none
SecurityRules .Net inheritance between assemblies MarshalByRefObject

    Question

  • Hello,

    I've got 2 assemblies (A and B) and 1 console application.

    The console application creates an app domain with a restrictive permission set.

    Assembly A defines a class cA that inherits from MarshalByRefObject.

    Assembly B defines a class cB that inherits from cA.

    The console app tries to create an instance of cB, but it throws an exception due to Inheritance security rules violated.

    All assemblies use the SecurityRules(SecurityRuleSet.Level2).

    I tried to apply the SecurityCritical attribute over cB, but it still throw an exception.

    Anyone have a solution for this ?

    I would like to keep the Level 2 security rule set.

    Thanks
    Wednesday, July 03, 2013 8:43 AM

Answers

  • I had a misunderstanding about code security.

    namespace SampleConsole
    {
        public class Program
        {
    
            static void Main(string[] args)
            {
                System.Security.PermissionSet permSet = new PermissionSet(PermissionState.None);
                AppDomainSetup objSetup = new AppDomainSetup();
                objSetup.ApplicationBase = AppDomain.CurrentDomain.SetupInformation.ApplicationBase;
                permSet.SetPermission(new SecurityPermission(SecurityPermissionFlag.Execution));
                permSet.SetPermission(new ReflectionPermission(ReflectionPermissionFlag.MemberAccess));
    
                Assembly assemblyA = typeof(SampleAssemblyA.First).Assembly;
                Assembly assemblyB = typeof(SampleAssemblyB.FirstB).Assembly;
    
                StrongName sampleAssemblyAStrongName = assemblyA.Evidence.GetHostEvidence<StrongName>();
    
                AppDomain domain = AppDomain.CreateDomain("New domain name", null, objSetup, permSet, new StrongName[] { sampleAssemblyAStrongName });
    
                System.Runtime.Remoting.ObjectHandle handle = Activator.CreateInstanceFrom(domain, assemblyB.ManifestModule.FullyQualifiedName, typeof(SampleAssemblyB.FirstB).FullName);
                var t = (SampleAssemblyB.FirstB)handle.Unwrap();
            }
        }
    }
    
    namespace SampleAssemblyA
    {
        public class First : MarshalByRefObject
        {
            public override object InitializeLifetimeService()
            {
                return base.InitializeLifetimeService();
            }
        }
    }
    
    namespace SampleAssemblyB
    {
        public class FirstB : SampleAssemblyA.First
        {
    
        }
    }

    Now it's ok, totally normal that a partial trust assembly cannot call securitycritical methods. Because first i did not know that FullTrust assemblies were SecurityCritical.

    Now i use the AllowPartialTrustedCallers to deal with the inheritance problem.

    Friday, July 05, 2013 9:46 AM

All replies

  • Hi Mathias Herbaux,

      Welcome to MSDN Forum Support.

      Could you please paste your code snippet at the end of your thread? I have no idea if you still descript your problem. Hope you understand it.

      Sincerely,

      Jason Wang


    Jason Wang [MSFT]
    MSDN Community Support | Feedback to us

    Friday, July 05, 2013 2:24 AM
    Moderator
  • I had a misunderstanding about code security.

    namespace SampleConsole
    {
        public class Program
        {
    
            static void Main(string[] args)
            {
                System.Security.PermissionSet permSet = new PermissionSet(PermissionState.None);
                AppDomainSetup objSetup = new AppDomainSetup();
                objSetup.ApplicationBase = AppDomain.CurrentDomain.SetupInformation.ApplicationBase;
                permSet.SetPermission(new SecurityPermission(SecurityPermissionFlag.Execution));
                permSet.SetPermission(new ReflectionPermission(ReflectionPermissionFlag.MemberAccess));
    
                Assembly assemblyA = typeof(SampleAssemblyA.First).Assembly;
                Assembly assemblyB = typeof(SampleAssemblyB.FirstB).Assembly;
    
                StrongName sampleAssemblyAStrongName = assemblyA.Evidence.GetHostEvidence<StrongName>();
    
                AppDomain domain = AppDomain.CreateDomain("New domain name", null, objSetup, permSet, new StrongName[] { sampleAssemblyAStrongName });
    
                System.Runtime.Remoting.ObjectHandle handle = Activator.CreateInstanceFrom(domain, assemblyB.ManifestModule.FullyQualifiedName, typeof(SampleAssemblyB.FirstB).FullName);
                var t = (SampleAssemblyB.FirstB)handle.Unwrap();
            }
        }
    }
    
    namespace SampleAssemblyA
    {
        public class First : MarshalByRefObject
        {
            public override object InitializeLifetimeService()
            {
                return base.InitializeLifetimeService();
            }
        }
    }
    
    namespace SampleAssemblyB
    {
        public class FirstB : SampleAssemblyA.First
        {
    
        }
    }

    Now it's ok, totally normal that a partial trust assembly cannot call securitycritical methods. Because first i did not know that FullTrust assemblies were SecurityCritical.

    Now i use the AllowPartialTrustedCallers to deal with the inheritance problem.

    Friday, July 05, 2013 9:46 AM
  • Hi,

      Thank you for sharing you solution. Using CAS is wonderful solution for this problem.

     


    Jason Wang [MSFT]
    MSDN Community Support | Feedback to us

    Tuesday, July 16, 2013 8:27 AM
    Moderator