Home | Contact Us | FAQ | Search & Site Map | Link to Us
Sign In | Join | Other 45 Sites in Network
HomeAnnouncementsFree MagazinesWhite PapersSubmit Content
Discussion GroupsASP.NETWindows FormsLanguages.NET FrameworkVisual Studio.NET
Articles.NET FrameworkASP.NETToolsWindows Forms
.NET DirectoryOpen Source ProjectsUser GroupsWeb Resources
Related Topics
Visual Basic 6SQL ServerMS AccessOther DB ProductsMS Server ProductsMore Topics ...
.NET Forum / .NET Framework / Security / July 2005

Tip: Looking for answers? Try searching our database.

SecurityException: Request Failed on CreateInstanceAndUnwrap

Thread view: 
Enable EMail Alerts  Start New Thread
Thread rating: 
Bo George - 28 Jul 2005 19:18 GMT
I am referencing the NUnit libraries in an assembly that is hosted by a COM+
application.  Within NUnit it creates a "runner" app domain and then calls
CreateInstanceAndUnwrap to create an instance of a class within a unit test
assembly.  I get a SecurityException on this method when it is executed
within the bounds of a COM+ application, even though it is actually in a .NET
assembly.

If I refernce the same NUnit libraries and the same assembly calls them but
is hosted in a .NET forms application I do not get any SecurityExceptions on
the CreateInstanceAndUnwrap call.

I've tried several imperative and declaritve security options at the
assembly, class and method levels but so far nothing has worked.  Has anyone
encountered this or have any suggestions on other things to try?
Reply to this Message
Nicole Calinoiu - 28 Jul 2005 19:54 GMT
>I am referencing the NUnit libraries in an assembly that is hosted by a
>COM+
> application.  Within NUnit it creates a "runner" app domain and then calls
> CreateInstanceAndUnwrap to create an instance of a class within a unit
> test
> assembly.

Is it your code that's creating the app domain or some other code?  Do you
know if any app domain policy is being applied or if any additional evidence
is being provided for the app domain or the target class assembly?

> I get a SecurityException on this method when it is executed
> within the bounds of a COM+ application, even though it is actually in a
> .NET
> assembly.

Could you please provide the full exception details (incl. stack trace
listing) as returned from its ToString method?

> If I refernce the same NUnit libraries and the same assembly calls them
> but
[quoted text clipped - 6 lines]
> anyone
> encountered this or have any suggestions on other things to try?

There are several possible reasons for the difference.  App domain policy is
one.  Limited CAS permission grants to other assemblies on the call stack is
another.  Might you be able to provide a minimal sample
(http://www.yoda.arachsys.com/csharp/complete.html) that demonstrates the
problem?
Reply to this Message
Bo George - 28 Jul 2005 20:30 GMT
Here is the full stack trace:
==========================
Server stack trace:
  at System.RuntimeType.CreateInstanceImpl(Boolean publicOnly)
  at System.Activator.CreateInstance(Type type, Boolean nonPublic)
  at System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder
binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
  at System.Activator.CreateInstance(Type type, BindingFlags bindingAttr,
Binder binder, Object[] args, CultureInfo culture, Object[]
activationAttributes)
  at System.Activator.CreateInstance(String assemblyName, String typeName,
Boolean ignoreCase, BindingFlags bindingAttr, Binder binder, Object[] args,
CultureInfo culture, Object[] activationAttributes, Evidence securityInfo,
StackCrawlMark& stackMark)
  at System.Activator.CreateInstance(String assemblyName, String typeName,
Boolean ignoreCase, BindingFlags bindingAttr, Binder binder, Object[] args,
CultureInfo culture, Object[] activationAttributes, Evidence securityInfo)
  at System.AppDomain.CreateInstance(String assemblyName, String typeName,
Boolean ignoreCase, BindingFlags bindingAttr, Binder binder, Object[] args,
CultureInfo culture, Object[] activationAttributes, Evidence
securityAttributes)
  at System.AppDomain.CreateInstanceAndUnwrap(String assemblyName, String
typeName, Boolean ignoreCase, BindingFlags bindingAttr, Binder binder,
Object[] args, CultureInfo culture, Object[] activationAttributes, Evidence
securityAttributes)
  at
System.Runtime.Remoting.Messaging.StackBuilderSink.PrivateProcessMessage(MethodBase
mb, Object[] args, Object server, Int32 methodPtr, Boolean fExecuteInContext,
Object[]& outArgs)
  at
System.Runtime.Remoting.Messaging.StackBuilderSink.SyncProcessMessage(IMessage msg, Int32 methodPtr, Boolean fExecuteInContext)
=============================

The Nunit code is actually creating the app domain but I do have the source
so I can change it if necessary.  I don't know that any app domain policies
are being applied but I will look into this.  Would I look for this using
caspol or through the "Microsoft .NET Framework 1.1 Configuration" tool?  The
evidence for the new domain is created from the evidence from the
currentdomain.

Evidence baseEvidence = AppDomain.CurrentDomain.Evidence;
Evidence evidence = new Evidence(baseEvidence);

Let me know if this is not enough information and I can see if I can put
together a small code sample.  The one real hitch in this is that the COM+
application that is hosting the .NET assemblies is Groove and I probably
cannot even attempt to represent it in code.

> >I am referencing the NUnit libraries in an assembly that is hosted by a
> >COM+
[quoted text clipped - 31 lines]
> (http://www.yoda.arachsys.com/csharp/complete.html) that demonstrates the
> problem?
Reply to this Message
Nicole Calinoiu - 29 Jul 2005 16:20 GMT
> Here is the full stack trace:
> <snip>

Unfortunately, it's not very helpful in this case.  However, could you
please post the rest of the details from the exception's ToString result?

> The Nunit code is actually creating the app domain

Is this code that is part of NUnit itself, or code you've written to use
NUnit functionality?  If the former, could you please identify the relevant
NUnit class/method?  If the latter, could you please provide a relevant
extract?

> but I do have the source
> so I can change it if necessary.  I don't know that any app domain
> policies
> are being applied but I will look into this.  Would I look for this using
> caspol or through the "Microsoft .NET Framework 1.1 Configuration" tool?

Neither.  App domain policies are applied via code using the
AppDomain.SetAppDomainPolicy method.

> The
> evidence for the new domain is created from the evidence from the
> currentdomain.
>
> Evidence baseEvidence = AppDomain.CurrentDomain.Evidence;
> Evidence evidence = new Evidence(baseEvidence);

How is this evidence object used in the code?  (The extract you've provided
creates the object but doesn't actually do anything meaningful with it.)

> Let me know if this is not enough information and I can see if I can put
> together a small code sample.  The one real hitch in this is that the COM+
> application that is hosting the .NET assemblies is Groove and I probably
> cannot even attempt to represent it in code.

Groove itself might be irrelevant here.  Attempting to reduce the code to
the simplest repro case might actually help identify the problem, so it's a
potentially useful exercise.

>> >I am referencing the NUnit libraries in an assembly that is hosted by a
>> >COM+
[quoted text clipped - 38 lines]
>> (http://www.yoda.arachsys.com/csharp/complete.html) that demonstrates the
>> problem?
Reply to this Message

Free Magazines

Get these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...

Oracle MagazineNetwork ComputingComputer WorldBio-IT WorldeWeekInformation WeekInfosecurity
 
Sign In
Join
My Latest Posts
My Monitored Threads
My Blog
My Photo Gallery
My Profile
My Homepage
Start New Thread
Enable EMail Alerts
Rate this Thread



©2009 Advenet LLC   Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.