当我尝试在沙盒应用域中启用代码访问安全性时,我收到以下错误。
按类型违反继承安全规则:' XXX'。派生类型必须与基类型的安全可访问性匹配,或者不易访问。
以下是我所拥有的: 插件程序集有一个类,它实现了sdk程序集中定义的接口。插件程序集未签名。此外,插件程序集在AssemblyInfo.cs中具有[assembly:SecurityTransparent] 示例:
public Class Bar : AbstractBase
{
// This class implements an abstract method defined in the base class
}
AbstractBase在SDK二进制文件中定义,并且已签名。此外,当我在执行程序集中创建域时,它被标记为“可信”。
[SecuritySafeCritical] public abstract class AbstractBase:MarshalByRefObject,IDisposable { public abstract void BaseMethod();
[SecurityCritical]
[SecurityPermission(SecurityAction.Demand, Flags = SecurityPermissionFlag.Infrastructure)]
public override object InitializeLifetimeService()
{
var lease = (ILease)base.InitializeLifetimeService();
if (lease != null && lease.CurrentState == LeaseState.Initial)
{
lease.InitialLeaseTime = TimeSpan.FromHours(1);
lease.SponsorshipTimeout = TimeSpan.FromHours(1);
lease.RenewOnCallTime = TimeSpan.FromHours(1);
}
return lease;
}
protected void MethodFoo()
{
...
}
public virtual Foo FooItIs{get;set;} // Foo is a class which is a MarshallByRefObject and is implemented in the executing assembly
}
这是我在SDK二进制文件的AssemblyInfo.cs中尝试过的。
[assembly: AllowPartiallyTrustedCallers]
[assembly: SecurityRules(SecurityRuleSet.Level2, SkipVerificationInFullTrust = true)]
//[assembly: SecurityRules(SecurityRuleSet.Level1)]
最后,有一个执行程序集,它创建一个域并应用安全限制。当我调用CreateInstanceAndUnWrap时,我得到异常。
private void CreateAppDomain()
{
AppDomainSetup domainSetup = new AppDomainSetup();
domainSetup.ApplicationName = "Plugins";
domainSetup.ApplicationBase = Section.Instance.BaseDirectory;
domainSetup.ConfigurationFile = domainSetup.ApplicationName + ".config";
PermissionSet domainPermissions = new PermissionSet(PermissionState.None);
domainPermissions.AddPermission(new SecurityPermission(SecurityPermissionFlag.Execution));
domainPermissions.AddPermission(new IsolatedStorageFilePermission(PermissionState.Unrestricted));
domainPermissions.AddPermission(new FileIOPermission(PermissionState.Unrestricted));
domainPermissions.AddPermission(new System.Net.WebPermission(PermissionState.Unrestricted));
domainPermissions.AddPermission(new System.Net.Mail.SmtpPermission(PermissionState.Unrestricted));
domainPermissions.AddPermission(new System.Configuration.ConfigurationPermission(PermissionState.Unrestricted));
domainPermissions.AddPermission(new System.Data.SqlClient.SqlClientPermission(PermissionState.Unrestricted));
StrongName plugins = typeof(AbstractBase).Assembly.Evidence.GetHostEvidence<StrongName>();
this.appDomain = AppDomain.CreateDomain(domainSetup.ApplicationName, null,
domainSetup, domainPermissions,
plugins);
}
以下是我创建实例的方法:
action =
this.appDomain.CreateInstanceFromAndUnwrap(
Path.Combine(pluginProperties.AssemblyBaseDirectory, pluginProperties.AssemblyName),
className) as
AbstractBase;
我不确定我缺少什么,或者我的架构在某种程度上是否存在错误的代码访问安全性?任何帮助表示赞赏!
编辑: 这是堆栈跟踪。我的UT完全按照上面描述的那样做了
at System.Reflection.RuntimeAssembly.GetType(RuntimeAssembly assembly,String name,Boolean throwOnError,Boolean ignoreCase,ObjectHandleOnStack type) at System.Reflection.RuntimeAssembly.GetType(String name,Boolean throwOnError,Boolean ignoreCase) at System.Activator.CreateInstanceFromInternal(String assemblyFile,String typeName,Boolean ignoreCase,BindingFlags bindingAttr,Binder binder,Object [] args,CultureInfo culture,Object [] activationAttributes,Evidence securityInfo) 在System.AppDomain.CreateInstanceFrom(String assemblyFile,String typeName) 在System.AppDomain.CreateInstanceFromAndUnwrap(String assemblyName,String typeName) 在System.AppDomain.CreateInstanceFromAndUnwrap(String assemblyName,String typeName) 在ActionProcessorTests.cs中的Microsoft.Windows.Infrastructure.MissionControl.Eventing.Agent.Tests.ActionProcessorTests.TestActionExecuted():第196行
答案 0 :(得分:1)
嗯,这是一个很老的帖子,但我在试图解决同样的问题时偶然发现了它。问题是你用SecuritySafeCritical标记了整个 AbstractBase 类,但是 Bar 类,因为它是无符号的,必须是{{1} }。 SecurityTransparent类。
解决方案是从 AbstractBase 类中删除SecurityTransparent属性。由于您已将抗拒程序集标记为SecuritySafeCritical,因此 AbstractBase 类将默认为[SecuritySafeCritical],并且 AbstractBase 和 Bar < / strong>将是透明的。
然后,当您需要访问AllowPartiallyTrustedCallers或SecurityTransparent个函数时,您会将 AbstractBase 中的单个函数标记为SecuritySafeCritical。这将允许这些方法访问更多受限制的类。