locked
Load Assembly in new Appdomain, needs parent assembly to be fully trusted RRS feed

  • Question

  • I run a macro assembly inside my main application. Macro does not need to access parent assembly. This is the snippet:

    Assembly ParentAssembly
    {
        class c1
        { 
            void RunMacro()  
            {
                System.Security.PermissionSet PS = new System.Security.PermissionSet(PermissionState.None);
                PS.AddPermission(new SOME_PERMISSIONS....);
                AppDomainSetup ADS = new AppDomainSetup();
                ADS.ApplicationBase = "c:";
                AppDomain domain = AppDomain.CreateDomain(SomeName, null, ADS, PS);
    
                System.Runtime.Remoting.ObjectHandle handle = Activator.CreateInstanceFrom(domain, typeof(Sandboxer2).Assembly.ManifestModule.FullyQualifiedName, typeof(Sandboxer2).FullName);
                Sandboxer2 m = (Sandboxer2)handle.Unwrap();
                m.Execute();
            }
        }
    }

    I receive this exception:

    Attempt by security transparent method 'SandBoxer.Sandboxer2.Execute()' to access security critical method 'System.AppDomain.add_AssemblyResolve(System.ResolveEventHandler)' failed.

    Assembly 'Parent Assembly full name...' is partially trusted, which causes the CLR to make it entirely security transparent regardless of any transparency annotations in the assembly itself. In order to access security critical code, this assembly must be fully trusted.

    Parent Assembly is the assembly of main application that creates instance of SandBoxr and runs it. Please take a look at SandBoxer2 class and its Execute method:

    public class Sandboxer2 : MarshalByRefObject
    {
        public void Execute()
        {
            AppDomain ad = AppDomain.CurrentDomain;
            ad.AssemblyResolve += MyHandler;
            .
            .
            .
        }
    }
    Inside of Execute method, after ad is instantiated, I used ad.GetAssemblies() and this was the list of all assemblies already loaded. Line number 2 holds ParentAssembly from the very beginning of execution of sandboxer.

    • [0] {mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089} System.Reflection.Assembly {System.Reflection.RuntimeAssembly}
    • [1] {System.Web, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a} System.Reflection.Assembly {System.Reflection.RuntimeAssembly}
    • [2] {ParentAssembly, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null} System.Reflection.Assembly {System.Reflection.RuntimeAssembly}
    • [3] {System.Data, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089} System.Reflection.Assembly {System.Reflection.RuntimeAssembly}
    • [4] {System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089} System.Reflection.Assembly {System.Reflection.RuntimeAssembly}
    • [5] {MacroBase_IO, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null} System.Reflection.Assembly {System.Reflection.RuntimeAssembly}
    • [6] {System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089} System.Reflection.Assembly {System.Reflection.RuntimeAssembly}
    • [7] {System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a} System.Reflection.Assembly {System.Reflection.RuntimeAssembly}
    • [8] {System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089} System.Reflection.Assembly {System.Reflection.RuntimeAssembly}

    My question:

    1. Is there any way to avoid loading parent assembly in child assembly?

    2. In second line of my code, what permissions can solve the problem?

    3. There are some assemblies that will be loaded by AssemblyResolve event of SandBoxer at runtime. Assemblies get loaded from database as binary array or from GAC. They are not fully trusted. I control their behavior with permission objects added at second line of code. Are there special permissions that I have to add for letting them be only loaded as partially trusted assemblies?

    I think everything can be done by adding security permissions like second line of code, If I'm misunderstanding the concept, I would be grateful to be guided.

    Friday, October 6, 2017 2:42 PM

All replies

  • Hi Alireza78,

    Thank you for posting here.

    >>Is there any way to avoid loading parent assembly in child assembly?

    For your question, what is your parent assembly and child assembly? How do you load the assembly?

    >>In second line of my code, what permissions can solve the problem?

    There are some assemblies that will be loaded by AssemblyResolve event of SandBoxer at runtime. Assemblies get loaded from database as binary array or from GAC. They are not fully trusted. I control their behavior with permission objects added at second line of code. Are there special permissions that I have to add for letting them be only loaded as partially trusted assemblies?

    If you want to set the special permission, you would like to check the following link. 

    https://social.msdn.microsoft.com/Forums/vstudio/en-US/23a9197e-3581-4a28-912d-968004488773/how-to-change-permissions-of-appdomain?forum=clr

    Best Regards,

    Wendy


    MSDN Community Support
    Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.

    Wednesday, October 11, 2017 6:24 AM
  • Hello and thanks for your attention

    1- Parent assembly is the name of assembly that contains main application. Please refer to name of assembly in my first snippet. May be it was better to call it "Main_Application_Assembly". And there is nothing called child. We have sandboxer assembly which from the very beginning of its existence, it contains "ParentAssembly". There is simply no need for sand boxer to manipulate parent.

    2- I will read in a few days and come back for probable more question.

    Thanks

    Wednesday, October 11, 2017 11:12 AM
  • Hi Alireza78,

    Try to set the permission with the suggestion of the link in my previous.

    If you have more question, please feel free to contact us. We are waiting for your update.

    Best Regards,

    Wendy


    MSDN Community Support
    Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.

    Thursday, October 12, 2017 6:10 AM
  • Hello

    I solved the problem using your link plus this one:

    https://docs.microsoft.com/en-us/dotnet/framework/misc/how-to-run-partially-trusted-code-in-a-sandbox

    I had to sign the sandboxer assembly with a strong name and key. When I separated the DLL of sandboxer from main application and signed it, both problems 1 and 2 got solved. I don't get any more exception and assembly for main application is no more there.  

    Now I have hopefully the last issue; I'm not sure if this is correct to Continue it here or not. I write it here and if necessary, I can move it to a new question:

    Problem:

    I add these permissions to sandboxer:

    System.Security.PermissionSet PS = new System.Security.PermissionSet(PermissionState.None);
    
    PS.AddPermission(new FileIOPermission(PermissionState.Unrestricted));
    PS.AddPermission(new SqlClientPermission(PermissionState.Unrestricted));
    PS.AddPermission(new SecurityPermission(PermissionState.Unrestricted));
    PS.AddPermission(new ReflectionPermission(PermissionState.Unrestricted));
    PS.AddPermission(new System.Net.WebPermission(PermissionState.Unrestricted));
    

    Then I load some assemblies to sandboxer. one of them is called "MacroBase". It is my own assembly and fully trusted and signed with a key and has strong name. This MacroBase is responsible for running macro codes by third party. Upto here there mustn't be anything wague. One method inside macrobase is executed by sandboxer and that method is responsible for every thing else inside of new appdomain.

    Problem is this line of macrobase assembly (executed inside of sandboxer): 

    object o = Activator.CreateInstance(t);

    this line throws security exception. Although this assembly is signed with a a key and it's strong name is introduced to sandboxer application by parent and I have added unrestricted reflection permission, this line throws exception. What can I do?

    Of Course other assemblies by third party are not introduces by parent application as security safe.

    Thanks in advance

    Friday, October 20, 2017 4:26 PM
  • Hi Alireza78,

    What is the security exception? Could you provide more details? 

    Is this exception related to access exception? Like MethodAccessException? It may caused by permissions of caller.

    Best Regards,

    Wendy


    MSDN Community Support
    Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.

    Wednesday, November 8, 2017 9:50 AM