Permissions of CLR-managed worker threads in an app hosted by IEEx
From: Pascal Bourque (PascalBourque_at_discussions.microsoft.com)
Date: 06/22/05
- Next message: Dominick Baier [DevelopMentor]: "Re: Asbolute ReturnUrl in asp.net 1.1"
- Previous message: mgutty: "Asbolute ReturnUrl in asp.net 1.1"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 22 Jun 2005 13:55:04 -0700
Hi,
In a "no-touch deployment" Windows Forms application (aka href app, zero
admin app, smartclient app... all those keywords seem to be used to designate
this style of deployment so I'm trying to help those who'll be searching for
a similar problem ;-), I am getting a SecurityException for a call that is
made from a CLR-managed worker thread.
I have been able to reproduce the problem in a small dummy app, and here are
the quick facts:
- I have a single EXE that is strong named
- I have modified my security policy to grant FullTrust to this strong
name's public key
- My app uses a Socket asynchronously (Begin/End methods)
- From my "ReceiveCompleted" completion routine (the one I pass to
Socket.BeginReceive), I seem to have a very limited permission set.
- I can send the repro application's source code via email upon request
- This app works fine when launched directly from the command-line (i.e. not
hosted in IEExec)
By "very limited permission set", I mean that I can't do reflection, disk
access or call Connect on another socket (those are the things I tried, other
things might be denied as well).
>From what I can see, the stack on which my ReceiveCompleted method is
running starts with "CompletionPortCallback", which is probably an IOCP
thread managed by the Socket CLR infrastructure (my guess).
Socket.Connect(), File.Create(), Reflection... all fail with a
SecurityException when called on this thread, even though my app has been
granted FullTrust (I can do anything I want from the main thread, no
SecurityExceptions at all).
My problem seems to be related to this other newsgroup thread:
I found out that I am able and allowed to Assert the required permission
from that thread, just before making the call to Socket.Connect (or any other
call requiring special permissions). When I Assert the permission, everything
runs smoothly.
So my questions are:
1. Is there a reason why the IOCP thread (the thread on which my
ReceiveCompleted async callback is called) doesn't have the same permissions
as the main thread in an application hosted by IEExec, or is this a bug?
2. Is there a way to make this thread "inherit" the permissions from the
main thread, e.g by means of an attribute or some method call?
3. Why am I allowed to Assert the required permission? From what I read, it
seems that in order for an Assert to succeed, I must have the permission I am
trying to Assert... I am pretty confused, and I feel like a clueless kid
playing with matches here... I don't want to put a security Assert in my code
without understanding the implications...
Thanks in advance!
Pascal Bourque
- Next message: Dominick Baier [DevelopMentor]: "Re: Asbolute ReturnUrl in asp.net 1.1"
- Previous message: mgutty: "Asbolute ReturnUrl in asp.net 1.1"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
