Code Access Security

Code Access Security (CAS) helps protect APIs that have potential security risks when the APIs are running on the server.

CAS-enabled APIs called on the server require the use of a permission class—one of the classes derived from CodeAccessPermission. If permission to use the API is not asserted, the following error is generated:

Request for the permission of type '%1' failed.

This error is also generated if permission is asserted, but the code is running on the client. Permission is required only for CAS-enabled APIs that run on the server. The string supplied in the error message is the name of one of the following permission classes:

  • ExecutePermission

  • FileIoPermission

  • InteropPermission

  • RunAsPermission

  • SkipAOSValidationPermission

  • SqlDataDictionaryPermission

  • SqlStatementExecutePermission

  • SysDatabaseLogPermission

For a list of CAS-enabled APIs, see Secured APIs.

You can CAS-enable your own APIs. For more information, see How to: Secure an API on the AOS.

  1. Declare a variable for the relevant permission class.

  2. Create a new instance of the class.

  3. Request permission by using the assert method on the permission class.

  4. Revert the assertion (to limit the scope of the permission) after the CAS-enabled API has been used; optional. Permission is automatically reverted when the method finishes executing.

Example

{
    DictClass dictClass;
    anytype   retVal;
    str       resultOutput;
    // Variable for the permission class.
    ExecutePermission perm;
    ;
    
    perm = new ExecutePermission();
 
    // Grants permission to execute the DictClass.callObject method.
    // DictClass.callObject is protected by code access security.
    perm.assert();
 
    dictClass = new DictClass(classidget(infolog));
    if (dictClass != null)
    {
        retVal       = dictClass.callObject("toString", infolog);
        resultOutput = strfmt("Return value of is %1", retVal);
        print resultOutput;
        pause;
    }
    
    // Closes the code access permission scope.
    CodeAccessPermission::revertAssert();
}

Community Additions

ADD
Show: