This topic has not yet been rated - Rate this topic

Review imperative security

.NET Framework 2.0

TypeName	ReviewImperativeSecurity
CheckId	CA2103
Category	Microsoft.Security
Breaking Change	Breaking

Cause

A method uses imperative security and might be constructing the permission using state information or return values that can change while the demand is active.

Rule Description

Imperative security uses managed objects to specify permissions and security actions during code execution, as opposed to declarative security, which uses attributes to store permissions and actions in metadata. Imperative security is extremely flexible because you can set the state of a permission object and select security actions using information that is not available until run time. With that flexibility comes the risk that the runtime information you use to determine a permission's state does not remain unchanged while the action is in effect.

Use declarative security whenever possible. Declarative demands are easier to understand and can be detected by tools such as Permissions View Tool (Permview.exe).

How to Fix Violations

Review the imperative security demands to ensure that the state of the permission does not rely on information that can change while the permission is in use.

When to Exclude Warnings

It is safe to exclude a warning from this rule if the permission does not rely on changing data; however, it is preferable to change the imperative demand to its declarative equivalent.

Reference

Permissions View Tool (Permview.exe)

Other Resources

Secure Coding Guidelines
Data Access

Did you find this helpful? Yes No

Not accurate

Not enough depth

Need more code examples

(1500 characters remaining)

Community Additions

ADD