.NET 4,AllowPartiallyTrustedCallers属性和防伪标记像SecurityCritical [英] .NET 4, AllowPartiallyTrustedCallers attribute, and security markings like SecurityCritical
问题描述
我是新的C#,我试图了解新的安全特性
I'm new C# and am trying to understand the new security features of .NET-4.
要填写一些细节,我正在尝试更新AutofacContrib.Moq与最新的起订量工作。我没有问题,这样做的。NET-3.5下。但是,在.NET-4的安全限制,导致许多安全性异常。
To fill in some details, I'm currently trying to update AutofacContrib.Moq to work with the latest Moq. I had no problems doing this for .NET-3.5 and under. But in .NET-4 the security restrictions result in numerous security exceptions.
起订量具有AA单的方法, GetObjectData使用,这是标有<一个href="http://msdn.microsoft.com/en-us/library/system.security.securitycriticalattribute.aspx">SecurityCritical属性。 AutofacContrib.Moq有<一个href="http://msdn.microsoft.com/en-us/library/system.security.allowpartiallytrustedcallersattribute.aspx">AllowPartiallyTrustedCallers属性设置这是异常的来源。看来,而不是添加 SecurityRules 属性为1的SECURITYLEVEL,我会更好删除 AllowPartiallyTrustedCallers 属性。相信这使得默认SecurityTransparent的组件,其可能不足以(虽然AutofacContrib.Moq单元测试通过)。
Moq has a a single method, GetObjectData, that's marked with the SecurityCritical attribute. AutofacContrib.Moq has the AllowPartiallyTrustedCallers attribute set which is the source of the exceptions. It seems that rather than adding the SecurityRules attribute with a SecurityLevel of 1, I'd be better off removing AllowPartiallyTrustedCallers attribute. I believe this makes the assembly SecurityTransparent by default, which may not be sufficient (though the AutofacContrib.Moq unit tests pass).
目前我的主要问题是,是否针对.NET-4都不应使用AllowPartiallyTrustedCallers属性集?但是,考虑到我绝对不明白了一切呢,哪些细节应该用的安全标志着装配时考虑的?我是否需要明确地记住我的组装与它使用直接或间接那些地方的安全属性,这标志着东西 SecurityCritical ?
My main question at the moment is whether assemblies targeting .NET-4 should ever use the AllowPartiallyTrustedCallers attribute? But, given that I definitely don't understand everything yet, what details should be considered when working with assemblies that are security marked? Do I need to explicitly mark my assembly with security attributes in those places it uses, directly or indirectly, something that's marked SecurityCritical?
推荐答案
您是正确的:在.NET 4中,留下了APTCA在那里,使装配SecurityTransparent,这可能是什么造成你的悲伤
You are correct: in .NET 4, leaving the APTCA on there makes the assembly SecurityTransparent, and that may be what's causing you grief.
MSDN文章迁移的APTCA大会在.NET Framework 4 有一个很好的讨论而在.NET 4的变化AllowPartiallyTrustedCallersAttribute程序的说明。
The MSDN article Migrating an APTCA Assembly to the .NET Framework 4 has a good discussion and explanation of the changes to the AllowPartiallyTrustedCallersAttribute in .NET 4.
具体做法是:
AllowPartiallyTrustedCallers属性发生了变化。在V4中,它不再有任何与链接要求。事实上,隐式链接要求那是在V2上签字库present已经一去不复返了。相反,所有完全受信任的程序集V4是,在默认情况下,SecurityCritical。
The AllowPartiallyTrustedCallers attribute has changed. In v4, it no longer has anything to do with link demands. In fact, the implicit link demand that was present on signed libraries in v2 is gone. Instead, all fully trusted assemblies in v4 are, by default, SecurityCritical.
[剪断/]
在v4的,APTCA的效果是从组件移除自动SecurityCritical行为到它的应用
In v4, the effect of APTCA is to remove the automatic SecurityCritical behavior from the assembly to which it’s applied.
和
由于AllowPartiallyTrustedCallers属性将导致整个组件被默认SecurityTransparent,装配的作者必须明确标注方法需要为SecurityCritical或SecuritySafeCritical执行特权操作。
Because the AllowPartiallyTrustedCallers attribute causes the entire assembly to be SecurityTransparent by default, the assembly’s author must specifically mark methods needing to perform privileged operations as SecurityCritical or SecuritySafeCritical.
(这的确是一个很好的文章,作者Mike Rousos确实有。
(It's really a good article that author Mike Rousos did a great job with. I encourage you to read it in its entirety.)
如果你开始一个新的.NET 4库,它可能是最好坚持使用.NET 4的安全模型,并用在需要的地方适当的SecurityCritical,SecuritySafeCritical和SecurityTransparent属性。他们更容易地管理和理解比旧的code访问的安全性。
If you're starting a new .NET 4 library, it's probably best to stick with the .NET 4 security model and use the appropriate SecurityCritical, SecuritySafeCritical, and SecurityTransparent attributes where needed. They're far easier to manage and understand than old code access security.
如果您正在迁移一个古老的图书馆的新模式,有在如何做到这一点的文章好榜样......但基本上相当于删除旧LinkDemands,并在他们的地方加入[SecurityCritical。
If you're migrating an old library to the new model, there's a good example in the article of how to do that... but basically it amounts to removing old LinkDemands and adding [SecurityCritical] in their place.
在特定的情况下,在最快办法让打算将添加SecurityRules属性等你拿旧的行为,但我不知道我会考虑在右办法。正确的做法很可能会失去APTCA和装配的因为组件可能含有SecurityCritical code ,然后标记调用SecurityCritical code(例如,东西引用GetObjectData使用)与SecuritySafeCritical让您SecurityTransparent $ C $各种类型C可调用它。当然,第二种方法将是一个很多工作,所以你可能要运行SecAnnotate.exe,并得到一些自动提示。
In your particular case, the fastest way to get going would be to add the SecurityRules attribute so you get the old behavior, but I'm not sure I'd consider that the right way. The right way would probably be to lose the APTCA and add SecurityCritical on the assembly because the assembly may contain SecurityCritical code, then mark the various types that call SecurityCritical code (e.g., stuff that references GetObjectData) with SecuritySafeCritical so your SecurityTransparent code can call it. Of course, that second approach will be a lot more work, so you'll probably want to run SecAnnotate.exe and get some automated tips.
综观起订量树干,搜索GetObjectData使用说明有问题的方法是覆盖了一个异常的序列化机制(ISerializable.GetObjectData上的System.Exception),其中只有SecurityCritical code总会被调用,所以你甚至可能不会遇到任何麻烦,如果你只是失去了APTCA和纪念集会SecurityCritical。
Looking at the Moq trunk, a search for GetObjectData shows that the method in question is the override for an exception serialization mechanism (ISerializable.GetObjectData on System.Exception), which only SecurityCritical code will be calling anyway, so you may not even run into any trouble if you just lose APTCA and mark the assembly SecurityCritical.
有申请的Autofac一个问题将其更新到最新的安全模型。 如果你喜欢这个主意,去投票/评论就可以了。
There is an issue filed on Autofac to update it to the latest security model. If you like the idea, go vote/comment on it.
对不起,这不是一个简单的答案。安全性,不幸的是,绝非易事。 :•
Sorry that wasn't a short answer. Security is, unfortunately, never easy. :S
这篇关于.NET 4,AllowPartiallyTrustedCallers属性和防伪标记像SecurityCritical的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
