"Request failed" exception using AppDomain.CreateInstanceFrom() unless running with "Full Trust" permission set

From: Lee Chapman (Please)
Date: 03/31/03 

From: "Lee Chapman" <Please Reply To Group>
Date: Mon, 31 Mar 2003 17:17:18 +0100

I'm trying to host untrusted code in an application. To do this, I'm
creating an AppDomain based on only one piece of evidence (a test X509
certificate, created using makecert.exe) and then using
AppDomain.CreateInstanceFrom() to instantiate an object in this AppDomain
from a specific assembly.

I've created a new machine-level code group (off the All_Code root) whose
membership condition is of type "Publisher" based on the details imported
from the X509 certificate.

If I then assign the "Full Trust" named permission set to my new code group
and run the following test, everything works: the UserCode.dll assembly is
loaded into a new AppDomain and I get an "OK!" printed in the console
window. If, however, I assign the "Everything" named permission set to my
new code group and run the test I get a "Request failed" security exception
(shown at the end of this post).

What am I doing wrong? What's the difference between the "Full Trust" and
"Everything" named permission sets? How can I load and run code in an
AppDomain that just has execution rights?

Thanks,
- Lee

static void Main(string[] args)
{
 AppDomainSetup info = new AppDomainSetup();
 info.ApplicationBase = "C:\\Data\\Test\\UserCode\\bin\\Debug";
 Evidence evidence = new Evidence();
 evidence.AddHost(new
Publisher(X509Certificate.CreateFromCertFile(@"c:\data\test.cer")));
 AppDomain appDomain = AppDomain.CreateDomain("TestDomain", evidence, info);

 try
 {
  ObjectHandle ptr =
appDomain.CreateInstanceFrom("C:\\Data\\Test\\UserCode\\bin\\Debug\\UserCode
.dll", "UserCode.Class1");

  Console.WriteLine("OK!");
 }
 catch (Exception e)
 {
  Console.WriteLine("Exception: " + e.ToString());
 }
}

Exception: System.Security.SecurityException: Request failed.

Server stack trace:
   at System.RuntimeType.CreateInstanceImpl(Boolean publicOnly)
   at System.Activator.CreateInstance(Type type, Boolean nonPublic)
   at System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder
binder, Object[] args, CultureInfo culture,
 Object[] activationAttributes)
   at System.Activator.CreateInstance(Type type, BindingFlags bindingAttr,
Binder binder, Object[] args, CultureInfo cul
ture, Object[] activationAttributes)
   at System.Activator.CreateInstanceFrom(String assemblyFile, String
typeName, Boolean ignoreCase, BindingFlags binding
Attr, Binder binder, Object[] args, CultureInfo culture, Object[]
activationAttributes, Evidence securityInfo)
   at System.Activator.CreateInstanceFrom(String assemblyFile, String
typeName, Object[] activationAttributes)
   at System.Activator.CreateInstanceFrom(String assemblyFile, String
typeName)
   at System.AppDomain.CreateInstanceFrom(String assemblyFile, String
typeName)
   at
System.Runtime.Remoting.Messaging.StackBuilderSink.PrivateProcessMessage(Met
hodBase mb, Object[] args, Object serv
er, Int32 methodPtr, Boolean fExecuteInContext, Object[]& outArgs)
   at
System.Runtime.Remoting.Messaging.StackBuilderSink.SyncProcessMessage(IMessa
ge msg, Int32 methodPtr, Boolean fExec
uteInContext)

Exception rethrown at [0]:
   at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage
reqMsg, IMessage retMsg)
   at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData&
msgData, Int32 type)
   at System.AppDomain.CreateInstanceFrom(String assemblyFile, String
typeName)
   at SecurityTest.Class1.Main(String[] args) in
c:\data\test\securitytest\class1.cs:line 36

Relevant Pages

  • Re: evidence of a new domain
    ... Are you sure that you're invoking the method that displays the evidence ... within the new appdomain rather than in the original appdomain? ... unwrap the HelloWorld instance into the original appdomain before calling ... > This is the code snippt that I used to create a new app domain and load my ...
    (microsoft.public.dotnet.security)
  • Re: evidence of a new domain
    ... MyComputer zone or add some other evidence that would allow the necessary ... original appdomain because that's where the type is defined. ... you'll need to ensure that the HelloWorld object gets created in the new ...
    (microsoft.public.dotnet.security)
  • Re: Loading a dll in multiple app domain
    ... If i put it in GAC that means i wont have xcopy installation, ... If i put it in GAC that means then ppl will have to install it in their ... something from parent AppDomain or am i not setting up new AppDomain ... Evidence evidence = new Evidence; ...
    (microsoft.public.dotnet.distributed_apps)
  • Re: MEC++ - propogating FullTrust to another AppDomain with a different application base
    ... acceptable value for the evidence argument) passed as the evidence for the ... > policy, all that I have done is use the 3 argument CreateDomain method. ... >> While it's possible to force full trust in the scenario you describe, ... >> via policy settings (either stored policy or AppDomain policy)? ...
    (microsoft.public.dotnet.security)
  • CrossAppDomainSerializer
    ... AppDomain we create, and not in the default AppDomain. ... property value (string or double type) off an object, ... RuntimeMethodIngo.InternalInvoke(object, BindingFlags, Binder, object, ...
    (microsoft.public.dotnet.framework.clr)