Code Access Security(CAS): 3- DotNetNuke CAS

Published 06-06-2009 5:00 AM | Saed Shela
Technorati Tags: ,

In the pervious articles we have mentioned the Trust Levels in CAS, The Trust Level defines a security policy context, which all the asp.net files in a
web application run under. CAS have five levels named full,high, medium, low and minimal, each of which progressively reduce levels of access to
various capabilities.The Default one is Full , and this doesn't  grant most kind of permissions, thus its not recommended at all.  Microsoft always recommended the Medium Trust policy for share servers and internet facing servers .

When the administrators takes responsibility for publishing DNN Portal on their server, they think about two things when it comes to configuring the DNN for CAS. First thing is  what the CAS  policy that  they will implement in their server , second thing is how can this trust level limit the DotNetNuke functionality.

Lets assume the they need to run the Medium Trust Level policy in their web application that run DotNetNuke. How can this policy effect the DotNetNuke functionality? this is the question. Actually the DNN core code doesn't call any namespace  that do not run under medium trust.Thus when you develope or import a thirty part module , you think about the namespace that you use when developing ……. Yes you can use all the dnn namespaces  under partial trust environment without any security fail.

In partial trust environment you may face that SQL authentication is restricted. The Sa account and a blank password in your dnn connection strings will not be supported (And its also not recommend to use even if its running under full trust ). Another restriction is the web service permission is so limited in partial environment. But always their is workaround , you can configure it manually by creating custom level that is based on Medium Trust Level, you just need to play with the machine.config and the web.config to free up the web services permissions. Any third party module that will use unmanaged code via pinvoke, access events logs or the registry or use OLE DB sources will fail in  medium  trust level.

After this explanation it may come to your mind can i run it in Low Trust Level, well my friend DNN needs some air to breath , to be honest  the dnn portal will not work under low trust level , but why ?…  One bad thing that low level doesn't allow its the SQL client permissions . Yes i know most of the .net applications will not work on low level permissions. And just to mention , if you run the Full trust in dnn  your assemblies can do what ever they want ,and the hackers will be very thankful and grateful  for your gift !! .

 

These are two experiences  with CAS and DotNetNuke :

Code Access Security Issue for web farms with a separate file server

Security Exception ZedGraphWeb

 

To know more about what can be working on different trust levels please see the tables below

-Default ASP.NET Policy Permissions &Trust Levels

 

image

image

image

 

So we will continue later with our articles about CAS , next article is most excited one . Its the “ Windows SharePoint Services 3.0 and CAS “. I hope that i helped with this article.

Thanks,

Saed

Filed under: ,

Comments

# Jihad Hammad said on June 6, 2009 12:48 PM:

Thanks Saed for this interesting article

Jihad