Ivan
http://blogs.gotdotnet.com/ivanmed
This message is provided "AS IS" with no warranties, and confers no
rights.

I try to make a custom CodeAccessSecurityAttribute, but hit

Click to expand...

the
wall

at
every corner.

I created a simple custom security attribute, which is working (see
below).
But...
1) I have to put the assembly in "C:\Program Files\Microsoft Visual
Studio
.NET 2003\Common7\IDE": shoudn't it be the application's directory
instead?
2) I'm unable to debug it.

Any clues as how to change the required directory and how to debug
the
assembly?

(The goal is, in the end, to access a database in the attribute.)

Thanks!

Martin

==== Code ====

[AttributeUsage(AttributeTargets.Method)]
public class CustomPermissionAttribute :
CodeAccessSecurityAttribute
{
public CustomPermissionAttribute(SecurityAction action)
: base(action)
{}
public override IPermission CreatePermission()
{ return new PrincipalPermission("john", "role"); }
}

Click to expand...

Click to expand...

Ivan Medvedev [MS] · Nov 6, 2003

Martin -
what you are observing is expected. The declarative security attributes are
stored in the assembly metadata in the xml format, which gets created at the
compile time, so the contructor and the ToXml-related code is being invoked
at the compile time. At the run time the attribute is being read,
de-serialized and the right permission object is created.
--Ivan
http://blogs.gotdotnet.com/ivanmed
This posting is provided "AS IS" with no warranties, and confers no rights

Martin Lapierre said:
Well, that will probably be my last comment on this. I've added a file trace
in the attribute. The funny thing is that the trace is written to the file
when the assembly that uses the attribute is COMPILED. My conclusion is that
the *code access security* attribute is tested between the assemblies at
compile time and not at runtime, and that all the appropriate security info
is set in the using assembly's metadata. I guess that if I want to debug the
attribute dll, I have to use the compiler as the executing process. Far too
much trouble for what I need. Weird issue.

Martin

Martin Lapierre said:

Ivan, we're getting closer, but it's not working: I've made sure to load the
module; I've even added a static method to the attribute that I call before
using the attribute (I can step into that method). BUT I can't step in the
instance method (breakpoints can be set but don't work). The feeling I have
is that for security, the assembly containing the attribute is loaded by the
framework in some other process (???).

I also tried asserting the method to find my way in, but noting came up.

Ivan Medvedev said:

Martin -
you won't be able to step-in because there is no explicit call into the
attribute code. Try setting a breakpoint and then starting the process being
debugger. In the 'Modules' window make sure the debug symbols are

Click to expand...

loaded
for

the module containing the attribute implementation.
--Ivan
http://blogs.gotdotnet.com/ivanmed
This posting is provided "AS IS" with no warranties, and confers no rights

I use VS and the attribute is in the GAC (I can see that its code is
executed). But I can't step-in the code of the attribute assembly. It's
kind
of called by the framework somewhere. I need to be able to debug the
attribute assembly to add more sophisticated code. Do you know how to
debug
that assembly?

Thanks again for any help!

PS: Right now, I'm testing with a pretty basic attribute:

[AttributeUsage(AttributeTargets.Method)]
public class CustomPermissionAttribute : CodeAccessSecurityAttribute
{
public CustomPermissionAttribute(SecurityAction action)
: base(action)
{
}

public override IPermission CreatePermission()
{
return new PrincipalPermission("User");
}
}

Martin -
what debugging problems are you having? Do you have the rigth debug
symbols
at the right place? Are you using VS or cordbg?
--Ivan
http://blogs.gotdotnet.com/ivanmed
This message is provided "AS IS" with no warranties, and confers no
rights.

Thanks, but do you know how I can debug such an assembly ?

Martin -
the right thing to do is to put the assembly containing attribute
implementation in the GAC and add it to the fully trusted assemblies
list
(caspol -af).
Hope this helps.
--Ivan
http://blogs.gotdotnet.com/ivanmed
This message is provided "AS IS" with no warranties, and

Click to expand...

confers
no

rights.

I try to make a custom CodeAccessSecurityAttribute, but hit the
wall
at
every corner.

I created a simple custom security attribute, which is working
(see
below).
But...
1) I have to put the assembly in "C:\Program Files\Microsoft
Visual
Studio
.NET 2003\Common7\IDE": shoudn't it be the application's directory
instead?
2) I'm unable to debug it.

Any clues as how to change the required directory and how to debug
the
assembly?

(The goal is, in the end, to access a database in the attribute.)

Thanks!

Martin

==== Code ====

[AttributeUsage(AttributeTargets.Method)]
public class CustomPermissionAttribute :
CodeAccessSecurityAttribute
{
public CustomPermissionAttribute(SecurityAction action)
: base(action)
{}
public override IPermission CreatePermission()
{ return new PrincipalPermission("john", "role"); }
}

Click to expand...

Click to expand...

Custom CodeAccessSecurityAttribute

Martin Lapierre

Ivan Medvedev [MS]

Martin Lapierre

Ivan Medvedev [MS]

Martin Lapierre

Ivan Medvedev [MS]

Martin Lapierre

Martin Lapierre

Ivan Medvedev [MS]