Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Testing .NET code in partial trust environments

Tags:

.net

code-access-security

I want to test the behavior of a certain piece of .NET code in partial trust environments. What's the fastest way to set this up? Feel free to assume that I (and other readers) are total CAS noobs.

@Nick: Thanks for the reply. Alas, the tool in question is explicitly for unmanaged code. I didn't say "managed" in my question, and should not have assumed that people would infer it from the ".NET" tag.

like image 525
Curt Hagenlocher Avatar asked Aug 21 '08 18:08

Curt Hagenlocher

3 Answers

This is an excellent question, especially from a TDD point of view and validating code under different trust scenarios.

I think the way I'd approach this would be something along the lines of -

  • Create an AppDomain in my TDD code using the AppDomain.CreateDomain() overload that allows you to pass in a PermissionSet. The PermissionSet would be constructed to match the different trust scenarios you'd want to test against.

  • Load the assembly containing logic under test into the app domain

  • Create instances of types/call methods etc in app domain, trap security exceptions

Something kinda like that. I've not had time to knock up a proof of concept yet.

like image 105
Kev Avatar answered Sep 30 '22 23:09

Kev

The functionality you're looking for is built-in into visual studio :

On the security tab of your project, there's an "Advanced ..." button which let you configure whether you want to debug in full trust, or on a specified trust level.

like image 23
Brann Avatar answered Sep 30 '22 22:09

Brann

Use the Microsoft Application Verifier.

AppVerifier helps to determine:

  • When the application is using APIs correctly: (Unsafe TerminateThread APIs., Correct use of Thread Local Storage (TLS) APIs., o Correct use of virtual space manipulations (for example, VirtualAlloc, MapViewOfFile).
  • Whether the application is hiding access violations using structured exception handling.
  • Whether the application is attempting to use invalid handles.
  • Whether there are memory corruptions or issues in the heap.
  • Whether the application runs out of memory under low resources.
  • Whether the correct usage of critical sections is occurring.
  • Whether an application running in an administrative environment will run well in an environment with less privilege.
  • Whether there are potential problems when the application is running as a limited user.
  • Whether there are uninitialized variables in future function calls in a thread's context.
like image 39
Nick Avatar answered Oct 01 '22 00:10

Nick
Sign in to Comment

Related questions

Add an implementation of 'IDesignTimeDbContextFactory<ServicesDbContext>' to the project error while creating a migration step in .NET core 2.0
How configure packages.config to download the highest version
Visual studio conditional compilation for os
Difference between form.show and form.Activate
XmlReader behaves different with line breaks
Permission Denial: requires android.permission.READ_PHONE_STATE
When immutable collections are preferable than concurrent
Enforce that sub-classes must be serializable in .net
How to follow the end of a text in a TextBox with no NoWrap?
Best alternative to Buffer.MemoryCopy pre .NET 4.6
Powershell: script to find allowedServerVariables in applicationHost.config check for duplicate
How to create an event in Google Calendar using c# and Google API?
Bot Framework V4 IActivityLogger
Deserialize json with c# with random root names
Is there a .NET (Core) equivalent of npm link?
Generate Google Protobuf TimeStamp from .Net System.DateTime
Entity Framework Core properties without setters
Does Winforms (.NET Core 3) support all .NET Framework controls
dotnet dev-certs certificate not trusted
How do I get the difference between two dates in a .csproj file?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!