Security

Create SecureString

Posted on by coder 
   
 
///////////////////////////////////////////////////////////////////////////////////////////////
//
//    This File is Part of the CallButler Open Source PBX (http://www.codeplex.com/callbutler
//
//    Copyright (c) 2005-2008, Jim Heising
//    All rights reserved.
//
//    Redistribution and use in source and binary forms, with or without modification,
//    are permitted provided that the following conditions are met:
//
//    * Redistributions of source code must retain the above copyright notice,
//      this list of conditions and the following disclaimer.
//
//    * Redistributions in binary form must reproduce the above copyright notice,
//      this list of conditions and the following disclaimer in the documentation and/or
//      other materials provided with the distribution.
//
//    * Neither the name of Jim Heising nor the names of its contributors may be
//      used to endorse or promote products derived from this software without specific prior
//      written permission.
//
//    THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
//    ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
//    WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
//    IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
//    INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
//    NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
//    PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
//    WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
//    ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
//    POSSIBILITY OF SUCH DAMAGE.
//
///////////////////////////////////////////////////////////////////////////////////////////////

using System;
using System.Security.Cryptography;
using System.Text;
using System.Globalization;
using System.IO;

namespace WOSI.Utilities
{
  /// <summary>
  /// Summary description for CryptoUtils.
  /// </summary>
  public class CryptoUtils
  {
        public static System.Security.SecureString CreateSecureString(string inputString)
        {
            System.Security.SecureString secureString = new System.Security.SecureString();

            foreach (Char character in inputString)
            {
                secureString.AppendChar(character);
            }

            return secureString;
        }
   }
}

Append chars to SecureString

Posted on by coder 
   
 

using System;
using System.Security;

public class Example
{
   public static void Main()
   {
      char[] chars = { &#039;t&#039;, &#039;e&#039;, &#039;s&#039;, &#039;t&#039; };
      // Instantiate the secure string.
      SecureString testString = new SecureString();
      // Assign the character array to the secure string.
      foreach (char ch in chars)
         testString.AppendChar(ch);      
      // Display secure string length.
      Console.WriteLine("The length of the string is {0} characters.", testString.Length);

   }
}

MakeReadOnly, RemoveAt

Posted on by coder 
   
  


using System;
using System.Security;
using System.Diagnostics;

class MainClass {
    public static SecureString ReadString() {
        SecureString str = new SecureString();
        ConsoleKeyInfo nextChar = Console.ReadKey(true);
        while (nextChar.Key != ConsoleKey.Enter) {
            if (nextChar.Key == ConsoleKey.Backspace) {
                if (str.Length > 0) {
                    str.RemoveAt(str.Length - 1);
                    Console.Write(nextChar.KeyChar+" " +nextChar.KeyChar);
                } else {
                    Console.Beep();
                }
            } else {
                str.AppendChar(nextChar.KeyChar);
                Console.Write("*");
            }

            nextChar = Console.ReadKey(true);
        }
        str.MakeReadOnly();
        return str;
    }

    public static void Main() {
        string user = "user1";
        Console.Write("Enter the user&#039;s password: ");
        using (SecureString pword = ReadString()) {
            ProcessStartInfo startInfo = new ProcessStartInfo();
            startInfo.FileName = "notepad.exe";
            startInfo.UserName = user;
            startInfo.Password = pword;
            startInfo.UseShellExecute = false;
            using (Process process = new Process()) {
                process.StartInfo = startInfo;
                try {
                    process.Start();
                } catch (Exception ex) {
                    Console.WriteLine("

Could not start Notepad process.");
                    Console.WriteLine(ex);
                }
            }
        }
    }
}

Demand

Posted on by coder 
   



using System;
using Microsoft.Win32;
using System.Security.Permissions;

class Class1 {
    static void Main(string[] args) {

        RegistryPermission regPermission = new RegistryPermission(RegistryPermissionAccess.AllAccess, "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersion");
        regPermission.Demand();


        RegistryKey myRegKey = Registry.LocalMachine;
        myRegKey = myRegKey.OpenSubKey("SOFTWAREMicrosoftWindows NTCurrentVersion");

        Object oValue = myRegKey.GetValue("RegisteredOwner");
        Console.WriteLine("OS Registered Owner: {0}", oValue.ToString());

    }
}

Deny

Posted on by coder 
   


using System;
using Microsoft.Win32;
using System.Security.Permissions;

class Class1 {
    static void Main(string[] args) {
        RegistryPermission regPermission = new RegistryPermission(RegistryPermissionAccess.AllAccess, "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersion");
        regPermission.Deny();


        RegistryKey myRegKey = Registry.LocalMachine;
        myRegKey = myRegKey.OpenSubKey("SOFTWAREMicrosoftWindows NTCurrentVersion");
        Object oValue = myRegKey.GetValue("RegisteredOwner");
        Console.WriteLine("OS Registered Owner: {0}", oValue.ToString());
    }
}

Demand PrincipalPermission

Posted on by coder 
   
 
using System;
using System.Security;
using System.Security.Principal;
using System.Security.Permissions;


class Class1 {
    static void Main(string[] args) {
        //AppDomain.CurrentDomain.SetPrincipalPolicy(PrincipalPolicy.WindowsPrincipal);
        WindowsIdentity wi = WindowsIdentity.GetCurrent();
        PrincipalPermission PrincipalPerm = new PrincipalPermission(wi.Name, "Administrator");

        try {
            PrincipalPerm.Demand();
            Console.WriteLine("Code demand for an administrator succeeded.");
        } catch (SecurityException e) {
            Console.WriteLine("Demand for administrator failed!");
            Console.WriteLine(e.Message);
        }
    }
}

Union two PrincipalPermissions

Posted on by coder 
   
 

using System;
using System.Security.Permissions;

class MainClass {


    public static void Method2() {
        PrincipalPermission perm1 = new PrincipalPermission(null, @"MACHINEManagers");

        PrincipalPermission perm2 = new PrincipalPermission(null, @"MACHINEDevelopers");

        perm1.Union(perm2).Demand();
    }

    public static void Method3() {
        PrincipalPermission perm = new PrincipalPermission(@"MACHINETester", @"MACHINEManagers");
        perm.Demand();
    }
    [PrincipalPermission(SecurityAction.Demand, Name = @"MACHINETester")]
    public static void Method4() {
    }

    [PrincipalPermission(SecurityAction.Demand, Role = @"MACHINEManagers")]
    [PrincipalPermission(SecurityAction.Demand, Role = @"MACHINEDevelopers")]
    public static void Method5() {
        // Method implementation. . .
    }
    [PrincipalPermission(SecurityAction.Demand, Name = @"MACHINETester",
        Role = @"MACHINEManagers")]
    public static void Method6() {
        // Method implementation. . .
    }
}