受限AppDomain中的代码访问安全性异常 [英] Code Access Security exception in restricted AppDomain

问题描述

目标:我需要在权限非常有限的AppDomain中运行一些代码-它完全不能访问任何东西，特别是 我在其他地方定义的辅助方法.

Goal: I need to run some code in an AppDomain with very limited permissions - it should have no access to anything at all fancy or unsafe, except for a few helper methods that I have defined elsewhere.

我所做的事情:我正在创建具有所需基本权限的沙箱AppDomain，并创建一个运行代码的代理对象:

What I've done: I'm creating a sandbox AppDomain with the required basic permissions, and creating a proxy object, which runs the code:

static AppDomain CreateSandbox()
{
    var e = new Evidence();
    e.AddHostEvidence(new Zone(SecurityZone.Internet));

    var ps = SecurityManager.GetStandardSandbox(e);
    var security = new SecurityPermission(SecurityPermissionFlag.Execution);

    ps.AddPermission(security);

    var setup = new AppDomainSetup { 
        ApplicationBase = Path.GetDirectoryName(Assembly.GetExecutingAssembly().Location) 
    };
    return AppDomain.CreateDomain("Sandbox" + DateTime.Now, null, setup, ps);
}

public class Proxy : MarshalByRefObject
{
    public Proxy() { }

    public DoStuff()
    {
       // perform custom operation requiring permission
       HelperAssembly.HelperMethods.Method1();

       // do other stuff with low permission level
       ...
       ...
       ...   
    }
}

我已将帮助程序方法放入专用的 strong-named程序集中，并用[SecuritySafeCritical]标记了它们及其容器类:

I've put the helper methods in a dedicated strong-named assembly, and marked them and their container class with [SecuritySafeCritical]:

// HelperAssembly.dll

namespace HelperAssembly
{
    [SecuritySafeCritical]
    public class HelperMethods
    {
        [SecuritySafeCritical]
        public static void Method1()
        {
            new SecurityPermission(SecurityPermissionFlag.UnmanagedCode)
                .Assert();
            try
            {
                // logic requiring unmanaged code
                ...
            }
            finally
            {
                CodeAccessSecurity.RevertAll();
            }

        }
    }
}

然后，我在沙箱AppDomain中加载辅助程序程序集并运行Proxy.DoStuff()，期望它执行辅助程序方法并按其方式进行:

Then, I load the helper assembly in the sandbox AppDomain and run Proxy.DoStuff(), expecting it to execute the helper method and be on its way:

var appDomain = CreateSandbox();

appDomain.Load(typeof(HelperAssembly.HelperMethods).Assembly.FullName);

var proxy = (Proxy)sandbox.CreateInstance(
    typeof(Proxy).Assembly.FullName, 
    typeof(Proxy).FullName).Unwrap();

proxy.DoStuff();

但是，运行代码会在helper方法的Assert()行上导致异常:

However, running the code causes an exception on the Assert() line in the helper method:

未处理的异常:System.InvalidOperationException:无法在安全透明方法中执行CAS声明

Unhandled Exception: System.InvalidOperationException: Cannot perform CAS Asserts in Security Transparent methods

此行为的原因是什么，如何实现我要尝试的目标?据我了解，不受信任的AppDomain中的代码是安全透明的，而助手程序集中的代码对安全性至关重要，这意味着它应该能够使用Assert()请求权限.

What is the reason for this behavior and how can I achieve what I'm trying to do? To my understanding, the code in the untrusted AppDomain is security transparent, while the code in the helper assembly is security safe-critical, meaning it should be able to request permissions with Assert().

我显然错过了一个难题，所以要由对代码访问安全性有更好了解的人来解释问题所在.感谢您的帮助.

I'm obviously missing a piece of the puzzle, so it's up to someone with better understanding of Code Access Security to explain what is going wrong. Any help is appreciated.

推荐答案

您的受信任"程序集需要具有 AllowPartiallyTrustedCallers 属性，以便 SecuritySafeCritical 可以跨程序集边界调用.在调用 CreateDomain 时，还必须将其添加到 fullTrustAssemblies 中.

Your "Trusted" assembly needs to have the AllowPartiallyTrustedCallers attribute for SecuritySafeCritical to be callable across assembly boundary. It must also be added to the fullTrustAssemblies in your call to CreateDomain.

这篇关于受限AppDomain中的代码访问安全性异常的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！