none
What would make a CodeAccessPermission.Assert() fail or succeed? RRS feed

  • Question

  • I'm trying to understand security in .NET.  

    FYI what I try to achieve is, I have the following files: MyApp.exe, MyLib.dll, Plugin.dll I want to run everything in a low trust environment, so that only trusted source can execute. However I'd like to trust my MyLib.dll though.  

    As an exercise I have 2 app. App2 just start an AppDomain with lower permission set and execute App1 in it. In App1, for the sake of the exercise, I am calling SomePermission.Assert(). This fail with a security exception. Fine, I like that. Now I strongly signed my assembly App1 and it still fails on the Assert() call with SecuritException. mmh... how do I circumvent that? 

    I know that some DLL are able to do thing that the caller is not allowed to do, how do they escalate their right? why the caller cannot?

    Friday, June 26, 2009 12:04 PM

Answers

  • In order to assert, the code making the assertion must meet the following criteria:

    1. It must have the permission it is attempting to assert.  For example, if it is attempting to assert unrestricted UIPermission, it must itself possess unrestricted UIPermission.
    2. It must have permission to make assertions (SecurityPermission\Assertion).
    3. It cannot be marked as security transparent (see SecurityTransparentAttribute, SecurityCriticalAttribute).

    Assertions that fail because of #1 will result in a SecurityException when the permission is demanded, not when it is asserted.  Assertions that fail because of #2 will result in a SecurityException when the assertion is attempted.  Assertions that fail because of #3 will result in an InvalidOperationException when the assertion is attempted.

    As for how to ensure that your code has adequate permissions to make assertions, you'll need to grant these permissions when you create your appdomain.  If you're using the simple sandboxing API described at http://blogs.msdn.com/shawnfa/archive/2005/08/08/449050.aspx, you should ensure that your strong name(s) are supplied to the fullTrustAssemblies argument of the CreateDomain method.

    • Marked as answer by Lloyd Monday, June 29, 2009 3:14 PM
    Monday, June 29, 2009 12:00 PM

All replies

  • Hi,

    This forum is for .NET Framework setup discussions. Your security question will be better answered in the CLR forum. So I'm moving this post there.

    SN an assembly doesn't necessarily mean that assembly is now in FullTrust. And you also need to apply AllowPartiallyTrustedCallersAttribute to your library if it is expected to be called by partially trusted code.

    Besides, there are more than one reasons an Assert call raises a SecurityException. If you could post some simple demo code showing what exactly you're doing, it will be eaiser for us to help.

    Regards,

    Jie
    This posting is provided "AS IS" with no warranties, and confers no rights.
    Please remember to mark the replies as answers if they help and unmark them if they provide no help.

    Send us any feedback you have about the help from MSFT at fbmsdn@microsoft.com.

    The CodeFx Project
    My Blog (in Simplified Chinese)
    Monday, June 29, 2009 9:17 AM
    Moderator
  • In order to assert, the code making the assertion must meet the following criteria:

    1. It must have the permission it is attempting to assert.  For example, if it is attempting to assert unrestricted UIPermission, it must itself possess unrestricted UIPermission.
    2. It must have permission to make assertions (SecurityPermission\Assertion).
    3. It cannot be marked as security transparent (see SecurityTransparentAttribute, SecurityCriticalAttribute).

    Assertions that fail because of #1 will result in a SecurityException when the permission is demanded, not when it is asserted.  Assertions that fail because of #2 will result in a SecurityException when the assertion is attempted.  Assertions that fail because of #3 will result in an InvalidOperationException when the assertion is attempted.

    As for how to ensure that your code has adequate permissions to make assertions, you'll need to grant these permissions when you create your appdomain.  If you're using the simple sandboxing API described at http://blogs.msdn.com/shawnfa/archive/2005/08/08/449050.aspx, you should ensure that your strong name(s) are supplied to the fullTrustAssemblies argument of the CreateDomain method.

    • Marked as answer by Lloyd Monday, June 29, 2009 3:14 PM
    Monday, June 29, 2009 12:00 PM
  • Thanks Nicole, that's very helpful! :-)
    I am wondering (I haven't look much at the subject since I ask, I have been swamped by other topic)
    You said: "the code must have permission to ..."

    Is it something set by the administrator (likely the default value in my case) with CASPOL or similar concept?
    Monday, June 29, 2009 3:14 PM