Re: Sandboxing AppDomain

From: Nicole Calinoiu (calinoiu)
Date: 08/22/05 

Date: Mon, 22 Aug 2005 11:26:29 -0400

"kris" <krsgoss@gmail.com> wrote in message
news:1124563307.946760.32560@g43g2000cwa.googlegroups.com...
> Hi Nicole, here is a more comprehensive code sample:
<snip>

Thanks, that really helped me with figuring out what you were doing.

> If within CreateAppDomain, I substitute my created PermissionSet for a
> NamedPermissionSet with the "Internet" name specified, the code works
> (sort of.) As I was writing this I just realized that even under the
> NamedPermissionSet, the code is able to instantiate the SaveFileDialog,
> which should be prohibited under the Internet level of trust. :-(

That's because creating a permission set from a name doesn't actually
populate the new permission set with the policy-set permissions for the
named permission set. Instead, something like "new NamedPermissionSet("any
name")" generates an _unrestricted_ permission set (same as FullTrust).

> Any help on sorting this out is really appreciated!

Your underlying problem is that the target assembly doesn't have sufficient
permissions to deal with the remoting plumbing. You might want to re-read
the parts of Shawn's blog postings that deal with the use of
MarshalByRefObject. Here are some pointers:

1. The MarshalByRefObject subtype that will be the remoting invocation
target should be in a fully trusted assembly that you will create (not the
in the plug-in implementation assembly).

2. You should call the plug-in implementation from a copy of the assembly
described in #1 that has been loaded into the restricted app domain.

3. The policy for the restricted app domain should restrict the permissions
of all assemblies other than the "conductor" assembly described in #1.

4. Since the plug-in implementations will not be remoting targets (at least
with respect to the permissions restriction mechanism), there's no need for
them to subclass MarshalByRefObject.

Does that make a bit more sense?

Relevant Pages

  • CAS trust policy file conflict between appdomains
    ... I'm having this problem with SharePoint Portal Server 2003... ... is when I make my changes, assemblies in another web application that's a ... it inherit the parent's security policy. ... create a custom permission set with a WebPermission & specifying the URL ...
    (microsoft.public.dotnet.security)
  • Re: Locking down CAS policy
    ... you shouldn't mock with the existing code groups - they grant the "ASP.Net" permission set to code running in you app dir and the temp assembly directory. ... I've used the Evaluate Assembly utility to check the assemblies in the ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: Failed to Load WSE 2.0 Add-in into VS.NET (CAS-problem)
    ... What I did not specify is that I naturally DID attempt with granting ... Full_Thrust to the assemblies (see below for a cut-paste from this ... Assemblies matching the membership condition are granted this permission set ... > is not marked with AllowPartiallyTrustedCallersAttribute). ...
    (microsoft.public.dotnet.security)
  • Signed Controls in IE with FullTrust only?
    ... I am trying to host win forms controls in IE. ... working as long as I associate the FullTrust Permission Set with the ... In Chris Sells writes that the Execution Permission Set should be ... Does this only apply to .exe assemblies and not to controls that ...
    (microsoft.public.dotnet.security)
  • Re: Assigning a Permission Set to an Assembly
    ... However, by default, al.exe only looks for HKLM keystore keys. ... > your assemblies in the GAC in order for the strong name membership condition ... >> corrupt the configuration database. ... >>> Is there a way to assign a permission set to a particular assembly? ...
    (microsoft.public.dotnet.security)