Home | Contact Us | FAQ | Search & Site Map | Link to Us
Sign In | Join | Other 45 Sites in Network
HomeAnnouncementsFree MagazinesWhite PapersSubmit Content
Discussion GroupsASP.NETWindows FormsLanguages.NET FrameworkVisual Studio.NET
Articles.NET FrameworkASP.NETToolsWindows Forms
.NET DirectoryOpen Source ProjectsUser GroupsWeb Resources
Related Topics
Visual Basic 6SQL ServerMS AccessOther DB ProductsMS Server ProductsMore Topics ...
.NET Forum / .NET Framework / Security / October 2005

Tip: Looking for answers? Try searching our database.

evidence of a new domain

Thread view: 
Enable EMail Alerts  Start New Thread
Thread rating: 
Jas - 27 Oct 2005 09:21 GMT
I need help figuring out what I'm doing wrong in this application I'm
writing.  In this application I create a new appdomain and load another
managed .dll (implements a HelloWorld class) and calling a function in this
new class that prints out all the evidence of its application domain.  When
creating this new domain I specify my own evidence, but for some reason the
function keeps printing the same evidence as that of the root application
domain and thats the part I don't understand.

This is the code snippt that I used to create a new app domain and load my
HelloWorld assembly:
Evidence myNewEvidence = new Evidence();
myNewEvidence.AddHost(new Url(@"file://c:/temp"));       
myNewEvidence.AddHost(new Zone(SecurityZone.Trusted));

AppDomain myNewAppDomain = AppDomain.CreateDomain("new domain",myNewEvidence);

Assembly myNewAssembly3 =
myNewAppDomain.Load(AssemblyName.GetAssemblyName(@"\\10.0.0.2\HelloWorld.dll").ToString());

The following is how I print out the evidence from a function within
HelloWorld:
Evidence myEvidence = AppDomain.CurrentDomain.Evidence;
IEnumerator myHostIEnum = myEvidence.GetHostEnumerator();

Console.WriteLine("Current Host Evidence:");
while(myHostIEnum.MoveNext())
    Console.WriteLine(myHostIEnum.Current.ToString());

I always thought permission sets were maintained at the application domain
level and that fully trusted app domain can create new app domains with
arbitrary evidence, so I wanted to create an app domain with evidence that
would intentionally force the CLR to give the new app domain less than full
permission.  I am using .NET 1.1.  Any help would be very much appreciated.

-jas
Reply to this Message
Nicole Calinoiu - 27 Oct 2005 13:46 GMT
Are you sure that you're invoking the method that displays the evidence
within the new appdomain rather than in the original appdomain?  If you
unwrap the HelloWorld instance into the original appdomain before calling
the method, the method will end up executing in that appdomain.

>I need help figuring out what I'm doing wrong in this application I'm
> writing.  In this application I create a new appdomain and load another
[quoted text clipped - 37 lines]
>
> -jas
Reply to this Message
Jas - 28 Oct 2005 02:46 GMT
Nicole,

Thanks for replying Nicole.  

This is how I create a new app domain, load HelloWorld.dll, create an
instance of HelloWorld and call the DisplayEvidence2() method:
Evidence myNewEvidence = new Evidence();
myNewEvidence.AddHost(new Url(@"file://c:/temp"));           
myNewEvidence.AddHost(new Zone(SecurityZone.Trusted));

AppDomain myNewAppDomain = AppDomain.CreateDomain("new domain",myNewEvidence);

Assembly myNewAssembly3 =
myNewAppDomain.Load(AssemblyName.GetAssemblyName(@"c:\temp2\HelloWorld.dll").ToString());

Type typeHelloWorld = myNewAssembly3.GetType("Hello.HelloWorld");

BindingFlags flags = (BindingFlags.NonPublic | BindingFlags.Public |
    BindingFlags.Static | BindingFlags.Instance | BindingFlags.DeclaredOnly);

MethodInfo [] miMethods = typeHelloWorld.GetMethods();
Object objHelloWorld = Activator.CreateInstance(typeHelloWorld);

for (int i =0 ; i < miMethods.Length ; i++)
{
   if(miMethods[i].Name == "DisplayEvidence2")
  {
    miMethods[i].Invoke(objHelloWorld, new Object[0] );       
  }

}

Is the DisplayEvidence2 method in the original application domain? I mean
for it to get called in the new application domain.

-jas

> Are you sure that you're invoking the method that displays the evidence
> within the new appdomain rather than in the original appdomain?  If you
[quoted text clipped - 42 lines]
> >
> > -jas
Reply to this Message
Nicole Calinoiu - 28 Oct 2005 13:33 GMT
Inline...

> Nicole,
>
[quoted text clipped - 5 lines]
> myNewEvidence.AddHost(new Url(@"file://c:/temp"));
> myNewEvidence.AddHost(new Zone(SecurityZone.Trusted));

Unless you have elevated the CAS permissions grant for the trusted zone,
your evidence-reading code won't work in that zone.  You'll need to use the
MyComputer zone or add some other evidence that would allow the necessary
permissions to be granted.

> AppDomain myNewAppDomain = AppDomain.CreateDomain("new
> domain",myNewEvidence);
[quoted text clipped - 9 lines]
> MethodInfo [] miMethods = typeHelloWorld.GetMethods();
> Object objHelloWorld = Activator.CreateInstance(typeHelloWorld);

First big problem is right here.  The instance is getting created in the
original appdomain because that's where the type is defined.

> for (int i =0 ; i < miMethods.Length ; i++)
> {
>    if(miMethods[i].Name == "DisplayEvidence2")
>   {
> miMethods[i].Invoke(objHelloWorld, new Object[0] );

Second big problem is here.  The method is being invoked in the  original
appdomain because that's where the methodinfo is defined.

>   }
>
> }
>
> Is the DisplayEvidence2 method in the original application domain?

Yup.

> I mean
> for it to get called in the new application domain.

You'll need to do two big things differently to get this to work.  First,
you'll need to ensure that the HelloWorld object gets created in the new
appdomain.   You'll then need to call the method against that remote
instance of the object, not against a local wrapper instance in the original
appdomain.  Here's a version that should work:

Evidence myNewEvidence = new Evidence();
myNewEvidence.AddHost(new Url(@"file://c:/temp"));
myNewEvidence.AddHost(new Zone(SecurityZone.MyComputer));

AppDomain myNewAppDomain = AppDomain.CreateDomain("new domain",
myNewEvidence);
try
{
   // The HelloWorld instance will be created in the new appdomain even
though the reference is
   // held in the original appdomain:
   Hello.HelloWorld helloWorldInstance =
(Hello.HelloWorld)myNewAppDomain.CreateInstanceFromAndUnwrap(@"C:\temp2\HelloWorld.dll",
"Hello.HelloWorld");

   // This will execute in the original appdomain:
   helloWorldInstance.DisplayEvidence2();

   // This will execute in the new appdomain:
   myNewAppDomain.DoCallBack(new
CrossAppDomainDelegate(helloWorldInstance.DisplayEvidence2));
}
finally
{
AppDomain.Unload(myNewAppDomain);
}

> -jas
>
[quoted text clipped - 48 lines]
>> >
>> > -jas
Reply to this Message

Free Magazines

Get these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...

Oracle MagazineNetwork ComputingComputer WorldBio-IT WorldeWeekInformation WeekInfosecurity
 
Sign In
Join
My Latest Posts
My Monitored Threads
My Blog
My Photo Gallery
My Profile
My Homepage
Start New Thread
Enable EMail Alerts
Rate this Thread



©2008 Advenet LLC   Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.