Figure 3 Files Requested When Surfing to Wahoo.exe
1
|
/wahoo/wahoo.exe
|
2
|
/wahoo/wahoo.exe.config
|
3
|
/wahoo/WahooControl.DLL
|
4
|
/wahoo/en-US/Wahoo.resources.DLL
|
5
|
/wahoo/en-US/Wahoo.resources/Wahoo.resources.DLL
|
6
|
/wahoo/bin/en-US/Wahoo.resources.DLL
|
7
|
/wahoo/bin/en-US/Wahoo.resources/Wahoo.resources.DLL
|
8
|
/wahoo/en-US/Wahoo.resources.EXE
|
9
|
/wahoo/en-US/Wahoo.resources/Wahoo.resources.EXE
|
10
|
/wahoo/bin/en-US/Wahoo.resources.EXE
|
11
|
/wahoo/bin/en-US/Wahoo.resources/Wahoo.resources.EXE
|
12
|
/wahoo/en/Wahoo.resources.DLL
|
13
|
/wahoo/en/Wahoo.resources/Wahoo.resources.DLL
|
14
|
/wahoo/bin/en/Wahoo.resources.DLL
|
15
|
/wahoo/bin/en/Wahoo.resources/Wahoo.resources.DLL
|
16
|
/wahoo/en/Wahoo.resources.EXE
|
17
|
/wahoo/en/Wahoo.resources/Wahoo.resources.EXE
|
18
|
/wahoo/bin/en/Wahoo.resources.EXE
|
19
|
/wahoo/bin/en/Wahoo.resources/Wahoo.resources.EXE
|
20
|
/wahoo/en-US/Wahoo.resources.DLL
|
21
|
/wahoo/en-US/Wahoo.resources/Wahoo.resources.DLL
|
22
|
/wahoo/bin/en-US/Wahoo.resources.DLL
|
23
|
/wahoo/bin/en-US/Wahoo.resources/Wahoo.resources.DLL
|
24
|
/wahoo/en-US/Wahoo.resources.EXE
|
25
|
/wahoo/en-US/Wahoo.resources/Wahoo.resources.EXE
|
26
|
/wahoo/bin/en-US/Wahoo.resources.EXE
|
27
|
/wahoo/bin/en-US/Wahoo.resources/Wahoo.resources.EXE
|
28
|
/wahoo/en/Wahoo.resources.DLL
|
29
|
/wahoo/en/Wahoo.resources/Wahoo.resources.DLL
|
30
|
/wahoo/bin/en/Wahoo.resources.DLL
|
31
|
/wahoo/bin/en/Wahoo.resources/Wahoo.resources.DLL
|
32
|
/wahoo/en/Wahoo.resources.EXE
|
33
|
/wahoo/en/Wahoo.resources/Wahoo.resources.EXE
|
34
|
/wahoo/bin/en/Wahoo.resources.EXE
|
35
|
/wahoo/bin/en/Wahoo.resources/Wahoo.resources.EXE
|
Figure 4 Intranet and Internet CAS Permissions
FileDialog
|
Unrestricted
|
Yes
|
No
|
FileDialog
|
Access=Open
|
Yes
|
Yes
|
IsolatedStorageFile
|
Allow=AssemblyIsolationByUser
|
Yes
|
No
|
IsolatedStorageFile
|
Allow=DomainIsolationByUser
|
Yes
|
Yes
|
Printing
|
Level=DefaultPrinting
|
Yes
|
No
|
Printing
|
Level=SafePrinting
|
Yes
|
Yes
|
Reflection
|
Flags=ReflectionEmit
|
Yes
|
No
|
Security
|
Flags=Assertion
|
Yes
|
No
|
Security
|
Flags=Execution
|
Yes
|
Yes
|
UI
|
Unrestricted
|
Yes
|
No
|
UI
|
Clipboard=OwnClipboard
|
Yes
|
Yes
|
UI
|
Window=SafeSubWindows
|
Yes
|
Yes
|
UI
|
Window=SafeTopLevelWindows
|
Yes
|
Yes
|
Web
|
Connect=http to originating site
|
Yes
|
Yes
|
Web
|
Connect=https to originating site
|
Yes
|
Yes
|
Figure 5 Determining an Assemby's Zone
Local file
|
c:\ foo\foo.exe
|
MyComputer
|
UNC name or non-dotted site URL
|
\\server\foo\foo.exe or
https://server/foo/foo.exe or
https://localhost/foo/foo.exe or
z:\foo\foo.exe if z is mapped to a network share
|
LocalIntranet
|
All numeric IP address or dotted site URL
|
https://1115768663/foo/foo.exe or
https://www.sellsbrothers.com/foo/foo.exe or
https://127.0.0.1/foo/foo.exe
|
Internet
|
Figure 6 Isolated Storage
private IsolatedStorageFileStream CreateSettingsStream() {
IsolatedStorageFile store =
IsolatedStorageFile.GetUserStoreForDomain();
return new IsolatedStorageFileStream("settings.txt",
FileMode.Create, store);
}
private IsolatedStorageFileStream OpenSettingsStream() {
IsolatedStorageFile store =
IsolatedStorageFile.GetUserStoreForDomain();
return new IsolatedStorageFileStream("settings.txt",
FileMode.Open, store);
}
Figure 7 Saving Settings
private void LoadSettings() {
try {
using( Stream stream = OpenSettingsStream() )
using( StreamReader reader = new StreamReader(stream) ) {
Location = (Point)ReadSetting(reader, typeof(Point));
ClientSize = (Size)ReadSetting(reader, typeof(Size));
}
}
catch {
// If there's nothing to read,
// put the form in the center of the screen
StartPosition = FormStartPosition.CenterScreen;
}
}
private void SaveSettings() {
// Restore so we don't store a zero size or location
WindowState = FormWindowState.Normal;
// Save the window location
using( Stream stream = CreateSettingsStream() )
using( StreamWriter writer = new StreamWriter(stream) ) {
WriteSetting(writer, Location);
WriteSetting(writer, ClientSize);
}
}
Figure 8 Type Conversions
private object ReadSetting(StreamReader reader, Type type) {
TypeConverter converter = TypeDescriptor.GetConverter(type);
return converter.ConvertFromString(reader.ReadLine());
}
private void WriteSetting(StreamWriter writer, object obj) {
Type type = obj.GetType();
TypeConverter converter = TypeDescriptor.GetConverter(type);
writer.WriteLine(converter.ConvertToString(obj));
}
Figure 9 Talking to a Web Service
WahooScoresService GetService() {
WahooScoresService service = new WahooScoresService();
try {
string appbase = AppDomain.CurrentDomain.BaseDirectory;
// Set URL to server where this came from
string site =
System.Security.Policy.Site.CreateFromUrl(appbase).Name;
service.Url = service.Url.Replace("//localhost/",
"//" + site + "/");
}
catch( ArgumentException ) { }
return service;
}
void GetHighScores() {
// Get scores
WahooScoresService service = GetService();
WahooScore[] scores = service.GetScores();
// Show high scores...
}
Figure 10 Dialog Restrictions
SaveFileDialog dlg = new SaveFileDialog();
dlg.DefaultExt = ".txt";
dlg.Filter = "Text Files (*.txt)|*.txt|All files (*.*)|*.*";
// NOTE: Not allowed unless we have FileIOPermission
//dlg.AddExtension = true;
//dlg.FileName = "somefile.txt";
if( dlg.ShowDialog() == DialogResult.OK ) {
// NOTE: Not allowed to call dlg.FileName
using( Stream stream = dlg.OpenFile() )
using( StreamWriter writer = new StreamWriter(stream) ) {
writer.Write("...");
}
}
Figure 11 Check Permission
// Check permission helper
bool HavePermission(IPermission perm) {
try { perm.Demand(); }
catch( SecurityException ) { return false; }
return true;
}
void SaveHighScore(string name, int score) {
IPermission perm =
new FileDialogPermission(FileDialogPermissionAccess.Save);
if( !HavePermission(perm) ) {
MessageBox.Show("Doh!");
return;
}
•••
}
Figure 12 IEExec
Usage: ieexec.exe url flags [securityZone] [domainId]
url Assembly to launch, e.g. https://localhost/foo.exe
flags Flags to control execution. Values that can be
added together are:
0: no flags
1: create evidence for the zone
2: create evidence for the site
securityZone If evidenceFlags != 0, sets the security zone.
Values can be {0, 1, 2, 3} for
{MyComputer, Intranet, Trusted, Internet}
domainId If evidenceFlags != 0, unused hex-encoded bytes.
Use 00.
|