Monday, March 22, 2010

CASPOL Tool in .NET

Suppose a developer creates an assembly that requires access to a resource or action that is typically available to users or clients requesting that assembly. Sometimes, for maintenance or other purposes, the administrator may need to restrict the action or resource required by the developer's assembly. This restriction could cause the assembly to function improperly or fail altogether when security exceptions are thrown. Viewing the requirements of the assembly could help you identify the problem and determine whether security issues are involved.

CASPOL (Caspol.exe), a command-line tool included with the .NET runtime SDK, is used to administer policy changes as well as to view existing permissions and the code group hierarchy. Let's look at a few examples of viewing code groups and permissions with CASPOL.

Your default view in CASPOL is determined by your current access permissions (enterprise, machine, or user). If you do not currently have administrative permissions, your default view is the Users view. The examples below explicitly specify either the machine or the user policy level. When code groups from both levels should be displayed together, as in the first example, the -all option is used.

Running the following command from the command line shows the code groups to which a specific assembly file belongs.

CASPol-all-resolvegroup hello.dll

Although this example uses a library called hello.dll, the library could be replaced with any assembly-even caspol.exe itself.

Read more: C# Corner

Posted via email from jasper22's posterous