Wednesday, July 4, 2018

Code Access Security "Consuming a Secured Class"

Microsoft Dynamics AX Code Access Security is used by developers to protect
Secured APIs from being invoked by un-trusted code (code that does not
originate from the AOT). Code access security does this by verifying the
following:

The code asserted the appropriate permission on the call stack to use
the secured class.

The assert (the request to use the secured class) is executed in trusted
code and saved in the AOT.

The assert is executed on the same tier as the secured class.

Code Access Security covers the use of secured classes on the server tier only.
You do not need to modify or mitigate client-only invocations of secured classes.
Code Access Security must be implemented by the secured class owner and allconsumers of the secured class. The owner secures the secured class by
implementing a specific type of permission class and calling the demand()method on that class. Each class consumer must explicitly request permission to
invoke a secured class by calling the assert() method on the permission class.
Application code will break unless both of these steps are completed.

NOTE: Code Access Security does not guarantee the validity of any data or
parameters passed to the secured class. Data validation is still the responsibility
of the consumer.There are six groups of protected standard classes in Microsoft Dynamics AX

Code Access Security:

Direct SQL

Run-time compilation and execution of X++

Data-controlled execution of X++

File handling

Win32 Interop

Windows API
 
This example shows how to consume the TextBuffer class. The code first creates
a new FileIOPermission object, passing the filename parameter, and then calls
the assert() method.


 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
xserver void MyServerFunction()
{
  // Declare the CAS Permission object.
  FileIOPermission fileIOPermission;
  TextBuffer txtb = new TextBuffer();
  Filename filename ="c:\\temp\\myfile.txt";
  // Assert that it is okay to read and 
  write files and
  // Clipboard because the content is coming 
  from a
  static file name.
  fileIOPermission = new 
  FileIOPermission(filename,
  'rw');
  fileIOPermission.assert();
  // From file will demand CAS permission 
  (read)
  txtb.fromFile(filename); // Read text from 
  file
  // To clipboard will demand CAS permission 
  (write)
  txtb.toClipboard(); // Copy it to the 
  clipboard
  // To file will demand CAS permission 
  (write)
  txtb.toFile(filename); // Write text to 
  file
}
 
Best Regards,
Hossein Karimi
By at
Labels: ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Configure the Firewall on the Enterprise Portal Server

After you install Enterprise Portal, enable Web Server (HTTP) in Windows Firewall. If you do not enable the web server in Windows Firewall...

  • Connect Analysis Services to the AOS
    To integrate Microsoft Dynamics AX and Analysis Services, you must connect Analysis Services to the Application Object Server (AOS). To do s...
  • Select count(*) sum(Field) from MyTable
    The below select query will give the both the Sales Line record count and the sum of sales quantity. static void Test_Data(Args _args) ...
  • Collection Classes "List"
    A List object contains members that are accessed sequentially. Lists are structures that can contain members of any X++ type. All the member...