/////////////////////////////////////////////////////////////////////////////////////////////// // // This File is Part of the CallButler Open Source PBX (http://www.codeplex.com/callbutler // // Copyright (c) 2005-2008, Jim Heising // All rights reserved. // // Redistribution and use in source and binary forms, with or without modification, // are permitted provided that the following conditions are met: // // * Redistributions of source code must retain the above copyright notice, // this list of conditions and the following disclaimer. // // * Redistributions in binary form must reproduce the above copyright notice, // this list of conditions and the following disclaimer in the documentation and/or // other materials provided with the distribution. // // * Neither the name of Jim Heising nor the names of its contributors may be // used to endorse or promote products derived from this software without specific prior // written permission. // // THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND // ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED // WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. // IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, // INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT // NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR // PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, // WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) // ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE // POSSIBILITY OF SUCH DAMAGE. // /////////////////////////////////////////////////////////////////////////////////////////////// using System; using System.Security.Cryptography; using System.Text; using System.Globalization; using System.IO; namespace WOSI.Utilities { /// <summary> /// Summary description for CryptoUtils. /// </summary> public class CryptoUtils { public static System.Security.SecureString CreateSecureString(string inputString) { System.Security.SecureString secureString = new System.Security.SecureString(); foreach (Char character in inputString) { secureString.AppendChar(character); } return secureString; } } }
Security
Append chars to SecureString
using System; using System.Security; public class Example { public static void Main() { char[] chars = { 't', 'e', 's', 't' }; // Instantiate the secure string. SecureString testString = new SecureString(); // Assign the character array to the secure string. foreach (char ch in chars) testString.AppendChar(ch); // Display secure string length. Console.WriteLine("The length of the string is {0} characters.", testString.Length); } }
MakeReadOnly, RemoveAt
using System; using System.Security; using System.Diagnostics; class MainClass { public static SecureString ReadString() { SecureString str = new SecureString(); ConsoleKeyInfo nextChar = Console.ReadKey(true); while (nextChar.Key != ConsoleKey.Enter) { if (nextChar.Key == ConsoleKey.Backspace) { if (str.Length > 0) { str.RemoveAt(str.Length - 1); Console.Write(nextChar.KeyChar+" " +nextChar.KeyChar); } else { Console.Beep(); } } else { str.AppendChar(nextChar.KeyChar); Console.Write("*"); } nextChar = Console.ReadKey(true); } str.MakeReadOnly(); return str; } public static void Main() { string user = "user1"; Console.Write("Enter the user's password: "); using (SecureString pword = ReadString()) { ProcessStartInfo startInfo = new ProcessStartInfo(); startInfo.FileName = "notepad.exe"; startInfo.UserName = user; startInfo.Password = pword; startInfo.UseShellExecute = false; using (Process process = new Process()) { process.StartInfo = startInfo; try { process.Start(); } catch (Exception ex) { Console.WriteLine(" Could not start Notepad process."); Console.WriteLine(ex); } } } } }
Demand
using System; using Microsoft.Win32; using System.Security.Permissions; class Class1 { static void Main(string[] args) { RegistryPermission regPermission = new RegistryPermission(RegistryPermissionAccess.AllAccess, "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersion"); regPermission.Demand(); RegistryKey myRegKey = Registry.LocalMachine; myRegKey = myRegKey.OpenSubKey("SOFTWAREMicrosoftWindows NTCurrentVersion"); Object oValue = myRegKey.GetValue("RegisteredOwner"); Console.WriteLine("OS Registered Owner: {0}", oValue.ToString()); } }
Deny
using System; using Microsoft.Win32; using System.Security.Permissions; class Class1 { static void Main(string[] args) { RegistryPermission regPermission = new RegistryPermission(RegistryPermissionAccess.AllAccess, "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersion"); regPermission.Deny(); RegistryKey myRegKey = Registry.LocalMachine; myRegKey = myRegKey.OpenSubKey("SOFTWAREMicrosoftWindows NTCurrentVersion"); Object oValue = myRegKey.GetValue("RegisteredOwner"); Console.WriteLine("OS Registered Owner: {0}", oValue.ToString()); } }
Demand PrincipalPermission
using System; using System.Security; using System.Security.Principal; using System.Security.Permissions; class Class1 { static void Main(string[] args) { //AppDomain.CurrentDomain.SetPrincipalPolicy(PrincipalPolicy.WindowsPrincipal); WindowsIdentity wi = WindowsIdentity.GetCurrent(); PrincipalPermission PrincipalPerm = new PrincipalPermission(wi.Name, "Administrator"); try { PrincipalPerm.Demand(); Console.WriteLine("Code demand for an administrator succeeded."); } catch (SecurityException e) { Console.WriteLine("Demand for administrator failed!"); Console.WriteLine(e.Message); } } }
Union two PrincipalPermissions
using System; using System.Security.Permissions; class MainClass { public static void Method2() { PrincipalPermission perm1 = new PrincipalPermission(null, @"MACHINEManagers"); PrincipalPermission perm2 = new PrincipalPermission(null, @"MACHINEDevelopers"); perm1.Union(perm2).Demand(); } public static void Method3() { PrincipalPermission perm = new PrincipalPermission(@"MACHINETester", @"MACHINEManagers"); perm.Demand(); } [PrincipalPermission(SecurityAction.Demand, Name = @"MACHINETester")] public static void Method4() { } [PrincipalPermission(SecurityAction.Demand, Role = @"MACHINEManagers")] [PrincipalPermission(SecurityAction.Demand, Role = @"MACHINEDevelopers")] public static void Method5() { // Method implementation. . . } [PrincipalPermission(SecurityAction.Demand, Name = @"MACHINETester", Role = @"MACHINEManagers")] public static void Method6() { // Method implementation. . . } }