SecurityException on AppDomain.CreateInstanceAndUnWrap

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

I am getting a SecurityException on calling
AppDomain.CurrentDomain.CreateInstanceAndUnwrap. The type referenced in the
call is in a referenced assembly. I cannot seem to get the SecurityException
to go away unless I use FullTrust. However, I don't see anywhere that this
is a documented security requirement.
 
Hi

Did the problem with all the Assembly?
You may try to call AppDomain.CurrentDomain.CreateInstanceAndUnwrap on
another assembly.(e.g. System.Windows.Forms) to see if the problem persists.

Best regards,

Peter Huang
Microsoft Online Partner Support

Get Secure! - www.microsoft.com/security
This posting is provided "AS IS" with no warranties, and confers no rights.
 
Hi Peter,

I tried the same procedure on a System.Xml.XmlDocument, and there were no
problems. Here is the full text of the exception message when trying to
create and instance from a referenced assembly which I wrote (which has a
strong name):

System.Security.SecurityException: Request failed.
at System.RuntimeType.CreateInstanceImpl(Boolean publicOnly)
at System.Activator.CreateInstance(Type type, Boolean nonPublic)
at System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder
binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
at System.Activator.CreateInstance(Type type, BindingFlags bindingAttr,
Binder binder, Object[] args, CultureInfo culture, Object[]
activationAttributes)
at System.Activator.CreateInstance(String assemblyName, String typeName,
Boolean ignoreCase, BindingFlags bindingAttr, Binder binder, Object[] args,
CultureInfo culture, Object[] activationAttributes, Evidence securityInfo,
StackCrawlMark& stackMark)
at System.Activator.CreateInstance(String assemblyName, String typeName,
Boolean ignoreCase, BindingFlags bindingAttr, Binder binder, Object[] args,
CultureInfo culture, Object[] activationAttributes, Evidence securityInfo)
at System.AppDomain.CreateInstance(String assemblyName, String typeName,
Boolean ignoreCase, BindingFlags bindingAttr, Binder binder, Object[] args,
CultureInfo culture, Object[] activationAttributes, Evidence
securityAttributes)
at System.AppDomain.CreateInstanceAndUnwrap(String assemblyName, String
typeName, Boolean ignoreCase, BindingFlags bindingAttr, Binder binder,
Object[] args, CultureInfo culture, Object[] activationAttributes, Evidence
securityAttributes)
at Dummy2.Class1.Main(String[] args) in
c:\\development\\resourceidmgrs\\dummy2\\class1.cs:line 36
 
Hi

By default the assembly in the GAC is fulltrusted.
From the test, it seems that your application needs the assembly to
fulltrusted.
Since in the CAS checking, it will walk all the stack to check the security
any one in the stack is failed, it will fail.
Here is something about stack walking.

http://blogs.msdn.com/davbr/archive/2005/10/06/478006.aspx
Code Access Security in the .NET Framework
http://www.devx.com/vb2themax/Article/19886/1954?pf=true
Security in .NET: Enforce Code Access Rights with the Common Language
Runtime
http://msdn.microsoft.com/msdnmag/issues/01/02/CAS/default.aspx

BTW: strongname is an evidence, it can make sure the assembly will get what
permisson.

Also if you still have any concern, can you please build a simple reproduce
sample and send me via removing the "online" from the email address?
e.g. a simple winform application will call the type in another dll with
AppDomain.CurrentDomain.CreateInstanceAndUnwrap



Best regards,

Peter Huang
Microsoft Online Partner Support

Get Secure! - www.microsoft.com/security
This posting is provided "AS IS" with no warranties, and confers no rights.
 
Thanks...that pointed me in the right direction. I neglected to recall that
strong-named assemblies have an implicit LinkDemand for FullTrust. Applying
the AllowPartiallyTrustedCallers attribute solved the issue.
 
Back
Top