New ILAsm Support For Assembly-Level Security

Before Whidbey shipped, using assembly level declarative security was always a bit of a pain.  Previous versions of the CLR required you to provide security attributes in the form of XML, which meant that you would have to figure out the exact XML represented the permission sets you wanted, and use those in your assembly.  Oftentimes this required writing a simple program that created the permission set, and then dumped out the XML to a console.  For instance, here's some declarative security in the old way:

.assembly PreviousSyntax
  .permissionset reqrefuse
    "<PermissionSet class=\"System.Security.PermissionSet\" version=\"1\">\r\n" +
      "<IPermission class=\"System.Security.Permissions.SecurityPermission, mscorlib, Version=1.0.5500.0, Culture=neutral, PublicKeyToken=b77a5c561934e089\" version=\"1\"\r\n" +
        "Flags=\"SkipVerification\"/>\r\n" +
      "<IPermission class=\"System.Security.Permissions.UIPermission, mscorlib, Version=1.0.5500.0, Culture=neutral, PublicKeyToken=b77a5c561934e089\" version=\"1\"\r\n" +
        "Unrestricted=\"true\"/>\r\n" +

You can see that not only did you have to figure out all the XML (which required knowing the full display name of all the assemblies that contained the permissions you needed), but you also had to escape it all, which could be a very error prone process.

Whidbey provides a much better interface to declarative security.  Through the use of new syntax, you can specifically lay out blocks of assembly level declarative security, without having to resort to XML or byte arrays.  This updated syntax is one of my favorite improvements of ILAsm for Whidbey.  For instance, here's the same security from the previous example, using the new Whidbey syntax:

.assembly WhidbeySyntax
  .permissionset reqrefuse =
    [mscorlib]System.Security.Permissions.SecurityPermissionAttribute =
      property bool 'SkipVerification' = bool(true)

    [mscorlib]System.Security.Permissions.UIPermissionAttribute =
      property bool 'Unrestricted' = bool(true)

Comments (0)

Skip to main content