.NET provides a CAS (Code Access Security) as an addition to role based security. CAS restricts external activities of code and controls the way code can be reused or invoked. In this blog post we will look at web part deployment options and where CAS can be used to implement a secure web part deployment pattern.
A good introduction to CAS can be found at:
http://msdn.microsoft.com/en-us/library/aa302424.aspx#c08618429_002
CAS infrastructure in MOSS/WSS:
MOSS being an ASP.NET based application has its own extended implementation of CAS. In fact, MOSS/WSS minimum trust policy is an extended version of ASP.NET CAS minimum trust policy with additions to allow web part connections. CAS can configured in MOSS just like a .NET application.
There are two options to deploy web part:
http://msdn.microsoft.com/en-us/library/aa302424.aspx#c08618429_002
MOSS being an ASP.NET based application has its own extended implementation of CAS. In fact, MOSS/WSS minimum trust policy is an extended version of ASP.NET CAS minimum trust policy with additions to allow web part connections. CAS can configured in MOSS just like a .NET application.
There are two options to deploy web part:
- Bin Directory of the Virtual Server - This is more restrictive
- GAC of the web server – This is less restrictive
Following is a comparison matrix for both the deployment options:
Execution Mode | More restrictive execution. Access to most resources denied | More trusted execution with access to many resources granted by default |
Configuration Required | Create a CAS policy and set the trust level of web part in order to make it work | Need to set configuration of web part entry in web.config |
Choosing one of the two options:
Bin directory should be used when:
- Web Part code is not trusted. E.g. Third party web parts
- To ensure that the web part works regardless of server settings and deployment method. E.g. a web part vendor may opt for this
GAC should be used when:
- Web part code is trusted
- Intranet sites where risk of an attack is less
Microsoft recommends to deploy web part to Bin directory of the virtual server and set the appropriate CAS policy.
Advantages of using CAS to set trust level for MOSS/WSS Web Part:
- Setting correct CAS policy ensures that the web parts are run in correct level of trust. This allows web part to be run successfully regardless of the trust level of the application provided correct CAS policies are implemented. This is the biggest advantage of using CAS.
- CAS limits access to policy specifications. Hence, there are fewer loopholes for an attacker to gain access to critical system resources
- CAS requires tedious configurations. If something goes wrong, entire site will be affected by wrong configs.
- CAS is not a replacement to role based security. CAS is rather a defense mechanism to control and regulate access to resources
- CAS configurations require significant amount of knowledge and developer skill
Application Bin directory is best suited when web part code cannot be trusted. It requires CAS policy implementation to set the trust level. It will require configuration. Web part can be deployed to GAC, if the web part is trusted. This option is easy to implement but is less secure.
No comments:
Post a Comment