How to Programmatically Disable Code Access Security

Programmatically controlling Code Access Security in a SharePoint environment is an extremely powerful approach allowing one to toggle behavior for code access demands for managed code. Outside of that, it’s actually a performance increase even though I am not saying that the side effects are worth the negligible operation amplification. Mostly, the tactic is employed only on completely isolated, disconnected environments.

Pretty importantly the approach here, if there are multiple runtimes on the SharePoint environment, will disable CAS across the board, easily grafted from the included code.

There are a few important pieces of the provided code to point out.

Firstly, the helper method, IsWin95OrLater is simply a static helper method for basic platform testing, even though this really isn’t a concern for SharePoint servers. However, for completeness is included in the example.

After the platform test occurs, a WindowsPrincipal object is created base on the current user, testing if they are an administrator by using the WindowsBuiltInRole.Administrator enumeration. After some checking etc. a new Mutex object is used to control a shared resource between threads. Using the Mutex.GetAccessControl() method a new MutexSecurity object can be created. This allows the SetOwner and AddAccessRule method to be exposed, the latter importantly instantiating a new MutexAccessRule specifying allowance through the AccessControlType.Allow enumeration. Lastly the Mutex.SetAccessControl method consumes the newly hydrated MutexSecurity.

  1. private static bool IsWin95OrLater()
  2. {
  3. return (Equals(Environment.OSVersion.Platform, PlatformID.Win32Windows));
  4. }
  5.  
  6. private static void DisableCAS()
  7. {
  8. if (!IsWin95OrLater())
  9. {
  10. var principal = new WindowsPrincipal(WindowsIdentity.GetCurrent());
  11. if (!principal.IsInRole(WindowsBuiltInRole.Administrator))
  12. {
  13. throw new Exception("Hey, You Aren't An Admin!");
  14. }
  15. }
  16. try
  17. {
  18. bool grantedOwnership;
  19. using (var mutex = new Mutex(true, !IsWin95OrLater() ? @"Global\CLR_CASOFF_MUTEX" : "CLR_CASOFF_MUTEX", out grantedOwnership))
  20. {
  21. if (!IsWin95OrLater())
  22. {
  23. MutexSecurity accessControl = mutex.GetAccessControl();
  24. accessControl.SetOwner(new SecurityIdentifier(WellKnownSidType.BuiltinAdministratorsSid, null));
  25. accessControl.AddAccessRule(new MutexAccessRule(new SecurityIdentifier(WellKnownSidType.BuiltinUsersSid, null), MutexRights.Synchronize, AccessControlType.Allow));
  26. mutex.SetAccessControl(accessControl);
  27. }
  28. }
  29. }
  30. catch (ApplicationException)
  31. {
  32. throw new Exception("Something Went Very, Very Wrong!");
  33. }
  34. }
  35. }
share save 171 16 How to Programmatically Disable Code Access Security

No Comments

Trackbacks/Pingbacks

  1. Links (9/21/2009) « Steve Pietrek – Everything SharePoint - [...] How to Programmatically Disable Code Access Security [...]

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>