RE: SecurityException "Request Failed"

• Previous message: Nicole Calinoiu: "Re: Sessions Limit ASP.net"
• In reply to: Shawn Farkas: "RE: SecurityException "Request Failed""
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Fri, 30 Jul 2004 10:24:57 -0700

Thanks for the answers.

>-----Original Message-----
>One possibility is that your partially trusted assembly
is doing a LinkDemand, which will fail because instead of
your code making the call into the
>assembly, now Microsoft code is. The Microsoft
reflection code won't have much of the same evidence as
your code does, so this makes the
>LinkDemand extremely likely to fail.

I'm afraid not. The code in the PTA (Partially trusted
assembly) has no link demands.

>
>As for your other questions:
>>Does the invoked method have all the asserted permissions
>Technically no, it doesn't, but it will behave as though
it does. The stack walk will hit your assert, and the
security demand will pass (assuming
>there are no denies on the callstack first).

Interesting. Do you know this for a fact? This would be a
serious security risk. Between the point where the invoke
is called (which is Full trust code) and the point where
the invoked method in the PTA starts executing, everything
in the stack is MS dynamic invocation code. So, there is
no opportunity to deny anything. So, since I have to
assert (say even the minimum documented
ReflectionPermission, although it appears the only set
that works is full unrestricted permissions) to call the
method, the method i'm invoking will always have the
asserted permissions.

>
>> FileIOPermission to write to the console
>Currently there are no permissions needed to write to the
Console.

Thanks. I'm not sure I am seeing this behavior, but I'll
double check.

>
>-Shawn
>http://blogs.msdn.com/shawnfa
>
>--
>
>This posting is provided "AS IS" with no warranties, and
confers no rights.
>Note: For the benefit of the community-at-large, all
responses to this message are best directed to the
newsgroup/thread from which they
>originated.
>--------------------
>>Content-Class: urn:content-classes:message
>>From: "VJ" <anonymous@discussions.microsoft.com>
>>Sender: "VJ" <anonymous@discussions.microsoft.com>
>>Subject: SecurityException "Request Failed"
>>Date: Sun, 25 Jul 2004 19:35:07 -0700
>>Lines: 47
>>Message-ID: <3c0d01c472b9$2a619150$a601280a@phx.gbl>
>>MIME-Version: 1.0
>>Content-Type: text/plain;
>> charset="iso-8859-1"
>>Content-Transfer-Encoding: 7bit
>>X-Newsreader: Microsoft CDO for Windows 2000
>>X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
>>thread-index: AcRyuSphMLUQqtQGSouUk01MFkQu9A==
>>Newsgroups: microsoft.public.dotnet.security
>>Path: cpmsftngxa06.phx.gbl
>>Xref: cpmsftngxa06.phx.gbl
microsoft.public.dotnet.security:6951
>>NNTP-Posting-Host: tk2msftngxa14.phx.gbl 10.40.1.166
>>X-Tomcat-NG: microsoft.public.dotnet.security
>>
>>I have a locally installed (Full trust) assembly that is
>>using reflection to invoke methods on a type that is in
a
>>partially trusted assembly and I get a security
exception
>>(Trace at the end of the post).
>>
>>The method that is making the call has Unrestricted
>>reflection permission asserted. Any idea why this fails.
>>
>>I've tried asserting SecurityPermission+UnmanagedCode in
>>addition and that didn't help. The only thing that seems
>>to work PermissionSet(unrestricted). So, what
permissions
>>is this call expecting? Any tools that can help me here?
>>
>>Two more questions.
>>
>>Does the invoked method have all the asserted
permissions?
>>I need these permissions to invoke the method
dynamically,
>>but I don't necessarily want the method to execute with
>>these privileges.
>>
>>How do I assert a FileIOPermission that allows the right
>>to write to the Console? i.e How is the console
>>represented as a file name?
>>
>>Any help is appreciated.
>>
>>Thx,
>>VJ
>>
>>
>>System.Security.SecurityException: Request failed.
>> at System.Reflection.RuntimeMethodInfo.InternalInvoke
>>(Object obj, BindingFlag
>>s invokeAttr, Binder binder, Object[] parameters,
>>CultureInfo culture, Boolean i
>>sBinderDefault, Assembly caller, Boolean verifyAccess)
>> at
System.Reflection.RuntimeMethodInfo.InternalInvokeMethod
>>(Object obj, BindingFlag
>>s invokeAttr, Binder binder, Object[] parameters,
>>CultureInfo culture, Boolean v
>>erifyAccess)
>> at System.Reflection.RuntimeMethodInfo.Invoke(Object
>>obj, BindingFlags invoke
>>Attr, Binder binder, Object[] parameters, CultureInfo
>>culture)
>> at System.Reflection.MethodBase.Invoke(Object obj,
>>Object[] parameters)
>>
>
>
>.
>

• Previous message: Nicole Calinoiu: "Re: Sessions Limit ASP.net"
• In reply to: Shawn Farkas: "RE: SecurityException "Request Failed""
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]