Improving Web Application Security: Threats and - CGISecurity

How To: Create a Custom Encryption Permission 817(continued)}// Copy the state from the attribute to the permission objectEncryptionPermissionFlag cipher = 0x0;StorePermissionFlag store = 0x0;if(_encrypt)cipher |= EncryptionPermissionFlag.Encrypt;if(_decrypt)cipher |= EncryptionPermissionFlag.Decrypt;if(_userStore)store |= StorePermissionFlag.User;if(_machineStore)store |= StorePermissionFlag.Machine;// Return the final permission.return new EncryptionPermission(cipher, store);9. Build the solution.Step 3. Install the Permission Assembly in the GACYou must grant full trust to any assembly that implements a custom securitypermission. In practice, this means that you need to install the assembly on thecomputer where it is used, to ensure that it is granted full trust by default securitypolicy. Code within the My_Computer_Zone is granted full trust by default policy.Installing an assembly in the GAC is one way to be sure it is granted full trust bycode access security policy. The GAC is an appropriate location for the permissionassembly because the assembly is used by code access security policy on the localcomputer and is available for any .NET Framework application that is installed onthe local computer.To install the custom permission assembly in the local computer’s GAC, run thefollowing command.gacutil.exe /i custompermission.dllStep 4. Update the DPAPI Managed Wrapper CodeDPAPI functionality is not currently exposed by the .NET Framework class library.To call DPAPI from a .NET Framework application, you must use P/Invoke. For codethat demonstrates how to create a managed DPAPI wrapper assembly, see “How To:Create a DPAPI Library,” in “Building Secure ASP.NET Applications: Authentication,Authorization, and Secure Communication,” in the MSDN Library.