CasPol (Code Access Security) Tool can be used in many ways to make the code Secure.  Some of the common tasks are listed in this article.

 

Granting Assembly Request (Full Trust)  Caspol –addfulltrust assemblyname.exe

 

For example to grant the C:\Program Files\Personal\MyAssebmly.exe assembly full name we should run the following command.

 

Caspol –addfulltrust “c:\Program Files\Personal\MyAssembly.exe”

 

Add a Code Group to Machine Policy  Caspol –machine  -addgroup Parent_Code_Group Membership_Conditions_Permission_Set – name “Group Name”

 

For example top add a code group named My_Code_Group to the Machine Policy levels All_Code  group, using a URL of http://devserver\devshare\ which  grants Local Intranet permissions, you would run the following command with administrative privileges:

 

Caspol –machine –addgroup All_code –url \\devserver\devshare\* LocalIntranet –name “My_code_Group”

 

Adding a Code group to user policy Caspol –user –addgroup Parent_Code_Group Membership_Condition Permission_Set –name “Group_Name”

 

Similarly, to add a code group named User_code_Group to the user policy levels All_code group, using a site of http://www.xxxx.com which grants FullTrust  permissions you would run the following command:

 

Caspol –user –addgroup All_Code –site www.xxxxx.com FullTrust –name “User_Code_Group”

 

Zone Security Adjustment for Machine Policy  Caspol –chggroup Code_Group Permission_Set

 

Consider the following example, to change the Machine My_Computer_Access security policy to use the Intranet permission set, run the following command with administrative privileges execute the following command

 

Caspol – chggroup My_Computer_Access LocalIntranet

 

Resetting Machine Level Policy

 

Caspol -recover

 

Happy Coding !!!

Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish