The Permissions View tool (Permview.exe) allows you to view the declarative security statements used in an assembly. This is particularly useful when configuring security policy, as it allows you to view the permission requests contained in the assembly. Permview.exe is located in the \bin subdirectory of the .NET Framework SDK installation directory. Note that the \bin directory is not added to the Path environment variable by the SDK-installation process.
|
To demonstrate Permview.exe, use the MessageUtil class shown here, which allows any caller to display a message box containing the value of the Message environment variable. MessageUtil uses three RequestMinumum permission requests to ensure that it has permission to read the Message environment variable, called Assert, and display safe top-level windows (such as message boxes). The DisplayMessage method uses declarative syntax to Assert UIPermission and EnvironmentPermission. This allows any client code to use DisplayMessage regardless of the caller's permissions:
# C# using System; using System.Windows.Forms; using System.Security.Permissions; // Request read access to the Message environment variable. [assembly:EnvironmentPermission(SecurityAction.RequestMinimum, Read = "Message")] // Request permission to Assert. [assembly:SecurityPermission(SecurityAction.RequestMinimum, Assertion = true)] // Request permission to display safe top level windows. [assembly:UIPermission(SecurityAction.RequestMinimum, Window = UIPermissionWindow.SafeTopLevelWindows)] public class MessageUtil { // Assert the permission to read the Message environment variable and // to display top level windows. [EnvironmentPermission(SecurityAction.Assert, Read = "Message")] [UIPermission(SecurityAction.Assert, Window = UIPermissionWindow.SafeTopLevelWindows)] public static void DisplayMessage( ) { // Display the value of the Message environment variable // in a message box. MessageBox.Show(Environment.GetEnvironmentVariable("Message")); } } # Visual Basic .NET Imports System Imports System.Windows.Forms Imports System.Security.Permissions ' Request read access to the Message environment variable. <assembly:EnvironmentPermission(SecurityAction.RequestMinimum, _ Read := "Message")> _ ' Request permission to Assert. <assembly:SecurityPermission(SecurityAction.RequestMinimum, _ Assertion := True)> _ ' Request permission to display safe top level windows. <assembly:UIPermission(SecurityAction.RequestMinimum, _ Window := UIPermissionWindow.SafeTopLevelWindows)> _ Public Class MessageUtil ' Assert the permission to read the Message environment variable and ' to display top level windows. <EnvironmentPermission(SecurityAction.Assert, Read := "Message"), _ UIPermission(SecurityAction.Assert, _ Window := UIPermissionWindow.SafeTopLevelWindows)> _ Public Shared Sub DisplayMessage( ) ' Display the value of the Message environment variable ' in a message box. MessageBox.Show(Environment.GetEnvironmentVariable("Message")) End Sub End Class
If you build MessageUtil into a library named MessageUtil.dll and then run the command permview MessageUtil.dll, you will see the following XML descriptions of the permission request statements:
Microsoft (R) .NET Framework Permission Request Viewer. Version 1.0.3705.0 Copyright (C) Microsoft Corporation 1998-2001. All rights reserved. minimal permission set: <PermissionSet class="System.Security.PermissionSet" version="1"> <IPermission class="System.Security.Permissions.EnvironmentPermission, mscorl ib, Version=1.0.3300.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" version="1" Read="Message"/> <IPermission class="System.Security.Permissions.SecurityPermission, mscorlib, Version=1.0.3300.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" version="1" Flags="Assertion"/> <IPermission class="System.Security.Permissions.UIPermission, mscorlib, Versi on=1.0.3300.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" version="1" Window="SafeTopLevelWindows"/> </PermissionSet> optional permission set: Not specified refused permission set: Not specified
This is not the easiest format to read, but it contains all the information you need to configure your security policy correctly. Unfortunately, the output is not pure XML, and therefore creating a utility to parse the output and create a more readable report is not as straightforward as it could be.
Using the command permview /decl MessageUtil.dll extracts and displays all declarative security demands and stack walk overrides in addition to the permission requests. You will see the following information in addition to the permission request information we have already shown. Be aware that for large libraries the output from Permview may be significant:
Method MessageUtil::DisplayMessage( ) Assert permission set: <PermissionSet class="System.Security.PermissionSet" version="1"> <IPermission class="System.Security.Permissions.EnvironmentPermission, mscorl ib, Version=1.0.3300.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" version="1" Read="Message"/> <IPermission class="System.Security.Permissions.UIPermission, mscorlib, Versi on=1.0.3300.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" version="1" Window="SafeTopLevelWindows"/> </PermissionSet>