Configure C# Security
The C# scripted rule enables you to code any algorithmic implementation designed to process messages that are received by Service Virtualization.
About C# scripted rule security
To include code in the script that will act on external elements, such as files in the file system, Windows configuration, printers, network, database, or other programs, you must specify these rules in the Service Virtualization security policy file.
If you run your C# rule, and are missing appropriate permissions, an error message is displayed in the Problem List, and also written to the Designer/Server application log. The message indicates the XML node that you must add to the security policy file to enable the actions to execute.
- C# security is only supported for Windows.
- If the current user running the Designer or Server has limited permissions outside of Service Virtualization (such as Windows permissions or permissions to a specific external application), granting permissions in the security policy does not override that. You must have the appropriate permissions for both Windows and any program that Service Virtualization needs to interact with.
- For details Microsoft’s .NET system security permissions for controlling access to operations and resources based on policy, see http://msdn.microsoft.com/en-us/library/system.security.permissions(v=vs.110).aspx.
Prerequisite: Create a C# scripted rule. For details, see Create a Scripted Rule.
Open the CodeSecurityPolicy.xml file for your Service Virtualization application, based on where service is running:
- Designer (embedded server): On the Service Virtualization Designer machine, navigate to the \bin folder under the Designer installation folder. By default, C:\Program Files\Micro Focus\ Service Virtualization Designer\Designer\bin.
- Service Virtualization Server: On the Service Virtualization Server, navigate to the \bin folder under the Service Virtualization Server installation folder. By default, C:\Program Files\Micro Focus\ Service Virtualization Server\Server\bin.
To configure the permissions, copy the relevant text from the Service Virtualization error message in the Problem List into the CodeSecurityPolicy.xml file.
<IPermission class="System.Security.Permissions.FileIOPermission, mscorlib, Version=22.214.171.124, Culture=neutral, PublicKeyToken=b77a5c561934e089" version="1" Write="C:\demo\pirate.txt" />
Restart the relevant application to apply the changes:
- Designer: Close and reopen the Designer.
- Service Virtualization Server: Restart the Service Virtualization Server service.
By default, Service Virtualization Server implements C# rule security by running the scripted rule in a sandbox environment. When you run a C# rule, the CodeSecurityPolicy.xml file that you configured is loaded and applied.
Running in sandbox mode may have some performance impact. In addition, you cannot reference third-party libraries in the sandbox environment. In that case, you may want to disable C# security and run in unsecured mode. While this will provide the maximal possible performance, the C# rules are then completely unrestricted.
Note: C# rule security is disabled by default in Designer.
To change the C# rule security:
Open the Service Virtualization configuration file:
Service Virtualization Server configuration file: HP.SV.StandaloneServer.exe.config, located on the Service Virtualization Server machine in the server installation folder. By default, the folder is C:\Program Files\Micro Focus\Service Virtualization Server\Server\bin.
- Designer configuration file: VirtualServiceDesigner.exe.config, located on the Designer machine in the installation folder. By default, the folder is C:\Program Files\Micro Focus\Service Virtualization Designer\Designer\bin.
Edit the following line, and set value="true" or "false" to enable or disable the C# rule security.
<add key="Simulator.Scripting.Sandbox" value=" "/>