none
SecurityException is thrown RRS feed

  • Question

  • In our application we create for plugins Sandboxed AppDomains with limited access rights. After introducing this feature we started to catch SecurityException in main unrestricted AppDomain. Here is an excemple of such exception

    System.Security.SecurityException: Request failed.
       at System.RuntimeMethodHandle.PerformSecurityCheck(Object obj, RuntimeMethodHandleInternal method, RuntimeType parent, UInt32 invocationFlags)
       at System.RuntimeMethodHandle.PerformSecurityCheck(Object obj, IRuntimeMethodInfo method, RuntimeType parent, UInt32 invocationFlags)
       at System.Reflection.RuntimeMethodInfo.Invoke(Object obj, BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
       at System.Reflection.RuntimePropertyInfo.GetValue(Object obj, Object[] index)
       at MS.Internal.Data.PropertyPathWorker.GetValue(Object item, Int32 level)
       at MS.Internal.Data.PropertyPathWorker.RawValue(Int32 k)
       at MS.Internal.Data.ClrBindingWorker.RawValue()
       at System.Windows.Data.BindingExpression.TransferValue(Object newValue, Boolean isASubPropertyChange)
       at MS.Internal.Data.PropertyPathWorker.UpdateSourceValueState(Int32 k, ICollectionView collectionView, Object newValue, Boolean isASubPropertyChange)
       at MS.Internal.Data.PropertyPathWorker.UpdateSourceValueState(Int32 k, ICollectionView collectionView)
       at MS.Internal.Data.ClrBindingWorker.OnSourcePropertyChanged(Object o, String propName)
       at System.Windows.WeakEventManager.ListenerList`1.DeliverEvent(Object sender, EventArgs e, Type managerType)
       at System.Windows.WeakEventManager.DeliverEventToList(Object sender, EventArgs args, ListenerList list)
       at System.ComponentModel.PropertyChangedEventManager.OnPropertyChanged(Object sender, PropertyChangedEventArgs args)
       at System.EventHandler.Invoke(Object sender, EventArgs e)
       at System.Windows.Window.WmActivate(IntPtr wParam)
       at System.Windows.Window.WindowFilterMessage(IntPtr hwnd, Int32 msg, IntPtr wParam, IntPtr lParam, Boolean& handled)
       at System.Windows.Interop.HwndSource.PublicHooksFilterMessage(IntPtr hwnd, Int32 msg, IntPtr wParam, IntPtr lParam, Boolean& handled)
       at MS.Win32.HwndWrapper.WndProc(IntPtr hwnd, Int32 msg, IntPtr wParam, IntPtr lParam, Boolean& handled)
       at MS.Win32.HwndSubclass.DispatcherCallbackOperation(Object o)
       at System.Windows.Threading.ExceptionWrapper.InternalRealCall(Delegate callback, Object args, Int32 numArgs)
       at MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(Object source, Delegate method, Object args, Int32 numArgs, Delegate catchHandler)
    The action that failed was:
    Demand
    The type of the first permission that failed was:
    System.Security.PermissionSet
    The demand was for:



    me

    Thursday, July 17, 2014 8:33 AM

All replies

  • Hi Artiom

    I moved your thread to CLR forum for better support.

    Have a nice day!

    Kristin

    Friday, July 18, 2014 6:16 AM
  • Hi Ioana. I create appdomain a little bit differently to what you gave me.

    This is how I create app domain. 

    var permissionSet = new PermissionSet(PermissionState.None);
    permissionSet.AddPermission(new SecurityPermission(SecurityPermissionFlag.Execution | SecurityPermissionFlag.RemotingConfiguration));
    
    permissionSet.AddPermission(new RegistryPermission(PermissionState.Unrestricted));
    permissionSet.AddPermission(new FileIOPermission(PermissionState.Unrestricted));
    permissionSet.AddPermission(new WebPermission(PermissionState.Unrestricted));
    
    var settings = new AppDomainSetup
        {
            ApplicationBase = AppDomain.CurrentDomain.BaseDirectory,
        };
    var trustedAssembly = typeof (PluginManager).Assembly.Evidence.GetHostEvidence<StrongName>();
    
    var appDomain = AppDomain.CreateDomain(friendlyName, null, settings, permissionSet, trustedAssembly);
    return appDomain;

    There's nothing in stacktrace that could help to udnerstand what's the problem. 


    me

    Friday, July 18, 2014 6:27 AM
  • Hello,

    It seems your current provide code shows only the process to create plugins Sandboxed AppDomains with limited access rights. Could you please share the remain code as how you introduce this feature we in main unrestricted AppDomain.

    Do you try with the way in the link provided by Ioana?

    Regards.


    We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
    Click HERE to participate the survey.

    Monday, July 21, 2014 9:12 AM
    Moderator