信任位于网络共享的组件 [英] Trusting an assembly located on a network share
问题描述
我一直张贴在这里一段时间,但总能找到我需要的信息;直到了现在,当然!我想AP preciate任何帮助您可以提供的问候code接入的安全性,特别是dll的网络共享。
I've been meaning to post on here for a while but always find the information I need; up untill now of course! I would appreciate any help you may be able to offer in regards to code access security, and in particular dll's on a network share.
我要寻找一种方式来从一个不知名的网络共享,在运行时动态加载组装的反射,实例化和调用。
I am looking for a way to dynamically load assembles for reflection, instantiation, and invocation from an unknown network share at runtime.
我已经搜查了论坛,并认识到作为.NET 3.5 SP1,集会将在完全信任网络共享执行。这似乎在.exe文件而不是.dll文件的进行针对性。
I have searched the forums and understand that as of .NET 3.5 SP1, assemblies will execute on a network share with full trust. This appears to be targetted at .exe files and not .dll's.
我明白为什么会这样,是什么code信任,以及如何CasPol和.NET Framework 2.0配置工具的工作原理。我能够修改政策,以获得在测试环境中对特定共享的充分信任,虽然我不知道在部署后的具体网络共享。
I understand why this is happening, what code trust is, and how CasPol and the '.NET Framework 2.0 Configuration' tool works. I am able to modify the policies in order to obtain full trust in a test environment for a specific share, although I won't know the exact network share after deployment.
我不能使用任何的内置成员资格条件,如强烈的签署,网址,证书和什么,而不是。
I am unable to utilise any of the in-built membership conditions, such as strongly signed, url, certificates and what-not.
我知道我可以通过实现IMembershipCondition接口,并通过几个铁圈跳实现自定义条件类型。
I understand that I can implement a custom condition type by implementing the IMembershipCondition interface and jumping through a few hoops.
,但是这似乎是一个相当涉及的任务,而且不会出现太大的信息可从Microsoft或t'internet 。目前,我不明白你怎么把证据到一个程序集中,以便它可以被识别,我也不了解这方面的证据是在政策评估暴露,以及如何编程写。
Based on the above information I would like to implement a custom membership condition (in C#), however this appears to be a rather involving task, and there doesn't appear to be much information available from Microsoft or on t'internet. Currently I don't understand how you put 'Evidence' into an assembly so that it can be identified, nor do I understand how this Evidence is exposed during policy evaluation and how to write this programmatically.
我想实现例如,它标识具有类型AssemblyCompany的组件属性中的所有组件与我的公司,即[总成:AssemblyCompany(我公司)的价值的政策。这不正是我打算执行,但它会帮助我明白是怎么机制的工作。
I would like to implement for example, a policy which identifies all assemblies that have an assembly attribute of type AssemblyCompany with a value of 'My Company', i.e. [assembly: AssemblyCompany("My Company")]. This is not exactly what I intend to implement but it would help me to understand how the mechanism works.
我之前解决这一产品的要求一无所知code安全性,因为你也许可以抵扣,我一直在通过广泛的工作我的方式,发现尽可能多的信息,我可以的话题,但我现在卡住了。
I knew nothing about code security prior to tackling this product request, and as you can probably deduct, I've been extensively working my way through and found as much information as I can on the topic, but I am now stuck.
你实现你自己的IMembershipCondition适配器?你对如何做到这一点的任何链接到一个COM prehensive指南?你能提供一个工作的例子?
Have you implemented your own IMembershipCondition adapter? Do you have any links to a comprehensive guide on how to do this? Can you provide a working example?
感谢您对通过我(长)后阅读,请大家帮帮我! :D
Thank you for reading through my (long) post, and please help me! :D
推荐答案
其所谓的CAS,code存取权限的安全性,并迫使所有不受信任的网络驱动器将被视为不受信任的网络code。
Its called CAS,Code acces security and it forces all untrusted network drives to be treated as untrusted network code.
本地code具有FullTrust的,网络code的部分信任和互联网code没有信任。它是一个净唯一的安全模型。你的选择是要么指定网络驱动器作为一个值得信赖的车程,给它充分的权利(搜索的Caspol.exe FullTrust的网络驱动器),或.exe文件复制到本地驱动器。
Local code has fulltrust, network code has partial trust and internet code has no trust. Its a .Net only security model. You're options are to either designate the network drive as a 'trusted' drive by giving it full rights (search for caspol.exe fulltrust network drive) or to copy the .exe to a local drive.
这个链接应该帮助你: https://julianscorner.com/wiki/programming/caspol_network_share
This link should help you out: https://julianscorner.com/wiki/programming/caspol_network_share
或者-m的Caspol.exe -pp关闭-ag 1.2 -url文件://///服务器/共享/ * FullTrust的命令行
Or CasPol.exe -m -pp off -ag 1.2 -url file://///server/share/* FullTrust on the command line.
这篇关于信任位于网络共享的组件的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
