| |
GeekInterview.com > Interview Questions > Microsoft > ASP.NET
| Print | |
Question: Declarative Security and Imperative Security
Answer: What do you mean by Declarative Security and Imperative Security? Explain with an example of usage where you would use them |
| June 06, 2009 06:24:43 |
#3 |
| ponss |
Member Since: June 2009 Total Comments: 3 |
RE: Declarative Security and Imperative Security
|
Imperative versus Declarative Security
The code security can be implemented by either using the Declarative Security or the Imperative Security. Let us now understand how these two differ.
Declarative Security
This is accomplished by placing security attributes at the assembly level, class level or member level. The attribute indicates the request type, overrides and demands. Each permission object has a state data, and this needs to be initialized to use that permission. Also, each permission has an attribute to which the type of security action, which is an enumeration called SecurityAction, is passed to the attribute. In the example below, all the members of the class are restricted accessing the "Program Files" folder.
Listing 4
[FileIOPermissionAttribute(SecurityAction.RequestRefuse, "C:Program Files")]
public class RestrictPF
{
public RestrictPF()
{
//security call protects the constructor.
}
public void SomeMethod()
{
//security call also protects this method.
}
}
If you want to restrict the permission on the assembly level, you can use the following.
Listing 5
[assembly: FileIOPermissionAttribute(SecurityAction.RequestRefuse, "C:Program Files")]
If you want to restrict any registry access from the assembly level, you can use the following.
Listing 6
[assembly: RegistryPermissionAttribute(SecurityAction.RequestRefuse, Unrestricted = true)]
So even though the code runs in an environment that allows access to the registry or perform FileIO operations, the assembly will not be granted any kind of permissions.
Imperative Security
This kind of security could be used to perform demands and overrides. This helps in situations where you want to check the permissions at runtime. However, this kind of security cannot be used to perform requests. In imperative syntax, a new instance of the security permission object needs to be created before calling. Also, you need to initialize the permission set to invoke a security object. A permission set consists of a group of permissions; initializing a permission group provides a means to perform assert calls on multiple permissions in one method. For this purpose you could use the NamedPermissionSet and PermissionSet classes for grouping of permissions. You can then call the required method to invoke the appropriate security call.
Listing 7
public class RestrictPF
{
public RestrictPF(){}
public void SomeMethod()
{
//Here the FileIOPermissionAttribute is demanded using the imperative syntax.
//Method is protected by security call.
FileIOPermissionAttribute flsIOPerm = new FileIOPermissionAttribute();
flsIOPerm.Demand();
}
public void SomeOtherMethod()
{
//Method not protected by security call.
}
}
|
| |
Back To Question | |
