Home | Contact Us | FAQ | Search & Site Map | Link to Us
Sign In | Join | Other 45 Sites in Network
HomeAnnouncementsFree MagazinesWhite PapersSubmit Content
Discussion GroupsASP.NETWindows FormsLanguages.NET FrameworkVisual Studio.NET
Articles.NET FrameworkASP.NETToolsWindows Forms
.NET DirectoryOpen Source ProjectsUser GroupsWeb Resources
Related Topics
Visual Basic 6SQL ServerMS AccessOther DB ProductsMS Server ProductsMore Topics ...
.NET Forum / .NET Framework / Security / November 2007

Tip: Looking for answers? Try searching our database.

calling fully trusted assembly from partially trusted appDomain

Thread view: 
Enable EMail Alerts  Start New Thread
Thread rating: 
ShaiH - 11 Nov 2007 10:06 GMT
Hi,

Is it possible to call a fully trusted code that performs actions that the
partially trusted appDomain running code is not allowed to run?

Here is my scenario:
1. create an appDomain which is restricted from writing to a specific file.
2. I want this appDomain to call another assembly (my assembly) that will
perform the file writing for the partially trusted appDomain.

Although my assembly has full trust on the machine I still get a security
exception when trying to write to the file...

Is there any way of making this scenario work???

Thanks
Shai
Reply to this Message
Joe Kaplan - 11 Nov 2007 16:00 GMT
Yes, it is possible to do this (although it does imply a security risk).
The main thing is that the fully trusted assembly needs to Assert the
permission that will be demanded by the underlying framework, perform the
protected operation and then revert the assert.

In many cases, your assembly will also need the
AllowPartiallyTrustedCallersAttribute applied to it.

Joe K.

Signature

Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"
http://www.directoryprogramming.net
--

> Hi,
>
[quoted text clipped - 14 lines]
> Thanks
> Shai
Reply to this Message
Dominick Baier - 26 Nov 2007 10:17 GMT
That's because of the CAS stack walk.

The fully trusted assembly will walk the stack back to the original caller
to make sure every stack frame has the required permission - this is done
to prevent luring attacks.

You can stop the stack walk inside of your fully trusted assembly. Use the
Assert() method on the corresponding permission class like:

new FileIOPermission(...).Assert();

-----
Dominick Baier (http://www.leastprivilege.com)

Developing More Secure Microsoft ASP.NET 2.0 Applications (http://www.microsoft.com/mspress/books/9989.asp)

> Hi,
>
[quoted text clipped - 14 lines]
> Thanks
> Shai
Reply to this Message

Free Magazines

Get these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...

Oracle MagazineNetwork ComputingComputer WorldBio-IT WorldeWeekInformation WeekInfosecurity
 
Sign In
Join
My Latest Posts
My Monitored Threads
My Blog
My Photo Gallery
My Profile
My Homepage
Start New Thread
Enable EMail Alerts
Rate this Thread



©2008 Advenet LLC   Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.