Customer Reviews

Hijacking .Net Vol 1: Role Based Security

5 star:		(2)
4 star:		(0)
3 star:		(1)
2 star:		(0)
1 star:		(1)

 

 

It's hard to see how other readers of this eBook
could regard it so highly. (One begins to wonder
whether or not they're some sort of Appleman
polishers.) About 25% of this tomelet consists
of advertisements for Appleman's other works and
a blighted index which lists every last one of them.
A further 10% of the book contains unnecessary MSIL
from mscorlib.dll. Yet more space is consumed by
VB.NET code which regurgitates that listed in C#.
By my estimate then at least 40% of this offering
should have been removed before release.

Turning now to the content, this book's overview of
role based security is simplistic to the point of
puerility. Reducing security to a slogan such as
"Can you do something [to some object]" is claptrap
for simpletons. The book's idea of hijacking .NET
is to call the Type.InvokeMember() method with
BindingFlags.NonPublic as one of its arguments and
to use P/Invoke to call native code. Since none of
this will violate Code Access Security, it's hard to
see how it qualifies as hijacking .NET. If you're
interested in seeing what Appleman does, you should
download the code for this book from his web site
instead of allowing him to hijack your wallet.

I had to read this - touted as the first volume in a series that could be for .NET what Appleman's books were for the Win32 API. But a fair bit of the ebook is just a guided tour of windows role based security, well written though.

The core of the 'hijacking' part could be boiled down to a couple of pages. Essentially it's this:

Marking a class or method as private in .NET impacts its visibility, but not its security boundary - i.e. it is possible to invoke private methods.
And vs.net provides all the means necessary to do so:

Step One - navigate to the library/class you want with ildasm and have a peek at the IL. From that its pretty straightforward to grok the private objects/methods you might be interested in.
Step Two - use the InvokeMember method of the Type class to make use of private class/method.

That's it. Classic Win32 API Appleman this is not, how useful the technique is - I'm not sure (not so much in in commercial work i suspect), but it's still well worth a read.

The lessons of this PDF are twofold:
1) You get a great extension to .NET role-based security APIs via Dan's code writings and

2) In the teach-you-how-to-do-it-but-at-your-own-risk! tradition of Dan Appleman, you learn how to introspect the .NET Framework class libraries and work with their internals. Or more to the point, with the internals of *any* reflectable .NET assembly.

Bottom line: If you like knowing internals and haven't tackled the Reflection namespaces in .NET yet, this is a good start. (You'll probably need reflection skills at some point anyway).

It's a great read!

The lessons of this PDF are twofold:
1) You get a great extension to .NET role-based security APIs via Dan's code writings and

2) In the teach-you-how-to-do-it-but-at-your-own-risk! tradition of Dan Appleman, you learn how to introspect the .NET Framework class libraries and work with their internals. Or more to the point, with the internals of *any* reflectable .NET assembly.

Bottom line: If you like knowing internals and haven't tackled the Reflection namespaces in .NET yet, this is a good start. (You'll probably need reflection skills at some point anyway).

It's a great read!