pinvoking 时的 .NET 4 方法安全异常
我有一些调用本机 win32 的代码。自从我升级到 .NET 4 后,代码开始抛出 MethodAccessException 并显示:
尝试通过安全透明方法“Tek.Audio.Midi.MidiDevice.GetDevices()”通过方法“Tek.Native.Windows.Multimedia.midiInGetNumDevs()”调用本机代码失败。方法必须是安全关键的或安全关键的才能调用本机代码。
发生的情况如下:
- 可执行程序集的
Program.Main
方法调用 library1 public staticTek.Audio.Midi.MidiDevice.GetDevices()
- Library1 的
GetDevices()
调用library2 的公共静态pinvokeTek.Native.Windows.Multimedia.midiInGetNumDevs()
(是的,不好的做法,无论如何)
涉及的类、方法和程序集上唯一与安全相关的属性是library1 上的AllowPartiallyTrustedCallers,我什至不知道为什么。
承认我对 .NET 的安全性相当无知,这让我感到羞愧。我应该怎么做才能防止这种异常?当我在这里时,有什么好的文章可以帮助我开始了解 .NET 安全性吗?
I've got some code which pinvokes native win32. Since I upgraded to .NET 4, the code started throwing a MethodAccessException saying:
Attempt by security transparent method 'Tek.Audio.Midi.MidiDevice.GetDevices()' to call native code through method 'Tek.Native.Windows.Multimedia.midiInGetNumDevs()' failed. Methods must be security critical or security safe-critical to call native code.
Here's what's going on:
- Executable assembly's
Program.Main
method calls library1 public staticTek.Audio.Midi.MidiDevice.GetDevices()
- Library1's
GetDevices()
calls library2's public static pinvokeTek.Native.Windows.Multimedia.midiInGetNumDevs()
(yeah, bad practice, whatever)
The only security-related attributes on classes, methods and assemblies involved are AllowPartiallyTrustedCallers on library1, and I don't even know why.
It shames me to admit that I'm quite ignorant about security in .NET. What should I do to prevent this exception? And while I'm here, any good articles to get me started on .NET security?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
你有选择。最简单的事情就是“选择退出”新的安全模型。或者(记住我不是 .Net 4 安全专家)编辑:选择.Net 4 安全模型之外的方法是不可靠的,应该避免
您可以标记您的方法:
因为您可以将其与为部分受信任的调用者设计的代码一起使用。
遗憾的是,我没有好的文章可以发送给您,我必须像您一样通过修复损坏的代码来解决这个问题。 :)
You have choices. The easiest thing to do would be to "opt-out" of the new security model.OR (bearing in mind I am no .Net 4 security expert)Edit: Opting out of the .Net 4 security model is unreliable and should be avoided
You could mark your method:
since you can use that with code designed for partially trusted callers.
Sadly I don't have a good article I can send you, I have had to figure this out like you have, by fixing my broken code. :)