Code Access Security and ADO.NET
Windows security enables you to secure resources according to the role of the user. For example, an Administrator has unrestricted permissions where a Guest has very restricted access. The .NET Framework includes a security mechanism called Code Access Security that helps you to further secure your application. Using Code Access Security, different permissions are applied depending on where the code originated, identified by the Zone of the assembly and the permissions identified for that zone in the Code Access Security policy. For example, code that exists on a machine is identified as being in the MyComputer zone. Code that is downloaded from another machine on the local intranet is identified as being in the LocalIntranet zone. You can apply different permission sets for each zone to provide tighter security for external code in the LocalIntranet zone, while security in the MyComputer zone has fewer restrictions.
You identify the restrictions for a particular zone using a permission set. The .NET Framework ships with several default permission sets, and you can also create your own custom permission set and identify it as the permission set for a particular zone.
Permission sets are commonly separated into three categories: Full trust, partial trust, and untrusted. Full trust indicates that the code has no restrictions and is used, by default, for the local computer and strong named sources. Zones identified as having no permission set are considered untrusted and may only use capabilities that require no permissions. Partial trust permission sets contain a combination of permissions and restrictions appropriate for the particular zone.
The .NET Framework Data Provider for OLE DB, the .NET Framework Data Provider for ODBC, and the .NET Framework Data Provider for Oracle are only considered suitable to run in a zone with FullTrust permission. Any attempt to use the OLE DB or ODBC provider in a zone with less than FullTrust permission results in a SecurityException. The data providers for OLE DB, ODBC, and Oracle demand FullTrust permission both at link time and when the code is run. In the .NET Framework Version 1.0, the data providers for OLE DB, ODBC, and Oracle demanded FullTrust permission only at link time.
Note The .NET Framework Data Provider for SQL Server provided with the .NET Framework version 1.0 is required to run with FullTrust permission. Any attempt to use the SQL Server provider in a zone with less than FullTrust permission results in a SecurityException.
The .NET Framework Data Provider for SQL Server can run both in a zone with FullTrust, or in a zone with a partially trusted permission set. At minimum, a partially trusted application must have Execution and SQL Client permissions. For partial trust zones, you can use SqlClient permission attributes to further restrict the capabilities available for the SQL Server provider.
Note The .NET Framework Data Provider for SQL Server requires the Security permission with "Allow calls to unmanaged assemblies" enabled (SecurityPermission with the UnmanagedCode SecurityPermissionFlag) in order to open a SqlConnection with SQL Debugging enabled.
In order for you to make use of SqlClient permissions for a particular zone, an Administrator will need to create a custom permission set and set it as the permission set for a particular zone. Default permission sets, such as LocalIntranet, cannot be modified. For example, to include SqlClient permissions for code that has a Zone of LocalIntranet, and Administrator could copy the permission set for LocalIntranet, rename it to MyLocalIntranet, add the SqlClient permissions, import the MyLocalIntranet permission set using the Code Access Security Policy Tool (Caspol.exe), and set the permission set of LocalIntranet_Zone to MyLocalIntranet.
The following table lists the available permission attribute properties and their application.
SqlClientPermissionAttribute Property |
Description |
---|---|
AllowBlankPassword | Used to enable or disable the use of a blank password in a connection string. Valid values are true to enable the use of blank passwords and false to disable the use of blank passwords. |
ConnectionString | Identifies a permitted connection string. Multiple connection strings can be identified. You can also provide additional connection string restrictions using KeyRestrictions.
It is recommended that you not include a userid or password in your connection string. In this release, you cannot change connection string restrictions using the .NET Framework Configuration Tool. |
KeyRestrictions | Identifies connection string parameters that are allowed or disallowed. Connection string parameters are identified in the form <parameter name>=. Multiple parameters can be specified, delimited using a semi-colon (;). The connection string parameters listed can be identified as either the only additional parameters allowed or additional parameters that are not allowed using the KeyRestrictionBehavior property.
If no KeyRestrictions are specified, and the KeyRestrictionBehavior property is set to AllowOnly, then no additional connection string parameters are allowed. If no KeyRestrictions are specified, and the KeyRestrictionBehavior property is set to PreventUsage, then no additional connection string parameters are allowed. |
KeyRestrictionBehavior | Identifies whether the list of connection string parameters identified by the KeyRestrictions property will be the only additional connection string parameters allowed (AllowOnly), or the only additional connection string parameters that are not allowed (PreventUsage). AllowOnly is the default. |
For example, the following property setting allows only the connection string Data Source=localhost;Integrated Security=SSPI;Initial Catalog=Northwind;
to be used.
<add ConnectionString="Data Source=localhost;Integrated Security=SSPI;Initial Catalog=Northwind;" />
To enable the same connection string, and also enable the use of the Encrypt and Packet Size connection string options, but restrict the use of any other connection string options, use the following.
<add ConnectionString=" Data Source=localhost;Integrated Security=SSPI;Initial Catalog=Northwind;"
KeyRestrictions="Encrypt=;Packet Size=;"
KeyRestrictionBehavior="AllowOnly" />
To enable the same connection string and allow all other connection parameters except for User Id, Password and Persist Security Info, use the following.
<add ConnectionString=" Data Source=localhost;Integrated Security=SSPI;Initial Catalog=Northwind;"
KeyRestrictions="User Id=;Password=;Persist Security Info=;"
KeyRestrictionBehavior="PreventUsage" />
The following permissions allow connections to both localhost and MySqlServer using Integrated Security. Connection strings can also contain Initial Catalog, Connection Timeout, Encrypt, and Packet Size parameters. All other connection string parameters are restricted.
<add ConnectionString="Data Source=localhost;Integrated Security=SSPI;"
KeyRestrictions="Initial Catalog;Connection Timeout=;Encrypt=;Packet Size=;"
KeyRestrictionBehavior="AllowOnly" />
<add ConnectionString="Data Source=MySqlServer;Integrated Security=SSPI;"
KeyRestrictions="Initial Catalog;Connection Timeout=;Encrypt=;Packet Size=;"
KeyRestrictionBehavior="AllowOnly" />
Sample Permission Set
The following is a sample permission sets for the .NET Framework Data Provider for SQL Server in a partially trusted scenario. For information on creating custom permission sets, see Configuring Permission Sets Using Caspol.exe.
<PermissionSet class="System.Security.NamedPermissionSet"
version="1"
Name="MyLocalIntranet"
Description="Custom permission set given to applications on the local intranet">
<IPermission class="System.Data.SqlClient.SqlClientPermission, System.Data, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
version="1"
AllowBlankPassword="False">
<add ConnectionString="Data Source=localhost;Integrated Security=SSPI;"
KeyRestrictions="Initial Catalog;Connection Timeout=;Encrypt=;Packet Size=;"
KeyRestrictionBehavior="AllowOnly" />
</IPermission>
</PermissionSet>
See Also
Writing Secure ADO.NET Code | Code Access Security | NET Framework Configuration Tool (Mscorcfg.msc)