none
Using evidence to restrict an assembly's operations RRS feed

  • Question

  • I am just learning about Evidence and how to use it when loading an Assembly into an AppDomain.

    My scenario is that I have an assembly located somewhere on the file system, and inside my main program I want to load this assembly with very limited permissions so it only has access to one directory, and to one URL.

    So far I have something like this:

      object[] trustedEvidence = 
      { new ApplicationDirectory( @"file://C:/Untrusted" ) };
    
      Evidence evidence = new Evidence(trustedEvidence, null);
          
      AppDomain ad = AppDomain.CreateDomain("UntrustedAppDomain", evidence);
      try
      {
        ad.ExecuteAssembly(@"C:/Untrusted/DoNothingAssembly.exe");
      }
      catch (System.Exception ex)
      {
        MessageBox.Show(ex.Message);      	
      }
    

    So far this only throws an "Request for the permission of type System.Security.Permissions.FileIOPermission, mscorlib... failed."

    The DoNothingAssembly does absolutely nothing, and only references System.  It looks like the AppDomain can't even start the assembly due to permissions, but I thought adding the ApplicationDirectory evidence would at least let it do this.

     

    Thanks

    Wednesday, February 2, 2011 2:09 AM

All replies

  • Could you please provide the full exception message, as well as the call stack?
    Eric Yang [MSFT]
    MSDN Community Support | Feedback to us
    Get or Request Code Sample from Microsoft
    Please remember to mark the replies as answers if they help and unmark them if they provide no help.

    Thursday, February 3, 2011 9:50 AM
  • >    AppDomainTest.exe!AppDomainTest.Program.Main() Line 36    C#
         [Native to Managed Transition]   
         [Managed to Native Transition]   
         Microsoft.VisualStudio.HostingProcess.Utilities.dll!Microsoft.VisualStudio.HostingProcess.HostProc.RunUsersAssembly() + 0x47 bytes   
         mscorlib.dll!System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext executionContext, System.Threading.ContextCallback callback, object state) + 0x9b bytes   
         mscorlib.dll!System.Threading.ThreadHelper.ThreadStart() + 0x4d bytes   

     

    Request for the permission of type 'System.Security.Permissions.FileIOPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed.

    Friday, February 4, 2011 4:15 PM
  • Hi,

     

    Please refer the MSDN link

     

    AppDomain.CreateDomain Method (String, Evidence)

    http://msdn.microsoft.com/en-us/library/8dba63a0.aspx

     

    To see how to create a new application domain with the given name using the supplied evidence.

     

     


    bill boyce
    Wednesday, March 9, 2011 4:36 PM
    Moderator