Code Access Security for System.DirectoryServices

Code access security is a mechanism that limits the access that code has to protect resources and operations. Code access security enables code to be trusted to varying degrees depending on where the code originates and on other aspects of the code's identity. For more information, see Code Access Security.

Caller Security Requirements

The System.DirectoryServices.dll and System.DirectoryServices.Protocols.dll libraries contain the implementations of the System.DirectoryServices, System.DirectoryServices.ActiveDirectory and System.DirectoryServices.Protocols namespaces. They are secure libraries that demand that their callers have unrestricted DirectoryServicesPermission in order to access the classes, methods and properties that the libraries expose.

Applications that receive less than full trust by the runtime code access security system cannot call shared managed libraries unless the library is marked with AllowPartiallyTrustedCallersAttribute. By default, all code that executes from the local intranet or Internet zones is partially trusted. In the .NET Framework 2.0, System.DirectoryServices.dll and System.DirectoryServices.Protocols.dll have the AllowPartiallyTrustedCallersAttribute applied to enable code to execute from a partially-trusted context or to be called by partially-trusted code. Therefore, the caller does not have to be a fully-trusted assembly to access System.DirectoryServices.dll and System.DirectoryServices.Protocols.dll as long as the caller is granted unrestricted DirectoryServicesPermission.

Demanding Permissions

A link demand causes a security check during just-in-time compilation, rather than at run-time, and checks only the immediate caller of the code. A full stack walk is not performed with link demand as it is with a regular demand. Link demands are on average much faster than regular demands but the code that uses link demand is still susceptible to luring attacks. The caller of any method or class which is marked as link demand needs to perform any security checking that is deemed necessary by the application's designers. For a more in-depth comparison of Demands and Link Demands, see Demand vs. LinkDemand.

All the entry points of System.DirectoryServices, System.DirectoryServices.ActiveDirectory and System.DirectoryServices.Protocols namespaces perform a demand on unrestricted DirectoryServicesPermission (for example, constructors of DirectoryEntry, DirectorySearcher, DirectoryContext, LdapConnection, and DsmlSoapHttpConnection). They perform a link demand on other required permissions.  For detailed information about the kinds of demands that are made for classes and methods of the three namespaces, see the System.DirectoryServices, System.DirectoryServices.ActiveDirectory and System.DirectoryServices.Protocols namespace reference sections.

Granting Unrestricted DirectoryServicesPermission

By default, a fully trusted assembly is granted unrestricted DirectoryServicesPermission. This permission can also be granted explicitly to other assemblies, using tools like the Code Access Security Policy Tool (Caspol.exe), Caspol.exe.

See Also




Getting Started in System.DirectoryServices

Other Resources

Code Access Security
Secure Coding Guidelines
Security Demands

Send comments about this topic to Microsoft.

Copyright © 2007 by Microsoft Corporation. All rights reserved.